Hi All, I have passed the CISSP exam two days ago and I would like to share my experience and how I pass the exam in order to help other people.
I have more than 15 years of experience in IT and more than 10 years in security so I think I had a knowledge about IT before to begin to study the exam.
I have take an online official course in October and began to study. I have use and read during 6 months the next books and tools:
-CISSP Official Guide (very very long)
-CISSP Study Guide
-Official Practice Test App
My opinion about the exam:
It does not matter how many books you read, the exam is more about deeply understand the concepts. The exam questions are totally different from Practice App or any web page I found in Internet. I think it is a hard exam and you go through different moods during it, from "I'm good" to "I do not have time" or "I do not understand the questions", this last one especially if english is not your native language (as is my case)
-Read the books and be sure you understand the concepts.
-Use nmemonics to remember lists.
-Do as many practice test as you can.
-Once you have more than 75% or 80% of success consistently, go to the exam.
Congratulations on passing the exam! I first became a CISSP in 2001, let it lapse in 2007, then retook the exam in February 2018 (I passed, woohoo!). Of course, the material is very different and I think it is a much more relevant test now.
One thing I would add to your advice is that you can't go back and review questions once you've finished the exam. On practice tests, I would do my best, then go back and review questions using the remaining time. When I took the exam at the test center, I planned to do the same thing. I finished pretty quickly then found I couldn't go back and review my answers. Now I know what a panic attack feels like! With luck and hard work, I passed anyway.
You are correct in that many individuals read the books, but do so at face value. Meaning they do not gain a deeper understanding of the concepts the information is trying to present to them. Still other individuals take many practice exams with the expectation that they will see some of those questions on the actual exam (Unlikely). Utilizing the practice exams as a memory aid is not the point of the practice exams. The practice exams just like the information in the books should be used to discern the underlying conceptualization of the information itself. you are correct experience helps as that should be the foundation on which to build knowledge of the domains to which one will be tested.
Again, I applaud you on your success and accomplishment.
I am right there with you on the whole "End Exam", what, you can't go back and review thing?
It can be very unnerving when you get to the end and look for the review option only to find and be told that there is none haha. I guess that's when the old adage comes into play. "It is what it is" and or " Either you know it or you don't." Possibly something that should be explained prior to candidates taking the exam though.
Some of my co-workers that recently took the exam and did not pass said they were quite frustrated with not being able to go back and re-examine their choices and were not aware of the no review option.
Question? If one does not make a selection for a question and thus leaves it unanswered, once they get to the end of the exam does the system flag that question as being skipped or unanswered and therefore allow the individual to go back and answer that question? If that would be the case then said individual should just leave questions for which they unsure of unanswered and then use the available time left to go back and revisit those questions.
Again, Congratulations on your success and may continued success follow you along your chosen path(s).
I am one of the first people to get the CISSP!! I got it in 1991 by Grandfathering. Needless to say, I was very glad to get it!!!!!!
The program got started around 1990 with a process for very experienced people to Grandfather their CISSP. We had to submit information on our IA experience with names of people that would verify our 8 years of IA experience. As part of that process, we had to “test the test” at our expense without having to pass it. I was lucky enough to have a work related trip near to San Jose California for a Test the Test. So my only expense was the extra days at a hotel.
In the mid 1990s, I became one of the first volunteer test administrators. We got to travel all over the USA and to some foreign countries.
Here are a few fun things that happened. I always had someone working on the test for 5 hours and 59 minutes. A few people finished the test in 90 minutes!!! I had one person taking the test for try number 6. When we traveled, some of the mangers would put the test books in their checked luggage. One person had a test in Iceland and the airline didn’t take their bag off the plane. The bag was “delivered” to Germany! So the folk at the ISC2 building faxed a test to his hotel where he had copies made at a copy center!! To avoid that worry, I always put all the test material in my carry on bag and my clothes in the checked bag. Once, I had a test with over 200 candidates. One test was at a hotel where their meeting rooms had a moveable wall between them so the rooms could be large enough for a big meeting or small enough for several meetings in that area at the same time. The ISC2 folk told the hotel manger that there could not be any activity in the adjacent rooms during out test. Well, just after I started the test there was a big party in the adjacent room with a very loud band!! Needless to say, there was a lot of anger!!! We always got the address for the test location and I would always drive to that location to make sure I could find it the next day. Once, they gave me a street address with Seattle for the town that was a small house. They didn’t notice that the test was to be in a town that was an adjacent suburb. Happily, I had a phone number for the company sponsoring the test. Once, I had a test on Friday in one town and a test the next Sunday in another town. I didn’t notice until Friday night that the town on the airline ticket was for a town with the same name but in a different state!!! Needless to say, I was very happy when the airline was able to change my ticket.
I would gather that from all your experience and travels that you have seen the maturity of the exam progress through stages and phases that have bolstered it's position in the industry to where it is today.
Would it be fair for one to come to the conclusion that you feel the certification still maintains the high standards it set out to establish in the beginning? I feel that there is much confusion presently with the lowering of the time and possibly even with the adaptive nature of the exam. I do understand that much of what I have read is based on the grueling 6 hour versus 3 hour change. Many feel that the lower of time and amount of questions somehow diminished the stature of the exam. I personally work with some very sharp individuals that have more than 10 to 15 years of experience and recently took the exam and failed. These individuals have taken the exam in the past and were lead to believe the exam had become easier to pass. After sitting for the exam and failing to pass the exam they (4 of them) said they did not understand much of what was on the exam, meaning the context of the questions. I asked them if the exam seemed to be easier as they were lead to believe? The answer was a resounding "NO." I then asked them, (all 4) if they had intentions of re-taking the exam in the near future, again the answer was "NO." I honestly believe that the exam was more daunting than they were led to believe. I also honestly believe that had the exam been 6 hours long they most likely would have just shut down and either ended the exam early and walked out or just started clicking on answers even if they knew they were the wrong ones. Possibly lack of intestinal fortitude or lack of caring since they didn't have to pay out of pocket .
I thoroughly enjoyed your post and found it informative with respect to the foundation put into place and how it came about.
You're correct. I found the exam to be fair but very challenging. The pool of questions is sufficient to get a good measure of a candidate's knowledge. It's not the sort of test I think a person without IT Security experience could pass even if they studied a lot, or that an experienced IT security pro could pass if they did not study. The certification means you've really achieved something.
I just want to second this....
As long as the integrity of the exam is maintained - (@EdmundDantes The certification means you've really achieved something).
I passed the SSCP exam last year and passed the CISSP today!
Congrats on achieving a goal that many will see as going beyond mediocrity.
How did you feel once you found out that you had passed the exam?
How was your exam experience at the testing facility?
Do you have an opinion on the "Why Not" topic?
Although, we have never met, I am extremely happy for you on your accomplishments.
I am actually very tired of witnessing individuals who are not willing to sacrifice any of their social media time to actually study for the CISSP exam, or anything other than Sec+. I just don't understand the mindset of "I Want" but am unwilling to sacrifice anything to earn whatever it is they want. I am currently working with a group of younger individuals (approx. 10) and find myself being questioned as to why only two of them are constantly being rewarded with awards and extra time off. I reward performance and sacrifice not time spent on social media sites. Both of the individuals are taking college classes in the evenings, studying for network+ and security+ (both at the same time), and hold down daily tasking's at work. The other 8 grumble a lot and complain, however the entire team consists of 52 individuals all of us have at least CISSP, CISM,CISA, or C|EH. Meaning no one on the team has the time to hear all the excuses for not trying to succeed.
I hope for you all the success you strive for.
Again, Congratulations on your successes.