Skip to content

Tips & recommendations for passing the CISSP exam

  • by

In April 2024 I finally managed to achieve the professional development goal that I set for myself after leaving the government job of over 12 years in law enforcement – to get ISC2 CISSP certified. That was in 2019, so nearly 5 years later (the main obstacle being procrastination) the achievement was unlocked.

This is the main reason why no new content was published on the blog in March – the CISSP preparation was a priority and the last leg of the study journey had to be as free as possible from distractions.

So to give something back to the wider infosec community, here are some subjective tips and recommendations on what worked and what didn’t.

PLANNING

  • Started gathering study materials during the summer 2023 and dabbled in some video content. Read approximately 100 pages of various book content and study notes, also did some test questions from the first two CISSP domains.
  • Unfortunately, procrastination took over again and the study effort was completely abandoned.
  • Just before the end of year 2023 I booked the exam (let’s call it the New Year resolution drive).
  • Focused study started in January 2024. The idea was to make progress with the content nearly every day.
  • To stick to the plan better, I undertook to cover 20 – 30 pages of written content every 2 days or so, topped off with some practice questions.
  • The objective was to divide up the CISSP curriculum that otherwise looks massively intimidating and to make steady progress on smaller portions of the material.
  • As the exam date (6th April 2024) drew closer, the idea was to shift towards practice tests and to identify any weak areas that needed more work.
  • About a month before the CISSP exam, I knocked out the Certified in Cybersecurity (CC) one. Its curriculum is a very, very simplistic version of what CISSP is about, but sitting this exam can be useful if you have never taken a CAT exam before.

STUDY RESOURCES

Note that this is a subjective and non-exhaustive list of the resources I used and that it includes my own subjective evaluation of them. When it comes to study resources, results and opinions will vary because different people can have varying knowledge gaps and strengths & weaknesses based on their own experience with the subject matter.

So, here are the materials I found the most useful:

  • ISC2 CISSP Official Study Guide (AKA the OSG) – for me this was an absolutely indispensable book. Even if you don’t read it all cover to cover, you should use it for reference. I found it particularly useful when it came to deconflicting some confusing questions. I treated the OSG as the ultimate source of truth.
  • ISC2 CISSP Practice Tests (book & Learnzapp) – came very useful in both formats; I used the test book to read up on selected topics and the Learnzapp mobile app content to practice casually even 5 or 10 questions at the time.
  • Rob Witcher’s Destination CISSP: A Concise Guide – a very solid, condensed and more reader friendly version of the OSG. I would probably not go as far as replacing the OSG with this book, but I heard from people who did that and passed the exam successfully. Either way, a really solid resource.
  • Andrew Ramdayal’s Youtube video50 CISSP Practice Questions. Master the CISSP Mindset. A must-watch, one of the best Youtube videos I saw on the topic. If you have the time, check out other CISSP related videos on his channel.
  • Kelly Handerhan’s CISSP Cybrary course – the best video content by far that I managed to find on any educational platform. Engaging and memorable analogies and explanations. Another must-watch.
  • Udemy practice tests – the Hard CISSP Practice Questions – Domain Wise (400 Questions) and Gwen Bettwy’s CISSP Mock Exams: Master All 8 Domains. To be fair, the latter of those contained the hardest and the most convoluted questions I encountered during the prep. Some of them I felt were even harder than the actual exam questions on the day.

THE EXAM

  • Arrive early and tackle the necessary paperwork, induction and biometrics. Depending on your exam centre and time of day, it can be busy.
  • I sat the 4h, 175 questions version of the test. This has now changed to 3h and 150 questions. This means you should aim to spend just over 1 minute on each question on average. Pacing yourself is important, read up about the CAT exam rules in one of the links above, as you cannot go back to questions already answered and change your choices.
  • If you answer incorrectly a question from a particular domain, expect to see more questions from that very domain. The exam will adapt to your weak areas and knowledge gaps and will exploit them mercilessly.
  • Do not expect that the exam will finish early based on your strong performance. Do not quietly hope that this might be the case. I went the distance with the whole set of 175 questions, I was not thinking or hoping to excel and finish early. It’s nice if that happens, but this is an added bonus, so just stick to the plan. A pass is a pass.
  • You might see many weird, obscure and even seemingly off-topic questions in the test (as in not exactly part of the OSG curriculum). Don’t dwell on those, they are likely the dummy questions that do not affect the final score.
  • The exam is very much passable, with the right CISSP mindset, enough practice, preparation and execution. You got this!

PS: Make sure to join r/cissp on Reddit, there is some quality advice and experience sharing happening there every week!

Leave a Reply

Your email address will not be published. Required fields are marked *