Studying for the CISSP

Are you studying for the CISSP?

I passed the exam in 2021. I was asked recently about my experience getting the certification and this is what this post is about.

First, keep in mind that if you want your certification, you will need an endorsement from someone who is already certified. So start thinking about that early so you don't waste time after you passed the exam.

I asked someone in my network who trusted me for an introduction. I met with that new connection and we got to know each other. He verified my experience and made sure that what I was saying was true. Eventually he accepted to endorse me.

I booked my exam date a month ahead. By that point I had been studying for a few months. I heard people recommend you book your exam date before you start studying, giving yourself 3-9 months depending on your level of experience. I agree with them. The point is, it's easy to push it back to later out of fear, and never doing it. So just commit to a date, and get to work.

I read many Reddit posts to get a sense of how people were studying, and what I was up against. Some answers were coming back again and again, so I focused on these resources.

I bought these following books:

  • (ISC)2 CISSP Official Study Guide, Sybex - Each chapter has a quiz at the end. So I started with going through the quizzes. For each question, I would write down my best answer, and draw a little flag if it was just a guess. Then, I'd go through the chapter, and focus on understanding the content related to all the answers I flagged. This allowed me to put more attention on topics that I was less familiar with.
  • The Official (ISC)2 CISSP CBK Reference - I think I barely opened it. But it was great to have when one of the topics in the official study guide were not covered in enough details.
  • (ISC)2 CISSP CISSP Official Practice Tests - I went through all the practice test questions in this one the same way I did with the official study guide.
  • 11th Hour CISSP - It helped me get a sense of what was the most important to know for the exam. I bought this one towards the end.

I also used two apps to help me go through a volume of practice questions:

  • I did a few of the practice exams in the Boson ExSim-Max app. The questions had a different style than the Sybex books, which helped me get a different perspective on each topic.
  • The best bang for my buck was the IT & Security Pocket Prep mobile app. It did between 10 and 30 questions a day, again, flagging the questions I was just guessing. By the end I was scoring 90% and over most of the time.

The last resource I would recommend is Kelly Handerhan's 16 minute video titled "Why you WILL pass the CISSP". I watched it a few times before taking the exam. It's an excellent recap of the mindset you are expected to adopt.

The exam was challenging, but I got excellent results.

So the TLDR: Book your exam early. Do a few practice questions, flag questions for which you wouldn't be able to give an explanation for your answer, study the topics behind the questions you flag. Repeat.

PS: Remember to study the ISC2 Code of Ethics

I hope this helps!