PASSING THE CISSP IN EIGHT MONTHS – MY EXPERIENCE
Repost from https://community.isc2.org/t5/CISSP-Study-Group/Passing-the-CISSP-My-Experience-Oct-2021/m-p/48366#M...
With the grace of God and a lot of support from close family and friends, I finally passed the CISSP examination and got certified this year. Like for many of you are still studying for it, this experience was time-consuming, difficult, and humbling. Also like many of you who have passed the test and gotten the credential, it was also gratifying and self-affirming. Needless to say, I am very grateful to make it through.
The following is a rundown of what worked for me, which may hopefully inform those of you studying for this very difficult challenge. Before I say anything else, please reassure yourself – passing this test *absolutely can* be done, and *YOU CAN PASS* too! You just need determination, discipline, an organized plan, and the confidence – believe in yourself!
Professional Certifications Background
Related Work Experience
Motivation for attaining CISSP
Materials That I Used (most found here - https://www.isc2.org/Training/Self-Study-Resources)
(both short and long version)
Study Protocol (the short story)
Study Journey (the long story)
The first thing I did was read through the CISSP for Dummies book, which was easy to read and had some practice questions too. I didn’t consider it to be very hard, but I also didn’t think it alone would be enough to pass the test. Nevertheless, it’s something I didn’t regret, because the introduction to getting in the habit of reading, getting a routine going, and slowly familiarizing myself with the material was helpful to do. Having additional questions to practice with certainly didn’t hurt either!
The next step was to dig right in to the Official Study Guide. Very dense reading that wasn’t the most enjoyable thing I’ve ever read, but the book was very comprehensive. In my first runthrough, I probably would spend a week getting through about two chapters at most. Some chapters (eg, encryption / certificates) were tough because I didn’t have much of a professional background in them, so they took a whole week. In other cases (eg, management-related, ethics, BCP), I had more professional experience with those topics, so I went through them much faster. By the end, I had read through everything and gone through all of the end-of-chapter questions several times. At that point, I was beginning to forget some of the things I had reviewed early on, so it took about two more review weeks to reinforce some of the earlier chapters before moving on.
The next step for me was to take as many practice tests as I could. There are a few available through the Dummies book, a few through the Sybex portal that you get through the Official Study Guide, and the ones you can buy separately through the book and the app. I had to be careful about the app purchases in particular because they are subscription based – if you know how much time you have ahead of time, you can buy the subscription for just the time period needed to save some money (for me, that was about 5 months by the time I got around to the app, so I got the 6 month plan for US$35). Every week, I did at least two practice tests and then reviewed the topic areas that I got the worst scores on. For questions that I had trouble with, I made sure to “flag” them to revisit. Once I was through all of the practice tests available, I went back over the chapters of the Study Guide in which I scored the worst (predictably, encryption was probably the hardest) or had the most flags. I kept doing this until about a month before.
The final month was also, as you can imagine, the most hectic one. Most of my time here was spent on review – of flashcards mostly, and practice questions from the app by topic areas. I went through all of my flashcards and the practice questions. Then I took a few more of the practice tests as I had time to. By the last week of the test, I still wasn’t where I needed to be – the online posts and stories all seemed to say that scoring in the 90s on practice tests was essential, but the best I could do was the mid to high 80s for most of mine. I kept going right until I hit the second to last day – taking a quiz or test, flagging hard questions, and following up review on areas where I got things wrong.
The two days before the test were definitely nerve-wracking, but I tried to tread as lightly as possible. It just wasn’t productive to ruminate or regret too much, and it wasn’t going to help by cramming either. So I just did a lot of light reviewing – key tables from the Official Study Guide, flashcards, and self made summary notes, followed by rounds of targeted questions on the app.
Test Day – Getting There
The date I got was on a weekday (Wednesday), so I made sure that I took the two days before that off from work – that way, I also got a weekend off to finish my studying too. My test was mid-morning, so I made sure that the night before, I got plenty of rest. I had gone to bed by 9.00pm the night before and woke up at around 7.00am, giving me 9-10 hours of sleep and a very refreshed feeling. I had planned my route to the test center (about 40 minutes away from home by car) the previous weekend, so I was able to easily deal with traffic and other potential problems by starting 90 minutes in advance and getting to the testing center about 45 minutes ahead of time. I spent 15 minutes in the car relaxing and running through some of the hardest things I had trouble on that I had written down on a few flashcards. Then I entered the Pearson VUE test center. They verified my two forms of ID first, then checked me in. I was asked to take a picture, then take a hand / vein scan, and then put all my things in a locker (phone, wallet, etc). I was glad I wore a fleece under my jacket, as they asked me to take that off too. (The temperature was comfortable, but not warm.) Your ID is the way you identify yourself, so that’s all they let me take into the testing room. Then I went down the hallway to the door to the testing room. A second person then inspected my glasses. Then she made me pat myself down to prove that nothing contraband or not allowed was in my pockets. She also took another vein scan to verify my identity. Once she was okay with me, I was given a laminated page / tissue / dry erase marker, escorted to a computer, and sat down to the test. A few clicks later (disclaimers, information, etc), I was testing!
Test Day – The Test Itself
The questions were an even mix of things I had studied throughout the Official Study Guide, with many questions being easier and many being harder than what I had initially expected. There were questions that I could answer that seemed to come right from my experiences at work, in which the fact pattern would be about hypothetical scenarios that seemed very realistic. There were also questions that were very technical – when the Official Study Guide mentions “memorization charts” or literally says “this is a common test topic”, they aren’t kidding, so memorize those! All that drilling with practice tests and practice questions really seemed helpful, as I can’t say anything was all that surprising even if hard. And difficult many of the questions were! Most were not as technical or in the weeds as I had expected, but many really forced you to think through the situation and whittle down your answer logically. Strangely, I was going through rather quickly at about a question a minute for most of them, with a few taking a little longer. At least 15 or 20 questions, though, were really hard stumpers where I either took a good 3 or even 4 minutes (if I thought I remembered even a little) or I just guessed and moved on. Then I got past question 100; online, I had read somewhere that because it was computer-adaptive, sometimes the test ends at 100 questions or 150 questions or somewhere in between – so as I got closer and closer to 150, I was getting nervous. By the time I had reached about 2 hours and 10 minutes, I was at #149, and just about done. “Maybe I hadn’t given enough time to the questions, given that I had 3 whole hours? There’s just no way I could have passed that! Oh well, too late now”, I thought. Finally, I answered #150 and moved on to the final screens. I then finished, raised my hand, and was escorted out. After doing another hand scan and giving back my laminated paper / dry erase pen to the person at that second door, I walked to the main reception desk, where the result was waiting upside down. The Pearson person who had checked me in gave me the paper as I got to the desk. Fully expecting to not pass, I overturned the paper and had one of the biggest surprises in recent memory – “Congratulations!” being the operative first word on the page. Truly one of the most awesome things you can feel as an infosec professional.
**Reactions / Test Post Mortem**
Things That Helped / I Liked
Things I Should Have Done Differently
Is a Live Class / Online Class Worth It?
These are options that are very expensive compared to just a few books / apps / test banks. However, some of my friends and colleagues who passed the exam swear by them. My thought was that I needed a flexible option that I could do at my own pace, and most of these classes or bootcamps are live classes (not to mention some cost US$3,000-$4,000 for a week of training). I also tend to study better on my own with no distractions or pressure to get through things just because of something like a class schedule. For some, such instruction may be more effective, and may have saved me some time had I tried them. A happy medium may be the ISC2 Self Study class (US$850), which is more self paced and fully online. However, in my opinion, my own experience shows that these live classes aren’t absolutely necessary – if you have a plan and are willing to put in the time / effort, you can do this on your own (and for a lot less money).
The main theme that I hope to impart here is preparation. This was one of the hardest tests I’ve ever taken. The questions were in my opinion more or less fair, but they certainly challenged you to really know and apply the information from the study materials. Understand the scope of the testing materials. Plan out a start and end goal. Make sure you give yourself enough time to study the material, quiz yourself on it constantly, and reinforce areas that you may be weaker in. Use flashcards to fill downtime or offtime that is otherwise not productive. Do practice questions after every section and any opportunity. Take as many practice tests as possible. And keep your mind and spirit positive, healthy, and focused.
Hopefully all that was helpful for you. I wish you all the best in your study journey to passing the CISSP and attaining certification. Never give up and you will make it - GOOD LUCK!
I can't speak for the CISSP exam as it is how as I passed the "old" one, and that after a long time in the security business and even longer in IT (the only reason I'm not a fossil is I survived the cretaceous extinction). That said, I bet one thing still holds true - come the exam, you're not being asked for the "right" answer (of which there may be several), but the "best" one. Remember that we are here to help our employers/principals to do their business safely, sustainably and efficiently. Meet that need. (ISC)2 doesn't expect us to trash a good idea because it isn't perfect: a security practice that's adequate and followed is way better than one that's (almost) perfect but regularly circumvented.
I have no clue whether I passed my exam with flying colours, or just scraped through, by the way. That, I think, is a good thing.
Thanks a lot for this detailed summary of your prep.
First of all, Congratulations on passing your CISSP exam.
Then I really appreciate the detail explanation you shared with us of your thought process and study materials you used to prepare for the CISSP exam. Great advice!! Thank you!!
I wish you all the best in your professional life as a CISSP!!