I Passed the Certified Information Systems Security Professional (CISSP)!

I can’t believe I passed the CISSP; I’m still in a bit of a shock. I’ve been in IT Auditing for around 8 years now and I still feel like the new guy a lot of times, so maybe that’s why I’m still shocked. Certainly one of the hardest tests I’ve ever taken.

For those who don’t know what the Certified Information Systems Security Professional (CISSP) is, I’d suggest taking a look at ISC2’s official website. In layman’s terms, it’s an exam to prove that you understand the management implications of a wide variety of different technologies and their security configurations. The exam has been on my bucket list for awhile and when the opportunity came to get some training and push for the certification, I jumped on it.

If you’re currently considering the CISSP certification, it can be hard to discern what the best training options are (there’s so many). In my situation, I was fortunate enough to take the official training boot camp offered by TrainingCamp. If you’ve never taken a “boot camp” style training, I think most everyone refers to it as “drinking from the firehose.” My experience here was no different; five days of non-stop information, concepts, and exam-prep guidance. My instructor was top-notch. I’m currently asking if I can reference his name and link to his website that contained a ton of useful study materials and links.

In addition to the boot camp, I also used the official Study App. I opted to pay the $7 a month for full access to the practice exams and I felt it was well worth it. Instead of doom-scrolling social media in the evenings, I’d fire up the app and knock out 25-50 study questions. Lunch break? How about another 50-100 questions? If you’re serious about something, you have to BE serious about it. A colleague of mine had a saying that’s always stuck with me: “When the time to act is here, the time to prepare has passed.” So other than the boot camp materials and the study questions I did every day, the last few days leading up to the exam I took all 8 practice exams. That’s approximately 1000 questions, and for any that I missed, I took note of the domains and concepts I missed and focused my attention on understanding why I missed those questions.

Further, I took the official exam outline and created a checklist in my notes for each domain and mapped those that I missed to that outline. Then, I went back through the digital courseware TrainingCamp provided, did some google searches for additional context and clarity, and hammered those concepts. It’s easy to focus on the things you’re confident with, but it’s more important to focus on the things you haven’t mastered. When you feel like you’ve “hit the wall,” you’re in the best position to learn.

If you can’t afford the official training, ISC2’s website has resources for self-study. Of course there’s also tons of content on YouTube; however, be mindful of what you’re consuming. Stick to concepts you’re struggling with and pay attention to the comments section (again, with a discerning mind). If someone is giving a bunk overview of a topic, someone is likely going to call them out!

And one last takeaway: don’t let your experience get in your way. When I was going through the practice questions and study materials, there were a few times I thought, “Wait, that’s not what I would have done…” Or (from a software engineering perspective), “What the !@#$ are they talking about?! Does the question writer even KNOW what that is?!?” It’s not about being right on every single question or topic; it’s about passing the exam! So don’t let your practical experience cloud the academic response they may be looking for.

If you have any suggested study materials or links that you’re able to share (remember, nothing specific to the exam itself or that would violate any of the ISC2 code of ethics), please do so in the comments below! And if you’re about to take the exam, good luck and godspeed!