I passed the CISSP exam in April 2021! Such a difficult exam! The exam is nothing like the practice tests you can find available for free or for purchase. Throughout the exam, I felt unprepared; halfway through the exam I felt like I was failing, that I should take mind-notes for my next attempt. To my surprised, I passed at 100 questions at around 110 minutes into the exam. This is how I did it…
I started preparing myself a few months ago. I started with CISSP Certification Training by Thor Pedersen course on Udemy. Thor goes delivers the content for all 8 domains in an easy to digest manner. You could easily watch the whole CISSP series twice to better absorb the concepts. At this point, I didn’t have a set date on when I wanted to take the test. Another video set I watch a few years ago was Kelly Handerhan on Cybrary.it. The videos are highly recommended on r/cissp.
After two months passed from watching the videos, I decided I should start officially studying for the CISSP certification and dedicate time to it. I purchased the book “Eleventh Hour CISSP: Study Guide”. This is a terrific book with great content. However, it is not updated with the latest changes, and a few topics found on the test were not covered by the book. Regardless of this, it is a great resource to read on your last month before taking the test. I think I would have benefited from reading the official CISSP book or another book that covers all topics in more details. The Eleventh Hour is not for people new to security. You better have a basic to fair understanding of computer architecture, software development, networking, encryption, and security.
After reading this book twice, I went ahead and scheduled the exam a month out. Nothing puts that sense of urgency like seeing that charge for $699 on your credit card. I must pass this test!
I purchased Boson’s CISSP preparation practice test. It was a great resource to test myself on the concepts covered by the exam. After each question, I would review the answer and explanation. If there was a concept I didn’t understand or required that I researched further, I would create a flashcard from the explanation or from researching myself online. The practice questions are NOT like the questions I experienced throughout the exam. Boson’s CISSP practice questions were very technical and simple.
During the CISSP test, you should have a Risk Advisor / Security Manager mentality. I recommend the following videos to how to mentally prepare for the CISSP exam:
- Why you will pass the CISSP by Kelly Handerhan talks about what is your role and how you should approach the problems in the exam. You are not a Doer but a manager and risk advisor.
- SANS Webcast – CISSP Cram Session by Eric Conrad explains some concepts covered in the test but most importantly how the test works.
The resource I found the most valuable the 3 days before leading to the exam was Destination Certification. These videos help me glue all the pieces together and point out concepts I needed to do more studying on. I watched the videos 2 days before testing and on my way to testing. Destination Certification goes over the most critical concepts you need to know for the CISSP exam. By far, this was the best resource I used to help me cement the concepts and link them together.
Lastly, writing index cards with the concepts I was not familiar or weak helped me a lot. By the time I went to take the CISSP exam, I have already memorized the information on the index cards. There is something about writing something down and being able to memorize it that works great for studying. You don’t need to read the index cards over and over; you just need to write it down to memorize it.
But I thought you said you felt unprepared for the test? That is right. Aside for the resources I mentioned above, I was able to pass the test with 100 questions because: personal work experience and critical thinking. The exam presented me with several questions that I could answer based on previous work experience. The critical thinking came by analyzing the wording of the question and the wording of the answers: What is the situation? What step of the X framework/plan am I on? What is the next logical step? What does the question want as an answer? What protects human life or my organization? There were some questions I had no idea how to answer and asking myself these questions probably helped me answer them correctly.
I am thrilled to have reached this step in my professional career. Next, I might go for offensive security or cloud security. Let’s see…
If you are reading this far, you might be interested in taking the CISSP exam. If you have any questions, you can comment below, and I try my best to help you.
I will NOT break the NDA or any code of ethics. Do not ask me for specifics.