I’ve been working for (ISC)2 for almost 5 years and over the years I’ve met many CISSPs at (ISC)2 and industry events. In our conversations I'll often ask them about their experience taking and passing the CISSP exam, as it’s a huge accomplishment and everyone I’ve heard from remembers the day they found out that they passed.
One story that has stuck with me is about a member who was taking the exam back when it was paper-based testing and about half way through his exam he realized that two pages were stuck to one another, so all of his answers from then on were off. He luckily was able to erase and adjust all of his answers in time and he later found out that he passed. Talk about a nerve-wrecking experience!
I’d love to hear your story…
When people ask me about taking the CISSP exam, my first response is surprising: Which time?
I have taken and passed it three times: 2005, 2011, & 2016. The first two were the paper format and the 3rd, by computer. Why 3 times? Both times I let it lapse was by calculated choice. Primarily, ROI for my personal time and the value to my employers. I do not recommend this for others; especially those who stress over the cost or difficulty of the exam. With 25 other IT certifications including many that required more than one exam, I am no stranger to professional IT exams. Did you know, only 12,456 people, worldwide, earned the Microsoft's MCSE+Internet?
In 2005, it took me about 45 minutes to pass, I do not recall how long it took the second time, and the last it was with 169 minutes left on the clock. I would have done the last in under an hour were it not for my dislike of the required early exam schedule. For the first, I used the Mike Myers CISSP Passport book to prep or a few days and drew upon experience. For the second, I used the same material again. For the 3rd, I attended a New Horizons course at my employer, when I discovered they had an empty seat. Tom Payne was the instructor, and he was fabulous. He kept the class engaging; it was on target and helped me fill in a few minor knowledge gaps that had arisen over the years, in CBK areas I touch less often. In hindsight, I could have taught the class with a book in hand; but then, I have done more than one workshop for customers.
Interesting point:
"Primarily, ROI for my personal time and the value to my employers."
When I was doing the seminars (and, let's face it, they aren't cheap), a couple of times I had attendees who were already certified. They were also independent contractors, and so were paying for the seminars themselves. They both said that, since time taken to get CPEs was time they couldn't bill, and so retaking the seminar was the fastest, and therefore cheapest, option to maintain certification.
They were both kind enough to say that they learned something from the seminar, as well 🙂
Just passed the CAT exam on 12/Apr before it had its questions update.
Why I need to have this certification is basically due to my job and pressure from regulator (banking and finance).
Before taking the exam, set a target to yourself and give yourself a reason to carry-on. Studying isn't a happy thing to some people especially it comes with a tough exam.
I still don't know how exactly his certification will help me apart from fulfilling my job's requirement.
As I am also a PMP in my field over 5years, I believe the concept learned from CISSP + PMP can assist my project planning or operation analysis in a more comprehensive way. No only from a technical perspective but also a mindset and methodology for me to manage upwards.
I've had my CISSP for about 15 years now. When I tested we didn't have the benefit of online testing so I sat with about 50 people in a room coloring circles in a paper test book with my #2 pencil. I remember getting through the test in about 90 minutes but was afraid I had done something wrong because no one else had finished. So, I went back through and reviewed all my answers ( I didn't change anything because I believe in going with your initial instincts) for about 30 minutes until someone else turned in their test and left. I closed up my test book, turned it in and left. At this point the waiting began. We were told if we supplied an email address (which I did) we would receive our results in 30 days otherwise is was 6 to 8 weeks for a letter to arrive in the mail. Sure enough, 30 days later I received my congratulations email with my pass notification. I still remember that day and the excitement of reading the email and actually having passed the test. So glad I chose InfoSec and decided to work towards my CISSP. It's one of the best professional decisions I've made.
I recently passed the exam, after having taken a company paid for SANS course about 6 years ago. I suffer from test anxiety and made every excuse I could not to take the exam. Last year a friend of mine convinced me to take the test, unprepared, just for the experience and for the list of areas to focus upon. I missed passing by 5 points just based on my experience and not having really prepared. That gave me new confidence to study for the test. But alas, old habits are hard to break, so once again my anxiety and procrastination went into overdrive and I put it off. I began a meditation series to help with the anxiety. Along with using the pomadoro method and allowing breaks for exercise, I was finally able to begin studying in earnest and made a test date. I postponed the date because of a project at work meant I would have been up the entire night previous to my test date, not an ideal way to enter any test.
The material is daunting. I used 3 books and 1 video course, paired with the CCCure test engine to prepare. Each book brought up different mandatory exam knowledge, each chose different levels of detail about each technology, they all had various points to focus upon. I do not recommend doing what I did. Pick 1 book, and the test prep and follow it through. Choose a book that matches your level of knowledge. Too much information is bad thing for this test.
While studying, I deepened my knowledge about certain topics, and introduced myself into new areas of interest. Most importantly for me, I took the test. If you're not sure about yourself, think of taking the test as a prep step for your next areas of focus. Nothing untoward will happen if you fail the first time.
I have passed in januari for the CISSP exam.
Working as a Information Security Officer i've decided a couple years ago to do the CISSP cource inside our company. After the course i didn't take the exam immediately and then last year in summer I did decide to go for it and I started reading the ISC2 book and practiced a lot of questions.
The practices, i have used the Official (ISC)² CISSP Practice Tests and Shon Harris practice questions, have helped me very well but they didn't meat the level of the real exam. For passing the exam you need tot answer about 80% of the practice questions right (I think)
It took me also the full 150 questions and after passing the 100 questions mark I became very nervous because the time seemed to be a problem (less then 45 minutes for the last 50 questions. As a native Dutch, reading the questions and answers took me more time then i did expect..
So passing after 3 hours with 150 questions was a big relief for me.
The most important before the exam is to practice a lot of questions en try to use time limits, just as it is the real exam. And keep keep practicing questions from the domains that you have difficulty with!
I passed mine in 2016.
I have to say it was quite the experience, cat's included (yes you read that correctly)
I took the course offered by my company based on the Harris book and did well in that then scheduled the exam for 2 months or so away. I started studying the practice exams and was doing well and felt ready. however, at about 2 weeks before the exam I started doing worse on the practice exams and started to worry allot. As the exam got closer I really was doubting I would pass I was now only getting in the 60's on the practice exams where I had been in the 80's. finally deciding to go for it, I stopped studying for 3 days before the exam.
The day of the exam (here's where cats come in) I decided to would get myself all dressed up and feeling good about myself. nice outfit, makeup and so on. as I'm getting ready and doing my mascara my precious little Pepe (named from Pepe Le-Pew) decided to check out what I was doing and I had mascara in my eye. it stung like crazy and the more I tried to fix it the worse the stinging got. I ended up removing the mascara and my eye was in tears and hurting. I got to the test center and signed my life away, several signatures, 2 palm prints, photo's, you know the drill. my eye still hurting.
Finally it's test time, I go in and start my exam. first answering obvious questions and marking ones to come back to. finishing the first pass I go back to review the remaining questions which now had more clarity due to the questions I had already answered. finishing those up I gave it one more pass. Mind you I still had way over half the exam time left. I felt for sure I could not have passed this exam. Somewhere around the mid point my eye finally stopped hurting. whew. I finished the exam and walked out, head low because I knew I did not pass. it kept hitting me on my weak points, probably 75% where on the topics I was weakest on. I only had <20 questions on network and crypto which here my strong points.
I get the desk and i'm told just one minute please. the longest minute of my life. the I hear congratulations, you passed. my jaw dropped. how in the world did I pass????
I walked out amazed and relieved.
For all the studying and prep, the exam itself though was actually way easier than getting my RHCE which I found actually harder in hind site.
Congratulations!