I passed the CISSP exam in April 2021! Such a difficult exam! The exam is nothing like the practice tests you can find available for free or for purchase. Throughout the exam, I felt unprepared; halfway through the exam I felt like I was failing, that I should take mind-notes for my next attempt. To my surprised, I passed at 100 questions at around 110 minutes into the exam. This is how I did it…
I started preparing myself a few months ago. I started with CISSP Certification Training by Thor Pedersen course on Udemy. Thor goes delivers the content for all 8 domains in an easy to digest manner. You could easily watch the whole CISSP series twice to better absorb the concepts. At this point, I didn’t have a set date on when I wanted to take the test. Another video set I watch a few years ago was Kelly Handerhan on Cybrary.it. The videos are highly recommended on r/cissp.
After two months passed from watching the videos, I decided I should start officially studying for the CISSP certification and dedicate time to it. I purchased the book “Eleventh Hour CISSP: Study Guide”. This is a terrific book with great content. However, it is not updated with the latest changes, and a few topics found on the test were not covered by the book. Regardless of this, it is a great resource to read on your last month before taking the test. I think I would have benefited from reading the official CISSP book or another book that covers all topics in more details. The Eleventh Hour is not for people new to security. You better have a basic to fair understanding of computer architecture, software development, networking, encryption, and security.
After reading this book twice, I went ahead and scheduled the exam a month out. Nothing puts that sense of urgency like seeing that charge for $699 on your credit card. I must pass this test!
I purchased Boson’s CISSP preparation practice test. It was a great resource to test myself on the concepts covered by the exam. After each question, I would review the answer and explanation. If there was a concept I didn’t understand or required that I researched further, I would create a flashcard from the explanation or from researching myself online. The practice questions are NOT like the questions I experienced throughout the exam. Boson’s CISSP practice questions were very technical and simple.
During the CISSP test, you should have a Risk Advisor / Security Manager mentality. I recommend the following videos to how to mentally prepare for the CISSP exam:
- Why you will pass the CISSP by Kelly Handerhan talks about what is your role and how you should approach the problems in the exam. You are not a Doer but a manager and risk advisor.
- SANS Webcast – CISSP Cram Session by Eric Conrad explains some concepts covered in the test but most importantly how the test works.
The resource I found the most valuable the 3 days before leading to the exam was Destination Certification. These videos help me glue all the pieces together and point out concepts I needed to do more studying on. I watched the videos 2 days before testing and on my way to testing. Destination Certification goes over the most critical concepts you need to know for the CISSP exam. By far, this was the best resource I used to help me cement the concepts and link them together.
Lastly, writing index cards with the concepts I was not familiar or weak helped me a lot. By the time I went to take the CISSP exam, I have already memorized the information on the index cards. There is something about writing something down and being able to memorize it that works great for studying. You don’t need to read the index cards over and over; you just need to write it down to memorize it.
But I thought you said you felt unprepared for the test? That is right. Aside for the resources I mentioned above, I was able to pass the test with 100 questions because: personal work experience and critical thinking. The exam presented me with several questions that I could answer based on previous work experience. The critical thinking came by analyzing the wording of the question and the wording of the answers: What is the situation? What step of the X framework/plan am I on? What is the next logical step? What does the question want as an answer? What protects human life or my organization? There were some questions I had no idea how to answer and asking myself these questions probably helped me answer them correctly.
I am thrilled to have reached this step in my professional career. Next, I might go for offensive security or cloud security. Let’s see…
If you are reading this far, you might be interested in taking the CISSP exam. If you have any questions, you can comment below, and I try my best to help you.
I will NOT break the NDA or any code of ethics. Do not ask me for specifics.
Great experience..i wud like to ask a question about the profession. I am from canada here one local univeristy is offering a certificate of cyber security and CISSP is one of the courses of certificate program. They claim a person doesnt have IT or technical background can definitely jump into profession after doing this certificate. The program is totally online and synchronous. I am from finance background i am switching over to cyber security. Do you think as a newbie in this profession i can get through this. I am in my later 30s..your advice would definitely help me out. Thank you
Certifications will not land you a job. Your experience, education, and personality will. I would not go for the CISSP to break into the cybersecurity field, CISSP is a mid-advance certification. I would recommend entry level certifications, such as Security+, CySA+, CCNA, to land you a entry level job if you are new to cybersecurity. Also, start working on a home lab to practice the technical aspects of cybersecurity. Homelab CAN count as experience and shows commitment to the profession. This is a good way to set you apart from the rest. I have seen carpenters switch to Cyber and make it a career. Don’t get discourage!
This link should give you an idea on how certs stackup against each other.
https://pauljerimy.com/security-certification-roadmap/
Hi ,
It’s great hear that you got passed the CISSP exam congrats on that first !,I would like to get more notes or study material and links for the course .
Thank you for sharing ….. Have a Great Day !
Thanks. You could get plenty of resource materials at http://www.reddit.com/r/cissp
It is a great community and have plenty of resources to help you pass the exam. Good luck!
Congrats on passing the exam!
I am in a tricky situation, I am short on time and don’t know what’s the best way to study for exam, and where to pickup and continue my study from previous attempt of studying for exam that happened in 2019.
a bit of background on my self, I have a decent professional experience in cyber security, about 8 years, with skills in both as technical such as implementing vendors products and designing security solutions such as analysing problems and requirement and proposing solutions. Meaning I have good understanding of most domains in CISSP, so terminologies and concepts are not strange, except frameworks in security engineering and software development security.
In 2019, I have read Eric Conrad CISSP study guide 3rd edition once, also most of Sybex official practice tests. Something happened in life and didn’t attempt the exam.
I started doing Boson exams and found my knowledge in my brain is vague, so I am frustrated right now.
Where do you suggest I should start ? should I re-read Eric’s book albite its outdated ? should I watch Destination Cert on youtube ? should I do Boson and really read answers? I am lost…
I can only allocate max 2 months with 1 hour study on work days, is that enough ?
Any guidance much appreciated.
If you read the books, do practice tests, and make flashcards during those 2 months, you should be able to pass. I would read the official study guide, and use the 11th hour for last minute studying. Watch the Youtube videos I linked to in my post. They were insightful and very educational.
Hey Ian! It’s Aja (from DOT). Hope you and family are well. I’m tackling this beast as well in a couple of months and I’m trying my hardest to get through the Sybex book but it’s putting me to sleep. Do you think its possible to achieve this cert just using the huge book as a reference guide? I’m using Cybrary, Destination Cert, 11th hour, Sari Greene videos, and practice tests.
Thanks!
Hi Aja. To answer your question: it really depends on you and how comfortable you feel with the topics covered. I did my study with the materials listed in the post. I think reading the official study guide and the materials you are using; you will be fine. Keep in mind, the practice tests might be VERY different to the questions you will encounter in the exam. I was able to pass due to my studying and work experience. There were several moments during the test where I thought to myself “I have seen/done this before!”. Good luck on your test! Feel free to call me if you want to discuss further.