Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ISC2 Team

Share Your Story: When You Passed Your CISSP Exam

I’ve been working for (ISC)2 for almost 5 years and over the years I’ve met many CISSPs at (ISC)2 and industry events. In our conversations I'll often ask them about their experience taking and passing the CISSP exam, as it’s a huge accomplishment and everyone I’ve heard from remembers the day they found out that they passed.


One story that has stuck with me is about a member who was taking the exam back when it was paper-based testing and about half way through his exam he realized that two pages were stuck to one another, so all of his answers from then on were off. He luckily was able to erase and adjust all of his answers in time and he later found out that he passed. Talk about a nerve-wrecking experience!


I’d love to hear your story…

88 Replies
Contributor II

I took it just after the consolidation from 10 to 8 domains in 2015. I'd reached that point in my career where folks were asking me why I didn't have one, so I decided to go sit for it to stop them from asking. It look about 1hr45 minutes with a water and bio break. Unfortunately, you only find out your score if you failed, so I don't know how well I actually did, but I did well enough to pass and that's the important bit with the exam.


I did have the benefit of employer-paid-for test prep via SANS, which I thought was excellent, and helped organize the info in my head rather well. I used their GISP prep exams and the GISP as essentially preps for the CISSP itself. The training is expensive, but I think its worth it if you can get it.


I did the CSSLP on my own in 2016 without any prep and passed that on my first go out as well. (I like that material more than CISSP generally, as it is more directly relevant to my life)

-- wdf//CISSP, CSSLP
Newcomer I

Back in 2012 I did one month of self study before I got out of the Air Force.  Passing my first time really helped me get the first job after Air Force retirement.

Viewer III

I passed mine a few days ago. I was pretty stressed out and didn't think I was going to pass. I was surprised that it doesn't tell you on the screen if it's pass or fail. I had to summon the proctor, wait for him to log me out, take the survey, and scan my hand 2 more times. Then it was shift change in the lobby and had to wait another 5 grueling minutes for someone to hand me the printout.

Overall it's an intimidating experience.
Newcomer II

Passing the CISSP exam is always a great experience that sticks to one's mind, for sure! Nothing particular in my case, but one of the best days in my (professional) life!

Newcomer III

I had done a massive amount of planning regarding studying for my CISSP.  After I signed-up for the seminar and exam, I immediately ordered the Shon Harris books and study guide.  I decided I had enough time to spend a week per CBK Area before going into the seminar.  After a couple weeks of taking copious notes and researching the areas I didn't feel comfortable, my father died.  Everything kinda fell apart after that.  I had to fly out of state to make arrangements, plus I had my regular work duties.  I took my study materials with me, but spent maybe a few hours during the three weeks I lived out of a casino hotel room.  Those hours were wasted.  I couldn't keep anything in my head, so I just gave it up and figured I'd just roll with the punches.  All told, I spent two solid weeks studying before the seminar and exam.


Now, my recommendations are as follows:

  • With pencil in hand, quickly read through the chapters and take notes.  If you're taking more than a page of notes per chapter, that's too much.
    • Eliminate notes that are detail.  The certification is broad knowledge.
    • If you can't get down to a page, finish the rest and come back to it.
    • If that fails, read-up on the Area and come back to it.
  • Remember, "An inch deep and a mile wide".
  • Take the seminar.
    • You're paying for it, so get value out of it.  Ask questions to clarify concepts.
    • Other people are paying for it, too, so be mindful of their investment.
    • If you have to ask what a SDLC program or federated authentication systems are, you aren't ready.
  • If you don't have good industry experience, the CISSP won't prepare you for a security job.
  • Schedule your exam to immediately follow the seminar. Don't worry.  If you really don't feel prepared, you can reschedule it, but squeezing in on the Saturday exam is really difficult.
  • Keep a small stack of the flash cards with you at all times.  You'd be surprised about how many times a day you have the opportunity to use them.
  • Use both sides of the flash cards.  Really.
  • If you drink, make sure you Google Map the nearest decent bar to your testing center.  Pass or fail, you're going to want one.
  • Nobody I know thought they passed the test until they got their results.  It's that bad.
  • If you don't pass, it's not the end of the world.  The cert wouldn't mean anything if everyone passed the first or even second time.
You only say it's impossible because nobody's done it and lived.
Newcomer III

The exam itself was brutal.  I took it before the CAT.  I was done in 45 minutes and panicked.  I took another 45 minutes to go over all my answers and ended-up changing one, only because I obviously misread the question.  When I turned it in, I sat with my head between my knees, just waiting for a sad head shake, while waiting for the results.  When the examiner said, "Congratulations," I assumed he was messing with me.


If you can get down to 3 answers, you're probably doing okay.

Always keep in mind, it's the "most right", not just the first "well, that's right".

I had questions with three somewhat right answers.

I had questions where none of the answers was 100% right (or so I think).

Some questions aren't in the book.

You only say it's impossible because nobody's done it and lived.
Newcomer III

Got mine in 2016.


The strongest lingering memory from actually taking the test was a sort of "road hypnosis" of multiple chocie "a...b..c... next" for hours. I had a plan to take breaks, drink water, eat some snacks, every X time or Y questions, and just fell into the rhythm of answering...and powered straight through the whole thing.


As others have said, I really didn't have a good sense of if I had passed or not. I knew I got most of it right, but the questions have enough uncertainty in the "best answer" area, to leave one in doubt.


I passed, so that was cool.




I tell other folks studying for it, to make sure you know specific definitions for terms, like the differences between Authorization and Authentication. Don't skip past things like that while studying thinking "Yeah, that's the 'auth' thing."  The other advice was to think like a Manager, not a technologist. You are solving a *business* problem, and the technologies are your tools. The tech isn't the answer, it's the means to a solution.

Influencer II

I actually took the exam way late.  I probably could have been grandfathered in. I was doing malware research when I noticed that, in security related communities (this was early days, in terms of the Internet, so there weren't many), there were these messages asking for questions for a new exam this group was building to try and find out whether people who claimed to be security experts actually knew what they were talking about.


I thought about sending in some of my material.  But the thing was, most security people, at that time, didn't think computer viruses had anything to do with security.  (I had already been turned away from presenting at a security conference because "computer viruses only infected micros."  I gave the person a half-dozen examples of viral programs spreading on mainframes and minis, and there was this long pause and finally, "Oh.  I didn't know that."  But they still didn't let me speak.)  So I didn't get in touch.


Over the years I was doing more and more security consulting, and I was starting to think I should take the exam and find out if I knew what I was talking about, in terms of security.  I had only really researched in the malware field.  I was, however, reviewing all the security literature I could get my hands on (there wasn't an awful lot in those days) and posting the reviews online.


By the time I actually did go for the exam, I had reviewed around 300 books.  I also took the ISC2 seminar, which, in those days, was eight days long.  The seminar group all knew each other, since we were all members of the Vancouver Security Special Interest Group (SIG), which had been going for 18 years at the time.  (These days the ISC2 Vancouver Chapter meets with the Van SecSIG.)  We all had at least ten years worth of experience.  (After about the third day, my wife asked if I was learning anything.  I thought it over and replied that, no, I wasn't learning anything new, but we were all having a lot of fun swapping war stories.)


When I wrote the exam (paper based, in those days), I found I got bored easily, and started zoning out.  I took almost the whole six hours.  After I got out, I just sat for about half an hour, decompressing.


I passed.


Other posts:

This message may or may not be governed by the terms of or
Community Champion

0-15I liked it so much I passed twice.


The first time was in 2010, and the second just last year when I figured I might need it again.


I did it straight after the review seminar at company campus - we had an in-house course though people from outside showed up for the exam. I was probably done in a couple of hours, reviewed and felt ok about it, passed, certified and then didn't bother till 2017.


The second time around was actually longer slightly over two hours, mostly due to the machine not refreshing quickly enough, anyway by that time I was pretty much feeling OK about things so was quite chillax about it all. 


I saw a 45-minute time frame in the thread from John for a completion, which is very impressive - do-able I think, assuming you were getting question that you could nail in 10-15 seconds, but even so Kudos, I'm pretty sure if I had tried to speed run it in that time and stuck with answers I'd have been going for a resit.