Re: Any good advice for passing CISSP? I have just...

Super_Q · ‎02-07-2026

Hi everyone,

I’m looking for some advice and insight from those who have recently passed the CISSP.

A bit of background:
I have over 20 years of experience as a full-stack developer and hold a Master’s degree in Cybersecurity.

Since June last year, I’ve been preparing seriously for the exam—studying 1 to 5 hours daily using YouTube videos, online courses, and at least five textbooks.

I’ve completed all the questions in the CISSP Official Study Guide (10th Edition), the Practice Tests (4th Edition), and thousands more from other paid training platforms. Based on my preparation and practice results, I felt very confident going into the exam.

However, during the real exam, I was surprised by how deep and detailed some questions were. For example, I had multiple questions focused heavily on SDLC and Software-Defined Networking. It felt much more in-depth than what I encountered in practice materials.

This made me wonder if:

I may have focused on the wrong areas in my preparation, or
The CISSP exam has changed recently (possibly a newer 2026-style version), or
I misunderstood the level of depth expected.

I would really appreciate any advice from those who have passed recently.

Thank you in advance for any guidance. I’m determined to improve and succeed on my next attempt in April.

Best regards,

Q

akkem · ‎02-07-2026

You can watch this video to help shift your mindset. It really helped me start thinking like a manager instead of staying purely technical.
https://www.youtube.com/watch?v=qbVY0Cg8Ntw

Additionally, I recommend following Adam Gordon on LinkedIn, he shares one question every day, and I found them really helpful during my own study.
https://www.linkedin.com/in/adam-gordon-cissp/recent-activity/all/

Super_Q · ‎02-07-2026

🤔😅🤗

Thanks mate, I bookmarked them.

nkeaton · ‎02-08-2026

@Super_Q Keep a copy of the exam objectives with you, and refer to them often. This is what are expected to know for the exam and is good for identifying knowledge gaps. The most valuable book for me and do acquisitions for our folks studying for the exam is Luke Ahmed’s How to Think Like a Manager to better frame the mindset needed to answer the questions correctly. I highly recommend doing the CC first for several reasons. Those that have done that do much better going in to the CISSP. Best wishes.

ericgeater · ‎02-09-2026

Hello, Q. When I took the CCSP two years ago, it likewise felt more "in-depth" than I was expecting. And completion went down to the wire; I only had two minutes left by the time I got to the last question.

It sounds like you are surrounded by good study material and background, so I won't recommend another book. But I will suggest Rob Slade's own Socratic webinar and uploaded it to YouTube. I will pop in his videos from time to time, just to have a companion while I'm in spreadsheet h@ll.

Above all else, the CISSP is designed to get you to think like a manager. You need to approach every answer from the position of leadership, because that's who they're expecting to take the exam. People in IT make decisions based on knowledge, while the CISSP makes decisions based on desired outcomes for an enterprise.

Now, a question for you: How many questions did you answer? If the exam ended before you reached the last question, then you need to go into another study cycle, re-read the books and use the flash cards. If you received all the questions, then you're actually closer than you think. Review the printout, and increase your study focus in the stated domains.

-----------
A claim is as good as its veracity.
linkedin[.]com/in/geater

nkeaton · ‎02-09-2026

@ericgeater Very nice write up and very true. People taking the CCSP now have to weigh when to take the exam because the objectives change August 1. I always lean towards the current version as are more study materials. Occasionally people will do better on the new version because domain emphasis has changed. The nice thing about ISC2 exams is that no studying is bad. They stay on track and don’t just gut exams like some other organization(s). I am just grateful that I passed the CCSP long before it was adaptive. My CISSP was and was a very brutal exam. I prefer linear. I know is the same material but just isn’t for me even though i passed.

ericgeater · ‎02-09-2026

@nkeaton I appreciate that! And let me concur with your point that the CC is an excellent exam introduction. I took it as a refresher three years after CISSP, and it was a surprising challenge.

-----------
A claim is as good as its veracity.
linkedin[.]com/in/geater

dcontesti · ‎02-09-2026

Sorry to hear that you were unsuccessful but this can happen for many reasons.

One thing that should be made clear is that the folks that develop the training material (with sample exam questions) are different from the folks that develop the questions that you would be tested on. This is potentially one reason for the difference. Both sets of developers follow the Common Body of Knowledge (CBK) when considering questions, etc.

The process of developing questions follows a very defined psychometric process. A process called a Job Task Analysis is done and one outcome from that is a weighting of the various domains (that is what is critical, see https://www.isc2.org/certifications/cissp/cissp-certification-exam-outline for exam outline and examination weightings.).

It sounds like the exam developers were maybe a little more technical on certain subjects. Also remember with the CBT, the system will begin with a question and if you get it correct, it will increase the difficulty of that subject area.

I typically suggest to my staff that we sit together review the Domains, and understand where their weaknesses are such that they can focus on those areas. Hopefully, you have someone that you can do this with.

I also suggest the following:

1. Do not cram (this can cause you confusion).

2. Read each question carefully. (I have a problem where I speed read, and sometimes skip words that are key to the topic)

3. Choose the BEST answer for the question.

4. Get a good night's sleep before the exam.

5. Stay hydrated

As a suggestion, I would focus on the domains that showed

If you have specific questions on technologies, many of us here are happy to lend our knowledge or simply have a discussion.

One thing that I recommend to many folks, is to read each question and all the distractors and choose the BEST answer.

Best

d

emb021 · ‎02-09-2026

@Super_Q
I would echo was @dcontesti said here about training materials vs the actual test: "One thing that should be made clear is that the folks that develop the training material (with sample exam questions) are different from the folks that develop the questions that you would be tested on. This is potentially one reason for the difference. Both sets of developers follow the Common Body of Knowledge (CBK) when considering questions, etc."

This is something too many people don't understand about certification exams, especially ones that are ISO/IEC 17024 certified, like ISC2's are. They often are surprised or even upset that none of the questions they get on the actual exam are identical to what they got in their practice exams.

Also, the CISSP test is now a 'computer adaptive test', which means that depending on how well you do on certain subjects, you will get more and harder questions on that subject. When you got your test results, did it indicate what subjects you were weak in? That would help on preparing for next time.

One thing I'm not certain with the current test is if it still includes 'dummy questions' that aren't scored, but are being used to try them out. When I did my test before the days of CAT, I got a lot of cryptography related questions that I suspect were dummy questions.

I would just suggest following the advise given here and try again.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow

Any good advice for passing CISSP? I have just failed mine today...