How I Conquered the CISSP Beast in First Attempt?
The Beginning
A year ago I decided to pursue Certified Information Systems Security Professional certification, a gold standard in Information Security! My background in Cloud Identity and strong interest in cryptography sowed a seed of interest in the field of Cyber Security inside me. I spoke about my interests with my manager and mentors at work, who introduced me to this certification and how it can help me grow in my career. My interest in this field was noticed by the management and they nominated me for a CISSP bootcamp back in June, 2018
However, at that point in time, my priorities were different, I was going to get married in next 25 days, fulfilling integral life events like these overshadowed my CISSP certification goal. As much as I wanted to focus on my preparation for CISSP, in between post marriage celebrations, changing homes and settling down, my aim of clearing CISSP in the first attempt lost focus.
The good news is I never gave up completely on CISSP. Though on and off, I always had CISSP on my mind.
The Journey
After settling down for a while, I started talking to more people about their journey, the challenges they faced and how they overcame those challenges. A couple of people recommended me to read 'All in One' by Shon Harris and I ordered a hard copy of it soon.
While I enjoyed reading the book, I realised that I am a terribly slow reader. My average speed was about 10-15 pages per day and almost each chapter had about over 200 pages. With this speed and a few distractions here and there, I was able to finish one chapter in about a month. When I attempted questions at the end of each chapter, I was disappointed to score on an average of 30%.
Meanwhile, I joined the CISSP learning Circle within my team's CISSP aspirants where we used to prepare each domain and present it biweekly. I nominated myself to present a few topics out of each domain which motivated me to read the chapters as per the deadline and having a discussion with my co-workers helped me in strengthening my understanding on those topics.
I still continued reading the book until the 5th domain, Identity and Access Management after which I gave up on the book.
I heard from a few people that this certification demands commitment and sacrifices. You may have to sacrifice your sleep, entertainment and at times your personal life as well. But, I didn't let the certification affect my personal life. I celebrated each personal event with great joy, had several planned vacations and festivals. Every weekend, my and my husband grabbed a bucket full of popcorn and sat on our comfy recliners to watch our favorite movies or webseries on Netflix. A rush of guilt did run inside me that I am probably not doing justice to this certification by not giving enough time that it demands.
Over a period of time, I realised that if reading is not helping me, I should try other ways of learning. "Each individual is unique and has their own way of learning things, some people learn best by reading, some like audio or visual training and others like even more interactive classroom based training, as long as you learn, there's nothing stopping you from exploring different mediums of learning"
I also understood that considering my personal and professional commitments and given the fact, I take plenty of time to read, I should first self-introspect how I learn better and which modes of learning I enjoy the most.
We have 5 senses and when we listen, speak and watch at the same time, we tend to interact and comprehend things faster.
I decided to sign up for a virtual online learning course via Simplilearn for CISSP in May 2019. Every weekend, my classes started around 9amIST until 2pmIST after which I spent rest of the day practising questions from CCCURE . I had purchased CCCURE Subscription 3 months ago but hardly logged on to it 3-4 times. Maybe, the reason being every time I attempted a few questions, I scored bad and that led to dissatisfaction and anxiety. As a result, I avoided it. But, now, it was the time to face my fears. My trainer Ajit Pal Singh was friendly and honest champ who eagerly wanted to see his students succeed. Being an extrovert, I frequently interacted with the whole class and asked a lot of questions. He often quoted examples from popular cyber security based movies and occasionally cracked jokes. I was a late riser especially during the weekends, but my willingness to succeed helped me stay disciplined and I made sure I join each and every class on time.
If my understanding of CISSP before this training was 20%, after the training, I could say It boomed up to 70%. While all this was going on, I got another exciting opportunity for a different team/role at Microsoft. I knew that in 2 months, my team is going to change, I will have a whole bunch of new commitments, new goals and aspirations but I did not want to leave what I started.If I ask myself, why did I still went ahead and registered for the CISSP exam when I wasn't even sure about it's relevance in my new role?
I did it for nobody else but myself!
Yes, I had finally registered for the exam, and I had another month to go. A plethora of emotions rushed inside me including fear of failure and anxiety.
While I was practising questions from CCCURE practice test engine and Boson , I was scoring around 69%. I questioned myself, what if the same happens to me during the exam?
I searched around for posts about people's experiences in the past and read that a few people were scoring around 80-90% in practice tests but still failed to clear the exam in their first attempt. I realised what matters is how much do you learn from these practice tests and not the actual scores. I made sure I read the explanation of all the wrong answers followed by the right ones.
As the days got closer, the level of anxiety increased and almost lost my sleep. I connected with a lot of people who have cleared CISSP within and outside Microsoft and I spoke to them about their journey.
I asked them one question, "How to increase my score from 69 to 85% in practice tests 15 days before the exam?"
Honestly, everyone had a different answer! Now, if you ask me, How do we reach a number 4 in Mathematics?
2+2=4
2x2=4
3+1 = 4
5-1 = 4
In short, there is no fixed formula!
Some people advised, that I simply cannot skip reading the official ISC2 guide, others recommended to re-schedule the exam. But there were few people who advised me to just Believe in Myself!
Remember in school, we studied only a month before the exam and still managed to get good scores? As human beings, we perform better under pressure and deadlines. If we believe we can, anything is possible. My biggest take away was to schedule the exam which automatically put me on the CISSP journey.
Going back to history of India, I learnt a very important lesson from the British on how we can "Divide and Conquer" things !
I divided my time and sliced my tasks into smaller sub tasks, I ensured I followed my timetable consistently and diligently over the next couple of days.
Here's how my week day looked like:
- Early Morning: Watch one Kelly's video
- Morning-Evening: Wrap up Office work
- Late evening: Quick nap
- Night: Practice questions. (Around 100)
My weekend looked like this:
- Morning 9am-12:30pm: Focus on concepts , multiple resources
- Lunch
- Quick Nap
- Evening- Night: Practice questions (Approx 200-300)
Learning Resources
Most common recommendations that I had received were Kelly Handerhan's Cybrary course and her short You Tube video about "Why will you pass the CISSP" Other few interesting recommendations were "11th Hour Book by Eric Conrad" Just 2 days before the exam and IT Dojo's You tube videos. I smartly spent my time, partially on understanding the concepts through these sources listed above and partially on practising questions. I must say I personally found Kelly's course and her style of teaching simply brilliant! If I ever meet her, I would love to hug her and say "Thank You". The 11th Hour has just enough for you to understand some crucial core CISSP concepts. I could not finish all the IT Dojo's videos but the few I saw were fun to watch and helped in getting into the right CISSP mindset.
Talking about the prep. sources, Luke Ahmed's Facebook group and membership portal is another interesting avenue where you can interact with other CISSP aspirants all over the world, help each other and get some plenty of resources to learn from. Prabh Nair's Telegram group is another similar platform where you can interact and learn. I personally used both these platforms in both ways, helping others learn and learning from others.
I followed CISSP posts on LinkedIn and fiddled around Sari Greene's CISSP crash course on Safari Online. This crash course was exactly what I needed a week before my exam to refresh my core concepts and fill gaps. The course was intense, crisp, concise, to the point and helpful no matter what stage of CISSP prep you are in. The tips she shared about the exam pattern, particularly "Double Negative" , Hotspot and "Hierarchical questions" Was spot on!!
I used YouTube or Google to research on the concepts I struggled the most with, for example; RAID Levels. This is one topic in which I struggled the most so I found a quick 5 minute video on Youtube that clarified my concept.
I struggled with sequences so I started forming phrases , for example EAL levels (PSMDSSF), I created a phrase in my local language so I memorise it.
Another advise I want to give to CISSP aspirants is , Don't burn out yourself.
Take Short breaks, find a hobby and take some time off doing something you enjoy.
?How I Motivated Myself?
I believe in the power of Music, I listened to my favorite Bollywood motivational songs while I was tired to keep me motivated. I often spoke to my husband and my family members about the anxiety I went through and they helped me stay calm and focused.
CISSP Mindset
Talking about the CISSP mindset, you might have heard from a lot of people that CISSP is a managerial exam , I would say that for this exam you have to look at the bigger picture and put yourself in the shoes of the CISO and understand what would be the best decision in this scenario? Let me give an example here: If there's a fire in the building, what is the first step you will take? Would you save the assets or crucial data? No, you will save human life first!
For CISSP, being prepared enough won't help alone, you got to give your best while attempting the exam!
Read and comprehend the questions carefully, read all the options, use process of elimination to rule out the obvious and finally understand why one is a better answer than the other. No matter how prepared you're , never ever be over confident as that could get you doomed.
The Journey Continued...
I attended a couple of sessions from Simplilearn again to register the concepts in my memory. Saaz Rai was equally fabulous in terms of training delivery and explanation of concepts, but I had time to attend only 5 sessions out of 10.
Finally, 1 day was left for the exam and I spent the last day with my family. I left everything else and believed in myself. I spoke to Kaushlendr Pratap another CISSP master, who initially delivered the boot camp back in 2018 and he filled me up with motivation. Similarly Saaz said that he is eager to see my result and believed that it is going to be positive. I slept on time so I get at a minimum 8 hours of sound sleep before the exam.
My husband didn't leave my side through all this, he gave me the courage and strength to keep going! I thought of re-scheduling the exam but it was him and my parents who advised me that I will always feel that I am not prepared enough and I only need to conquer my fear and go for it!
The D DAY
I woke up around 5 am on the day of exam, had some fresh juice & fruits and reached the examination centre 30 minutes prior to the exam. The exam environment was pretty strict, you're not allowed to take any thing inside the exam centre including water. Any personal items or food had to be kept in the locker. You are under strict surveillance and need to raise your hand in case you need to go to the restroom or drink water. I believe they truly justified the safe environment for the exam.
The exam had started, and finally I took an oath by signing the code of ethics. As I had predicted, the exam was no where close to any of the practice tests I had attempted before. However, the questions were extremely logical and conceptual. I put on noise cancellation headphones during the exam, and used my presence of mind to understand the actual question. As I stated above, I read each question carefully , read all the options, put myself in the shoes of the CISO, used the process of elimination and self introspected why one answer is better than the other!
Somewhere I felt , I am going to fail as I was not completely sure about my judgement, after 45 minutes, I had completed almost 50 questions and decided to take a 5 minutes break ! I guess I really needed a breather, I had some water, took a deep breath, which released some tension built inside me, and finally continued the exam. The exam stopped at 113 questions in 2 hours, I went out to take my result, I was shivering with fear and took a moment before looking at the result paper. I cried loud with joy!
Yes, I had finally accomplished my CISSP dream, all the sleepless nights and the hard work had finally paid off.
My family, friends and co-workers were rejoiced at my success. As Sari had suggested during her crash course, I went to watch my favorite movie with my husband that day and had a nice Pizza treat.
The Endorsement Process
The last phase was the endorsement process. I believe all of us are waiting for something in life, for me it was the CISSP endorsement. My endorser did not receive the endorsement notification and I followed up with ISC2 when they informed me that I had accidentally check marked 'Request ISC2 to endorse you' . luckily, I had attached all my previous experience letters and mentioned my experience relevant to CISSP in detail. The wait continued for about 2 months and I was delighted to finally join the elite club of CISSP holders.
Final Words
1 year back, I had written on a piece of paper, "I WILL CLEAR CISSP" and I did. I believed in myself and I got it, will you?
Cyber Security Manager | Cloud Security | SASE | Ex-Wipro
3 年Inspiring. Congratulations.
IT GRC Director | CISSP | ITIL Master | PMP | CISM | CRISC |ISO 27001 & 22301 LI | TOGAF | COBIT at Confidential
4 年Thank you very much indeed . May you please share with me the link of " Prabh Nair's Telegram group"
Customer Success | Technical Leader | AI & Security ?
4 年Thanks Amita for this great article and sharing your learnings. I passed CISSP last week and your article definitely helped!
Sr. Azure ACE (Advanced Cloud Engineering) at Microsoft
4 年Great work Amita