How I passed the CISSP exam
I just received my welcome kit and decided to write this post to share my experience.
Introduction
I’m a cybersecurity professional, specifically working with digital forensics, incident response, and malware analysis. I hold several industry certifications that helped me a lot in the journey to achieve the CISSP, like the CASP+, which is somewhat similar.
Becoming a CISSP was a goal of mine for a while. In addition to being one of the gold-standard certifications in the cybersecurity industry, the knowledge gained from studying for this exam is invaluable. As a wise man once said, “The man who loves walking will walk further than the man who loves the destination.” Getting the CISSP is not about the final title or the prestige; it is about the process of getting it.
Let’s get into the main topics of this post!
Preparation
It took me about two months of study to crack the exam at 100 questions. If you are reading this, I believe you already know that the exam can go up to 150 questions depending on your performance (100 questions is the minimum, which means you did well).
During my preparation, I was studying for another exam, so my time was limited. I decided to study for the CISSP using free and straight-to-the-point resources. I also made notes by hand, which, at least for me, is a great way to retain the content in my head.
Videos
- CISSP Exam Cram Full Course: this is an absolute must! The topics are really well explained and easy to follow. I listened to this almost every day during my preparation.
- CISSP MindMaps: a good summary of the topics in a visual way.
- Why you will pass the CISSP: a good video about the mindset required for the exam.
Practice tests
- LearnZapp: very well-known app. I believe the questions here are quite similar to those on the real exam.
- 50 CISSP Practice Questions: an excellent set of questions with explanations. It’s also a good resource for developing the right mindset for passing the exam.
Experience really helps in this exam. The contents of the aforementioned resources are tested through context-based questions, where you’ll need to choose the best answer. So, don’t waste your time memorizing concepts; focus on understanding the topics presented to you.
Exam day
I arrived at the testing center early, quickly completed all the necessary procedures, and started the test.
The questions were difficult, I have to admit. No practice tests will prepare you 100% for the real thing. I finished it in about an hour and was very happy when I saw the “Congratulations” on the exam transcript.
I have a few tips to help you during the exam:
- Read the questions carefully — twice for most of the questions was enough for me.
- Try to find an answer that encompasses all the others.
- Don’t worry about previous questions, since you cannot go back.
- Time management is important; be prepared for the possibility of having to answer up to 150 questions.
- There are 25 beta questions, so don’t panic if you come across a question for which you have no idea of the answer.
Endorsement process
Once you provisionally pass, the journey is not over yet. You will receive an email with the next steps, which include the endorsement process. Basically, you will need to verify five years of experience in at least two of the five domains covered by the exam.
The endorsement portal will ask you to describe how your experience relates to the topics you chose. You will also need to decide whether (ISC)² will be your endorser, or if you know another CISSP, he can endorse you.
I used my previous experience as a researcher, cybersecurity consultant, and DFIR specialist to achieve four years of the required experience. The remaining year was waived by my CASP+ certificate.
The process took me four weeks to complete. So, I had to wait about a month to receive the digital certificate and the Credly badge, and a few additional weeks for the welcome kit to arrive.
Conclusion
Hard work always pays off! If you really want to pass the exam, book it and start studying. Practice every day and focus on your weak areas.
