I’ve been working for (ISC)2 for almost 5 years and over the years I’ve met many CISSPs at (ISC)2 and industry events. In our conversations I'll often ask them about their experience taking and passing the CISSP exam, as it’s a huge accomplishment and everyone I’ve heard from remembers the day they found out that they passed.
One story that has stuck with me is about a member who was taking the exam back when it was paper-based testing and about half way through his exam he realized that two pages were stuck to one another, so all of his answers from then on were off. He luckily was able to erase and adjust all of his answers in time and he later found out that he passed. Talk about a nerve-wrecking experience!
I’d love to hear your story…
You ever use that name again without my permission and we are going to have problems.
My sincere apologies for inadvertently offending you, I thought it to be a courtesy to use your given name. In fact, I do fully understand a preferred name usage, since I have used only my middle name my entire life. That is why I edited my own profile to show first initial and middle name in my the FirstName field.
I hope your day gets better.
I posted this on another forum.
TL;DR - I'm honored to be a CISSP!
Wanted to share my experience the day I took my CISSP (took this a few years ago). (No information about the exam will be given, unless publically available from official (ISC)2 resources and websites)(I sound like a poorly worded warning banner)
* Just wanted to add, I had about a good 15+ years in IT with varying rolls as technician, Sysad/SysEng/NetAd/NetEng/SysArchitect before I took this exam. Which helped me with the technical side.
My exam started at 12:00pm. I remember the day because before I left, my son took his first steps and for some reason, I felt good. I got up, went to my church early that morning, did my rosary like I did every morning. Came back home, went over some last minute notes. Tried to force down a good breakfast (my wife went all out making overeasy eggs, scrambled eggs, omlette's, sausage links, bacon, pancakes)(it was only me, my wife, and my infant son at the time, and the majority of it was for me. Love my wife) , because everyone knows from cert taking experience, or those that write certification books on how to prepare for a cert that you should, get a good nights sleep (yeah, I didn't sleep), and eat a healthy breakfast (I was too nervous and didn't eat much).
So, I take off about 45min before the exam to get the the testing site. Get there with about 20 mintues to spare (you can imagine how I drove there). Signed in, took out my DL, SS card, Passport, I think I even brought my birth certificate. The guy laughed. They provided me with a locker to put my watch, cell phones, wallet, pretty much anything in any pocket and everything pretty much except what I was wearing for clothing. (It wasn't optional)
Takes me to the this sound proof room with microphones everywhere from the ceiling and camera's to match. Sits me in a cubicle with adjoined cubicles all with partitions too high for any giraffe to look over.
So I log in, state information that's requested, do the intro, and start the test. Yep, sure enough, I read through half of the FIRST question, and my stomach turns into the hugest knot I've ever had in my life. I literally was shaking, for 20 minutes and fighting my stomach which felt like I got kicked by an elephant. It took all of me to calm down, and racked through the first 100 questions or so. I don't recall how much time passed, but I took a good 30 minute break.
Looked out the window in the designated break area and just prayed. I wanted it over with, but knew I had what felt like 1000 questions to go.
I take a swig of water out of the bottle I had with me earlier, and went back in. Felt a little better, a little more calm. I went through and did another 100 questions and took another break. So that was a good 30 min break I took.
While I was there, on break, I was talking to a guy who said his daughter was taking an EMT exam, so I knew that there were mixed exam types being proctored at this site. Took my last sip of water, looked up and asked God to let me finish this.
Went back in and finshed the remaining questions. Took a good 5hrs and 30min in total (with breaks) to complete and review my questions, I changed maybe 3 answers. Finshed the exam. Got up and said to myself, "I failed". I just wanted to get my results and leave. I went up to the proctor who gave my results to me upside down. He didn't even look at it. Just handed it to me. I took a deep breath, turned it over, looked at it and it said congradulations....didn't remember reading anything else, except to look for my name to make sure it was my results. I just started crying. But it was the best feeling I've felt in a long time. I think I hugged the guy. He asked, what exam I took, and I said, the CISSP. He said, yeah, I see people come in here crying after seeing the results of that cert and leave crying out of the room (indication that they may have failed it). I thanked God that I passed this. It was the hardest thing I ever prepared for in my life. I didn't care for college as much as I did this cert.
It was long journey. I studied very VERY casually for like 3 years, but when I got serious to take this exam, I took 8 weeks total with a bootcamp (helped gap maybe 5-10% of my knowledge). During that time, I snuck in a lot of time at work to study, so I was always buried in the Shon Harris "Gold Brick" AIO making excuses I was looking up Information when people asked me what I was doing. I had 2 of them plus 2 other study guides, so I had a copy at home and at work (You know who you are and know how big Shon Harris AIO books are. Read that beast 2X cover to cover). I would get home everyday, my wife would cook dinner, then tell me to go in my office and study. That whole time, she took care of my son with everything, feeding, bathing, spending time. I missed a few parties, and some other things, but I stayed to it. I would say I studied on average 6-8 hours every day those 7 weeks and more on the weekends.
But yeah, that's my story! I'll never forget my experience and I will never take this exam again!
Passed this morning - 09252020
First of all I will say that I went into the exam with very little confidence that I would pass. I've been studying since about the beginning of March. I have been out of work since then as well so had time to study. I did not, however, study 6-8 hours a day 7 days a week. Usually 5 days a week and 2 to 4 hours per day. I like a variety in my day. Nevertheless, that is a substantial amount of study time but I just felt the body of knowledge is so vast there was no way I could get a firm grasp on it all. Frankly, I really just wanted to get it over with. (sad trombone)
And yet, one thing was kept in the front of my mind. That was the advice given here (not this thread but this community) by Robert Slade (https://community.isc2.org/t5/user/viewprofilepage/user-id/1324864413).
I read very carefully all the questions he posted, the responses and the logic behind the correct response. And that is the attitude I carried into the exam with me - this exam was about critical thinking, logic and deductive reasoning. It's one thing to think like a manager, it's quite another to elevate your thinking to resolving problems critically.
Sure, I studied the material, I spent time learning (not necessarily memorizing) technical details that I thought would assist me in choosing the best, most, least applicable answer from the choices given to me in each question. I did not venture beyond the choices on the screen. Nor did I take the position of "Well, if it were me...etc". Nope. I tried to stay as unemotional, coldly factual and calculating as I could.
I don't have a long CV in a specific cybersec role. I've been more of a generalist. I actually learn better hands-on, on-the-job, rather than academically. I'm a strong autodidact. I don't have a post secondary degree of any kind.
But I've been in mid to high level management positions and I have studied critical thinking.
So, how did I do?
I barely answered 100 questions in just under 2 hours when the screen told me I was finished. Frankly, I thought I failed. I thought the CAT just rolled it's virtual eyes and said, "OK buddy, you're done. Just stop wasting my time." I was somewhat stunned when I later read the results letter. But I've also been told that this is not uncommon. Most people, who do well on the exam, don't feel they are doing well during and immediately after the exam.
One month online, self-paced course, based very closely on the ISC2/Sybex Official Study Guide - I made very detailed notes of this course. Writing/recording things helps me remember. I then broke them out into domains and studied them in those groupings (the Sybex guide isn't specific which chapters belong to which domain)
Wiley Test banks - I ran through them once. On practice tests - I only used them to identify weak spots and affirm what I thought was important. There are no practice tests that can prepare you for this exam. So I just viewed them as another source of study material.
Some flashcards (I actually don't like working with them, so although the access to them was free, I hardly used them)
11th Hour CISSP. I played one book off the other to help reinforce key concepts
NIST 800-100 Information Security Management: A Handbook for Managers (skimmed)
NIST.SP. 800-53r4 (skimmed)
FISMA compliance Handbook 2nd Edition (skimmed)
Some random web pages, blogs or articles I would come across.
I skimmed over various regs and frameworks that interested me
And - most importantly Robert Slade's advice. Seriously.
As I write this I just received confirmation from ISC2 that this mornings conditional pass is no longer conditional. So it's official. Phew! Two more steps and I can pin it next to my name!
Again, I highly recommend getting out of your technical/technician/analyst mindset.
Good luck to all exam takers! AND THANK YOU ROBERT!
Passed my exam on 16/9/2020. Had previously sat the exam and passed in 2005 just to validate if I am up to the mark.
And went on to submit online for CISSP endorsement. Received the following reply from ISC2:
"...If you wish to hold the CISSP certification again, you must satisfy your outstanding AMF’s in order to bring yourself into good standing with (ISC)2. You held our certification for 3 years and did not pay for it. (6/1/2005-5/31/2008) You must also pay the AMF that is due prior to recertification which will cover (10/1/2020-9/30/2021) if you should decide to recertify. This is not a choice. It is what you need to do in order to hold the CISSP certification again. There is no appeal process. Please contact us at your earliest convenience with your payment so that we may proceed with your recertification. ..." - how sweet...LOL
Upon further enquiry on the certification in 2005, below was the reply:
"Thank you for your email. You passed the CISSP exam on 5/5/2005 and became certified the same day. " - really? Wow...
Quite right. And here is the opening of that thread and what stuck with me all the way through my training and studying:
For (and from) all the newbies out there who want help for studying, there have been numerous questions about, well, questions. As in, "what's the best set of practice questions to use while studying for the exam?"
The answer is, none of them."
Take these words to heart everyone studying for the CISSP. This ain't no memorization check/test. It's a test of how you think.