So you have decided to take the plunge and go for the ever coveted CISSP, then you came to the correct blog. In this blog, I will go over why you shouldn't get the CISSP, who should get it and what responsibilities come along with getting (ISC)² certified, and how to better prepare yourself for becoming (ISC)² CISSP certified with some helpful suggested study materials to go through during your journey.
I'll also cover why deciding to get an Associate of (ISC)² is a good decision as well. Then finally, I'll walk you through my personal experience of becoming (ISC)² certified; what I did to prepare myself, and the lessons learned from my experience as a whole.
The Directory
1. CISSP Intro
CISSP Intro
Read through the (ISC)² community blog to give yourself a feel for the actual exam through what other test takers have experienced during their time of studying and taking the exams. Try to analyze why some failed and others succeeded.
After reading through the blog post one of the obvious things that should have caught your attention and I will point out yet again… is that this is not an exam that you can just memorize all of the study material and expect to pass the exam. Of course, there are some terms and formulas to commit to memory; however, these things are to assist you with deducing to only the appropriate answers available during your exam. Being able to force yourself into the mindset of a CISSP is the key to a successful exam attempt. On the other hand, how long that process takes you depends on the person and how much time that you’re willing to put towards the goal of becoming certified. The CISSP is achievable with a lot of effort for some and not much for others, dependent upon your experience it could take you as little as a couple of weeks to as much as a year. But the average time for studying for the CISSP exam is 1-3 months.
If you have quite a bit of time for studying and dedicating lots of your free time, then this exam is absolutely doable. I wouldn’t say that if you have very little free time that it’s not doable, but that it will just take you a little longer to properly cover all 8 domains to prepare to sit the exam. So, find an appropriate work/life/study balance and remember that it’s okay to give yourself a break every once and a while – taking a break while studying is important for your mental and physical health so you don’t burn out. As of May 1st 2021, the new revision of the CISSP will be coming out and the price is going up from $699 USD to $749 USD.
Important Notice: To sit for the exam, you will have to contractually agree to (ISC)² Code Of Ethics; if you disagree to any of these, or, if you feel like they don’t match your personality, then this exam is not for you. Breaking any of these codes will jeopardize your ability to stay certified and may be banned for life from future certification offers by (ISC)². Sometimes this may cause a trickle effect and will hinder your chances of obtaining certification with other certification bodies.
The reason you should get certified is you want to break into the Cyber Security field, more money, better management opportunities, and or job promotion. There are many reasons that could be listed of why to get it, but just make sure that you are getting it, because you really want it. If you don’t have the required 5 years of experience, don’t let that stop you as you can still qualify as an Associate of (ISC)². I would suggest however for you to get your CompTIA Security+ before taking this exam, if you don’t have a STEM Bachelor’s degree it will knock off 1-year of required experience and it is listed as one of their many certifications that they will accept. If you have another certification and are curious if they will accept it for the 1-year credit then check it out at (ISC)² CISSP Requirements. After becoming an Associate of (ISC)² you will get 6-years after date of passing the exam to gather your required experience in 2 of the CISSP Domains to become fully CISSP certified.
My Experience
My journey towards the CISSP actually fell into my lap by surprise (I’ll elaborate more on this in a little bit), as I wasn’t expecting to start studying so soon for it and had an idea of eventually taking it sometime in 2023. My colleague and best friend had kept pushing me to apply to a veteran’s program: IVMF O2O from Syracuse University, that helps to assist with providing training and an exam attempt for industry recognized exams. Along with additional programs to help with job hunting and resume help. Upon applying and filling out the prerequisites for the program I chose to go with (ISC)² as I was looking at getting the SSCP or SDLC certification. Approximately two weeks later I got a response to my application with the recommendation of going after the CISSP, I was very surprised that they had recommended this certification for my experience. At that point I felt that I was at the base of Fuji and looking to hike up, being unable to see my destination at the peak. It was honestly a bit overwhelming, but I gladly accepted the challenge. With a start date of 23 September 2020
I proceeded to gather study materials that I thought I would need like the OSG, 11th Hour CISSP, and talked to a few of my peers on Discord for some advice on how to study. One guy SQL_Butter DM’d me and provided a vigorous study path that had worked for him and others to prepare and take the CISSP within 5 weeks. Looking at the study plan it was insane, but doable. I proceeded to go through the steps and following it. Towards week 3 I had been through several domains at this point and was over 60% complete with the materials; however, I had to take some time off from studying for two weeks and got behind on my progress due to work. But I didn’t let that stop me as I would still study for a couple of hours while lying in bed. In addition to the that I still had to complete the mandatory training courses provided by the O2O program, which they had videos from Skillsoft and practice exams that focused on preparing for the CISSP CAT exam. To complete this course and get the exam scheduled I had to pass the full practice exam 3 times with a score of 80% or higher.
During week 4 of my studies, my boss sent me a YouTube link: “5 tips on passing the CISSP exam”. I thought, “okay, let’s give it a look and see what’s going on.” Because of this video that Cybersecurity Meg was so gracious to share on YouTube, I found Certification Station Discord Sever, which turned out to be a gold mine of knowledge where they had separate channels for many different industry certifications and was all surrounded by group study sessions that would quiz each other from official practice questions by various CISSP holders and discussing various topics that applied to that specific certification. I was quickly greeted by DarkHelmet and Susy upon joining the server. I dropped in from time to time and participated in the Q&A study sessions, where some questions I would get a good feel of my knowledge and then go study some more over the subjects and domains that I needed more attention in.
Finally, towards the end of November I felt like I had a good chance of passing my exam and met all the program requirements. Upon attempting to schedule my exam I found out that I couldn’t schedule it for my location and that the closest Person Vue center that allowed to take the CISSP was 2 international flights away. I was bummed out over this, because at that time my location was still in a state of lock-down due to the COVID-19 pandemic and didn’t allow for travel, which means I was stuck in place. So, finally during mid-December I took 2 weeks off from studying for the CISSP. However, in that time frame, I did manage to knock out the AWS Certified Cloud Practitioner and the Security Blue Team’s Blue Team Junior Analyst certifications. So, it wasn’t all in vain and I seen how it correlated back to the CISSP studies, plus I ended 2020 with obtaining 3 certifications for the year.
Starting in January 2021, I came across some info that (ISC)² was conducting online pilot exams through Pearson Vue. I quickly jumped with this information and contacted my Cohort advisor to get my CISSP exam scheduled. Finally, within 24hrs I was able to obtain a date 27th February 2021! I was super excited that I would finally get to sit for the exam, I quickly switched into CISSP beast study mode and popped back into Certification Station where I inquired about the best way to maximize my studies and Susy gave some advice of what to study, that I immediately put to good use.
Around the same time Adam Gordon started his free CISSP boot-camp for active members of the Certification Station, that I attended religiously, which started around 4am my time and then ended right when I had to leave for work. I attended all sessions minus the last 4 classes that he gave, due to me wanting to readjust my schedule, since my exam would start at 10 AM I wanted to make sure that I would be more alert. I followed up by going through Adam Gordon’s Accelerated CISSP offering on the ITProTV platform, finishing the entire course with 3 days remaining until my exam. Studying all the way up until the night before the exam, before I went to bed, I knew that I have done that all I could do to study for this exam and was satisfied with myself – sleep came easy that night.
Mountain Climbing
Finally, the day of the exam was upon me before I knew it. I went and had my morning ritual of coffee and the same breakfast. I packed up all of my things that I needed to take the exam, since I was going to my friend’s office area where it was quiet and the internet was fast and proceeded to walk over to his office. Once I arrived, I knocked on his door an there was no answer, I started to panic a little and called him, “Hey, I’m here to take my exam!”, I said. Within a few mins he emerged and started to set me up in his office and asked if I needed it to be secluded without disturbance, I said, “Yes!” and he said, “Never mind, let me put you over here in this other room, where you won’t have to worry about anyone knocking on the door looking for me.” It was a very small room, but fortunately it had everything that I needed, even a private bathroom.
I began to rearrange the room and setup my laptop and webcam and prepare the room for the gauntlet that I was to endure. Finally, I sat down into the foldup chair and signed into Pearson Vue and it said that I needed a newer version of the software ok. Downloaded installed and tested webcam, voice, and internet speed all good to go. Then proceeded to complete the check in by taking all the required photos. Next, once it said that I was in the queue and would be served shortly within 15 mins. I looked at my queue position and it said that I was 168, already it was approximately 15 minutes before my scheduled start time of 10 AM. After 15 mins a message popped up as said, we’re sorry that you haven’t been able to start yet, please click on this link to reschedule your exam. I started to panic once again, what is going on, but yet I noticed that I was still in the queue. I clicked on the link and it took me to the (ISC)² online proctored exam website and said do not close out your Pearson Vue exam application unless told to do so and gave additional options to reschedule the exam if you wanted to. So, I closed the browser pop up and continued to wait. At approximately 10:40 AM, I was finally #1. Then a popup appears with a chat window asking me to show them around the room, the desk, inside the drawers, and underneath my laptop. Then as I was moving the webcam around it disconnected from my laptop and I started to freak out, oh no. The proctor said, I can’t see your webcam and I was able to put it back in and had to reshow the room once more. Finally, the proctor was satisfied and said, “I will now release your exam so you can take it.”
As I was going through the questions, I couldn’t tell if I was getting them correct or not, but I kept hearing Adam Gordon’s voice in my head to synthesize the information, apply it to the question, and move on. Doing it this way, I made sure that I didn’t linger too much on any one question and only focused on the question that was in front of me. At about question 16 I got a popup from the proctor telling me to quit mumbling and that it was my first and final warning. I guess I was doing it unknowingly and apologized and said it won’t happen again. I proceeded by pressing my lips tightly together and continued to answer questions. Eventually, I surpassed question 125 and it gave me an option for a 10 min break. Which I took advantage of and went to the restroom and then came out and did some stretches and resumed back only taking about 7 and a half minutes break.
At question 156 my alarm went off on my cell phone for lunch time, which took me by surprise, while still intensely looking at the screen and not moving. I was like crap; I’m really being tested now on focus – I forgot to shut my alarm off. For the next 5 mins it continued to ring and I haled the proctor, which the only checked on me after the alarm went off and I had told them what happened. Now at question 164 my alarm goes off again, because it had automatically snoozed. I quickly haled the proctor yet again asking for permission to power down my phone and was told that I could as long as I kept myself within the frame of the webcam. I grabbed my cell and keeping the screen towards the webcam so that they could see it and I powered it down. Finally, I can now finish this exam.
By then end, I had reached question 250 and my mind exploded, my whole body ached, but I was glad I had finally reached the finish line. On the next page I was greeted with a survey, which I took and then finally I could close out from the Pearson Vue application. I was thinking that, there is nothing after that, just there wondering if I had passed. So, I went to the restroom once again, came back powered back on my cell phone and still no email or anything. I logged back into my Pearson Vue (ISC)² portal and it stated that it was under review. Okay, I’ll wait, so proceeded to pack up my things. Once I had finished, I got an email and it stated that the results are ready for viewing on the portal. I took back out my laptop and started searching, finally I found the results and once I press the button to view the report it said…
Unbelievable, I read it again and yelled, “I did it!”
All of those days, late nights, and early mornings paid off for me. I was proud of this accomplishment and being able to achieve it on the first attempt.
Study Resources
Live Bootcamp
Certification Station – Adam Gordon (Free CISSP 2021 Bootcamp for members only)
Videos
CISSP by Michael Shannon – Skillsoft provided by IVMF (watched once)
CISSP by Kelly Handerhan – Cybrary (watched 3 times)
Accelerated CISSP by Adam Gordon – ITProTV (watched once)
Mind Map by Rob Witcher – Destination Certification (watched twice)
CISSP Cram Session – SANS Webcast Series (watched once)
Books
CISSP Official Study Guide (OSG) – Sybex (read entire book once)
11th Hour CISSP Study Guide 3rd Edition (read twice)
How To Think Like A Manager for the CISSP by Luke Ahmed (read once)
CISSP for Dummies (read around 4 Domains)
Practice Test & Apps
CISSP TestPrep – IVMF (750q (3x))
Certification Station #cissp (study group) – Discord
IT & Security Pocket Prep – (CISSP Smart Phone App – 800q (3x))
ExSim-Max for CISSP 2020 – Boson (750q (4x))
Destination Certification (CISSP Flash Cards Smart Phone App)
AnkiDroid (Flash Cards App) – (ISC)² Official Flash Cards
ThorTeaches CISSP Practice Questions
Wentz Wu CISSP Practice Questions and QOTD (WARNING: A must! But use only when you are feeling good about yourself so you can get properly grounded. You will learn a lot and be humbled while doing it!)
Adam Gordon’s QOTD (found on LinkedIn & Twitter)
Motivation & Inspiration
SQL_Butter’s 5 week CISSP Guide to Success for the CAT Exam:
Use this study guide at your own discretion as an outline only to assist you in preparing for the exam. As this guide is NOT a guarantee of passing the exam only suggestive study techniques. Feel free to change the study guide for your own needs as you see fit.
Minimum Materials required:
Books: CISSP OSG and 11th Hour CISSP
Videos: CISSP Course or Accelerated CISSP
Test Engines: Boson and Pocket Prep
Suggested Study Strategy
1. Book the exam for week 4 or 5.
2. Get BOSON immediately after paying for the exam and take the first full exam regardless of what you know or don’t know to display your weak areas.
3. The same day or the next day start studying your weakest domain. (Don’t fixate on the score, instead use the study mode to check your answers and fully read the explanations available to know why the questions are correct and wrong.)
Suggested Approach for Studying the Domains
1. Watch Kelly’s videos for a particular domain. (You may also substitute Adam Gordon’s videos for more depth if needed).
2. Once finished with the domain video. Go to the OSG and read the end of the chapter summary; then read the entire domain. (Read using the Pomodoro Technique if you must until you have consumed the entire domain.)
3. Repeat steps 1 & 2 for the week as needed. Then during the weekend take another full Boson exam to see how well you are doing in learning the material. (Complete each week with a full Boson exam).
4. During week 4 read the entire 11th Hour after completely reading the OSG and go over more videos as needed.
5. Anytime you are away from the computer or book, knock out a quick set of 10 questions from Pocket Prep. Make sure to read each explanation, whether you got the question correct or not.
6. Remain consistent in your studies.
Special Thanks
Many thanks go to my loving and supporting wife that kept me focus and cheering me on during the entire time without fail. To the IVMF Team for taking me down this journey, thank you for providing such a fantastic O2O program! To all of my colleagues that had nothing but positive words and vibes to share throughout my journey. To all of the people that I had interacted with on the Discord I thank you for your practice questions, guidance, and words of wisdom. To all of the CISSP Instructors, you all are absolutely awesome! Without sharing your knowledge with the community, many of us wouldn’t be where we are today as a certified CISSP holders, thank you all again. To all of the future CISSP students, good luck on your journey and remember don’t give up, take breaks when needed, and reward yourself for the smaller successes as you climb to the top.
Comments