On July 25th, I was thrilled to learn that I had passed the CISSP exam 🥳. In this blog post, I’d like to share my experience, the resources that helped me, and some tips for those preparing for the CISSP exam.
Passing the exam allowed me to fully enjoy a much-needed vacation with my wife, celebrating both the Olympics and this personal achievement without worrying about domain knowledge for two whole weeks.
Introduction
I have been working in GRC (Governance, Risk Management, and Compliance) via reliability engineering responsibilities for a few years and have inevitably been part of security, compliance, and regulatory conversations in various positions. Studying for and passing the CISSP was a way for me to ensure I have the baseline knowledge to support my risk management leaders and engage in more mature conversations around security. This is especially important since I have been recommending related policy changes for some time now.
Throughout this journey, I faced several challenges balancing work, study, and personal life. I hope that by sharing my experiences, you can find encouragement and perhaps avoid some of the pitfalls I encountered.
Study Approach
Planning and Timeline
My first few attempts at studying were a mess. The information is broad, so I figured I would just fully consume each resource I had at a time. This approach ended up being deeply flawed for me and pushed my studying off enough to reschedule twice.
Eventually, I landed on the strategy of going domain-by-domain with the resources that I had enjoyed or found great value in the most. I studied the domains in the order that FRSecure presents in their yearly free course: 3, 8, 1, 7, 2, 6, 4, 5.
This domain-focused approach helped me break down the vast amount of information into manageable chunks, and I began to see improvements in my understanding and retention.
Here’s how I spent 232 hours over the last year:
Resources Used
CISSP Domain Days
- Rating: 9/10
- Cost: $0 for me/testers, no longer available.
- If you benefit from intensive, day-long study sessions, this might have been a good fit.
- I enjoyed the learning experience this provided. However, I think the price is steep considering you have very limited access to your day of recordings—if I remember correctly, it was about a month. Each domain runs for about 8 hours, so larger domains are compacted and smaller domains are expanded.
Destination CISSP: A Concise Guide
- Rating: 10/10
- Cost: $40
- If you’re a visual learner, this guide might be especially helpful.
- This is probably the best piece of study material I have ever used. It’s clear the team put a lot of effort into the visuals; I wanted to copy almost all of them into my personal notes.
LinkedIn Learning CISSP Cert Prep by Mike Chapple
- Rating: 10/10
- Cost: $0 with Library membership - Learn how
- If you prefer structured, comprehensive video lectures, this course is fantastic.
- Mike keeps this content up to date; it is the most in-depth video course I used. I found myself taking a lot of notes in each <5-minute chunk of information he provided. I’m also looking forward to going through his US/CIPP course to better understand US privacy law.
CISSP Official Study Guide & Practice Tests Bundle (2024)
- Rating: 8/10
- Cost: $80
- This resource is excellent if you like combining reading with practice questions.
- There is a lot of great information in this bundle, and the books come with the ability to take some questions online via Safari Online, which offers a closer experience to the real test than the physical book.
The Official CISSP CBK Reference (2021)
- Rating: 9/10
- Cost: $50 (used on eBay)
- If you appreciate a domain-centric approach, this could be useful.
- The main benefit of the CBK (to me, anyway) is that it organizes information by domain rather than by topic, where each topic may be referenced by multiple domains.
- Rating: 10/10
- Cost: $20/month, $52/3 months
- If interactive learning suits you, this app is highly recommended.
- The sheer breadth of questions in this app made it the most enjoyable way to be exposed to a lot of the content that could be on the exam. The questions here are both technical and managerial in nature. Studying the questions I got wrong significantly helped me achieve my goal of better interfacing with my security-specialized peers in the future.
Destination Certification Flashcards & Questions App
- Rating: 10/10
- Cost: $0
- I completed about 400 questions in this app. The questions here were by far the closest to the exam I experienced and were essential for my last week of training to get into the mindset of the context and language used on my exam.
Cryptography Decoded Mini MasterClass by Destination Certification
- Rating: 8/10
- Cost: $0
- This mini masterclass was fun and had great visuals on cryptography. I already had experience in this topic, but I would highly recommend taking this if you don’t or if you want to see what a Destination Certification course might be like.
Luke Ahmed’s Think Like a Manager
- Rating: 4/10
- Cost: $25
- This resource did not align with how I see security as an enabler in an organization. The examples seemed dated and unrelated to the more cloud-focused content of the 2024 exam. However, this book is very highly rated on the CISSP subreddit, so it may still be helpful to you, especially if you prefer a managerial perspective.
YouTube Resources
50 CISSP Practice Questions. Master the CISSP Mindset
- Rating: 10/10
- The reasoning Andrew describes in solving the wide set of sample questions is excellent. If you haven’t seen exam-like questions before, this is the sort of high-level questioning to expect from ISC² exams.
CISSP MindMaps by Destination Certification
- Rating: 10/10
- I followed along and filled out the empty mind maps. I watched these late in the game, about two days before my exam. If I had watched them earlier, I think they could have helped me better conceptualize the domains, which would have been very helpful with my domain-separation study strategy.
CISSP 2024 Exam Changes in DETAIL by Destination Certification
- Rating: 10/10
- This is a great review of the 2024 changes and a great video to watch to get a high-level idea of recent cybersecurity practices and ideas. I ended up watching this video in full twice.
CISSP Review & 2024 Addendum by Inside Cloud and Security’s Pete Zerger
- Rating: 10/10
- The sheer amount of content, consistent delivery, and quality of these free videos are a testament to Pete’s dedication to advancing the practice of cybersecurity.
CISSP Mentor Program - 2024 Playlist by FRSecure
- Rating: 10/10
- The thing I got the most out of this wasn’t even CISSP material—of which there is a ton. This was the most human and motivating experience I had while studying. Especially in the last couple of classes where the instructors encountered questions they hadn’t prepared for, debated the possible answers, got them wrong, and then explained why they were wrong. Their transparency made the learning experience more relatable. The personalities of the instructors remind me of the people I have enjoyed working with in this space, and I was a little bummed when I finally ran out of playlist content.
Exam Day Experience
Preparation Leading Up to the Exam
I made a list of what I thought I didn’t understand yet, worked with it week to week, then abandoned it the morning of the test. If I have any advice here—it’s to ride the motivation if you are feeling it. I think my last week of study was by far my most effective time studying, and I added some cryptography practices to my fun-time backlog to try out in my homelab.
For my last five or so practice exams, I made sure to improve my score by answering in under a minute per question. I was averaging about 30 seconds per question, so I knew that time would not be an issue for me. One of the biggest pre-exam skills was developing the ability to quickly understand the context of the question, fully consider the keywords like “most”, “best”, and focus on the ultimate business goal.
The Exam Experience
The most nerve-wracking part of the exam was actually before I even started. Listening to the instructions from the proctor felt overwhelming, and I found myself zoning out due to nerves. I was told to sit down after finishing my photo and palm scan multiple times before it finally registered.
Once I began the exam, I took a deep breath and reminded myself of all the preparation I’d done. I focused on each question, making sure to read carefully and think like a manager. Time management was crucial. Even though I had practiced answering questions quickly, I didn’t rush. Instead, I used the time to fully consider each question without overthinking.
One thing that surprised me was how the exam tests your understanding of concepts rather than rote memorization. It’s important to consider the broader implications of security decisions.
When I reached the end of the exam, I felt a mix of relief and anticipation. Seeing the “Congratulations” message was one of the most rewarding moments of my professional journey.
Conclusion
Preparing for the CISSP exam is undoubtedly a challenging journey, but with the right approach and resources, it’s absolutely achievable. Here are some key takeaways from my experience:
- Find a Study Method That Works for You: Whether it’s domain-by-domain study, intensive courses, or self-paced learning, choose a strategy that fits your learning style.
- Utilize Multiple Resources: Different materials offer various perspectives. Combining books, apps, and videos can enhance your understanding.
- Practice Critical Thinking: The exam focuses on applying concepts, so practice thinking like a manager and considering the bigger picture.
- Manage Your Time and Stress: Develop time management skills for both studying and during the exam. Take care of your well-being to keep stress levels in check.
- Stay Motivated: There will be ups and downs. Remember your goals and stay persistent.
I hope my experience and the resources I’ve shared will help you on your CISSP journey. Feel free to share your own experiences or ask questions in the comments below.
Remember, persistence and the right resources make all the difference. You’ve got this!