How I Passed the (ISC)2 CISSP Exam
I just passed the CISSP exam! I'm super excited and wanted to share the resources I used.
For context, I was first introduced to information security 8 years ago (2015) when I went through (US Army) Advanced Individual Training (AIT) for 25B Information Technology Specialist. The roles I had in between AIT and my deployment in 2018-2019 were mainly entry level. Since returning, my roles have primarily focused on information security and cybersecurity.
I finished my Associates degree in Cybersecurity & Information Assurance (CSIA) at a local community college in 2020, and my Bachelors degree from Western Governor's University in CSIA in 2023. I'm currently enrolled in the Masters program at WGU.
I'm the most likely target audience for CISSP: I have 5+ years of information security experience and I've reached a senior level.
Study Materials
I used a combination of first-party (ISC)2 resources and third-party materials:
- Employer Sponsored Live (ISC)2 Training - This was an intensive 40 hour cramming session/death by powerpoint. Thankfully I had a fantastic instructor who kept me engaged. I took physical notes to help me remember.
- (ISC)2 Online Course - The online course was included with the live training and included quizzes for each of the topics and a practice test. I went through each of these twice.
- Official (ISC)2 CISSP Textbook - This was also included from the training package. I used this to go back and read further about topics I wasn't performing well in. It was recommended to read it cover to cover over a few weeks, but it is dry.
- Practice Tests by Thor Pedersen on Udemy - I did (4) 125 easy/mid questions practice tests and (1) 125 hard question practice test. For each of them, I took it and reviewed my incorrect answers. The explanations of correct and incorrect answers is super helpful to me.
Unfortunately, these all cost money: the first option is the most expensive and the last option is the least expensive. Thankfully, my employer sponsored the training and most of the materials were included. Many Udemy courses are also available to me as a student at WGU.
(ISC)2 Test Taking Tips
This is now my second (ISC)2 exam, and they are much more challenging than CompTIA exams in my opinion. I can't discuss exam content, but I can share some recommendations for taking the test I've learned from others.
Tip #1: Chose the most correct answer
This may sound obvious, but they're looking for critical thinking skills and comprehension of the question rather than memorization. For example, given a scenario and particular constraints, how should this scenario be handled?
Two things my course instructor said:
- "Many questions are not clinically accurate, but more puzzles to be solved."
- "If none of the answers look good, choose the least worst answer."
Process of elimination is your best friend in this exam.
Tip #2: Pay special attention to key words
Thor Pedersen includes in each of his Udemy practice exams, "Spot the keywords (non-repudiation, public key) and the indicators (Not, Most, First)."
There can be several keywords that completely change the perspective of how you answer the question.
Tip #3: Limit to 1 minute per question
When taking the exam, try to keep a pace of 1 minute per question. When I sat for the exam, I found this challenging. CISSP uses Computerized Adaptive Testing. You essentially have a minimum of 125 questions. If you haven't passed by 125 questions, you keep going until you hit 175 questions. With 240 minutes, you have about 1m 20s per question if you go up to the max 175 questions.
Summary
This is a challenging exam that covers a wide range of topics. It's not possible to remember everything, but your critical thinking skills will be pushed with some of these questions. Be prepared, set your expectations, and accomplish the goals you set out!
Thank you for reading, subscribe for more content like this!