How I Passed CISSP Exam: Everything You Need to Know!

Introduction

In this article, I will share with you how I passed CISSP (Certified Information Systems Security Professional) exam and certification. Besides, I will explain which study materials will help you prepare better and overcome one of the toughest exams in cybersecurity. And International Information Systems Security Certification Consortium (ISC) 2 maintains and offers the CISSP certification program.

CISSP is global and gold standard certificate in the industry. Despite of its difficulty, cybersecurity professionals acquire it to advance their carriers. In addition, I will also share with you the strategy I employed to pass the exam.

I will discuss important tips and mindset issues to have before and during the exam. Furthermore, I will forward some recommendations and insights on what to do after passing the exam as well. Beware however that there is no one-size-fits-all strategy when it comes to preparing for exams likewise CISSP. Besides, I recommend aspirants to explore more preparation techniques, resources and study strategies before settling with one or more approaches that suites them.

First things first, you have to create an account and review all exam guidelines from (ISC) 2just from the onset. Furthermore, you will find amazing resources there to start with your certification journey. In fact, this platform should be your primary source of information for everything you need on CISSP.

My Background

I have been working in cybersecurity for more than a decade now. And I aspire to grow career-wise, contribute to the field and help others who are interested to pursue cybersecurity as their career.

I believe certification is the best way to showcase and tell the world that you are fit-for-purpose. And I passed both CISSP and CISM exams within one year period and still aiming for more certificates in the field.

In this particular episode, I will share with you my practical experience and journey particularly in passing CISSP exam. And thereby help you do the same. This is my electronic CISSP badge for your verification. Additionally, if you are interested to find out how I cracked CISM as well, I recommend you to visit “How I Passed CISM Exam” page.

Why CISSP and other Certificates?

For professionals and aspirants alike, it is perfect time to acquire any certification in information security and cybersecurity fields. Further, according to cyberseek and Gartner, the demand for cybersecurity professionals is in deficit in the market. That means, currently there are more open job opportunities in the market than certified professionals and managers in information and cyber security. Unlike other industries and professions, this is uniquely huge opportunity to seize, grow career-wise and contribute to the field.

Practicing cybersecurity professionals and practitioners should commit and work really hard to earn one or more certificates in the domain in order to remain competitive in the realm of cyberspace. And I believe that CISSP is one of the top choices to pick from the basket of certifications. Afterwards, you will have guaranteed job opportunity. To those of you who are interested to join cybersecurity and perhaps transition or change career path, without due procrastination, now is the perfect time for you to do so.

Bird’s Eye View of Cybersecurity Certifications

Before diving deep into the main point of discussion, let’s take a high level overview of some of the most sought-after and reputable certifications in the industry. In fact, security professionals and candidates nowadays have plenty of certification and training programs to choose from. These security certificates are provided either by specific vendors or neutral non-profitable organizations.

As a reminder, It is wise decision to firstly look for vendor-agnostic certifications to have deep and unbiased understanding of information security. However, prospective employers may require you to have detailed technical skill sets and knowledge on specific security products and services to assume some positions.

In this section, let’s briefly discuss some of the most common and foundational vendor-neutral certifications in the industry. In other words, these certificates are equally important and required by government and private sector prospective employers.

Certified Information Systems Security Professional (CISSP)

CISSP by (ISC) 2 is by far the most reputable and prestigious certificate in the industry. And CISSP is for individuals working in the leadership and operation functions. Further, it is for people who are responsible to design, engineer, and manage the overall security posture of an organization. Besides, it covers almost every concept, technique, framework and architectures of information security. Moreover, professionals who grasp and digest the contents in CISSP exam will be in a rock-solid position to manage other certification programs.

In my opinion, experienced professionals should take CISSP first before attempting any other certification. Unless otherwise, they are looking for a more practical and hands-on certificates.?Because, you will find almost all fundamental aspects of information security in this certification. But the other way around does not often hold true. Additionally, professionals who lack commendable experience in cybersecurity should not initially settle for CISSP exam. Because, firstly it is required by (ISC) 2 to have at least five years of work experience. Secondly, it is going to be too much for you to garner and grasp all the concepts covered.?

After managing to pass CISSP and positioning oneself in good standing, it does not matter which order professionals pledge to take their consecutive certification and training programs. That means, after earning CISSP certificate, cybersecurity professionals will be facing less bumpy road ahead. And they will be able to specialize with less effort and time. Thus, they will be confident, in good shape and composure to tackle any other certifications.

Certified Cloud Security Professional (CCSP)

CCSP (Certified Cloud Security Professionals) is collaboratively maintained by (ISC) 2 and CSA. Moreover, is one of the best and emerging certification for personnel working to secure the clouds and related fields. Plus, this certification program is the de-facto standard of cloud security. And it addresses almost all aspects of cloud computing security concerns.

It is designed for experienced professionals. And candidates should have at least five years of work experience to earn this credential. However, candidates with CISSP in good standing will have a waiver for the entire CCSP experience requirements.

Systems Security Certified Practitioners (SSCP)

SSCP offered and maintained by (ISC) 2 is the mini-CISSP certification content-wise. However, it is more hands-on and technical than CISSP certificate. Additionally, SSCP is ideal for professionals and aspirants who want to comprehensively understand information security and its technical hands-on perspectives. Further, the content of this certificate is highly detailed, technical and comprehensive. And less experienced professionals who want to have solid foundation in information systems security can acquire SSCP.?

Certified Information Security Manager (CISM)

CISM certification by ISACA is the most sight-after and credible certification for information security managers. As the name implies, this certificate is ideal for individuals who are bestowed to develop and manage information security strategies and programs of enterprises. Moreover, it is a certificate for people who manage, design, oversee, and assess an enterprise’s information security functions.?

The certificate empowers and emboldens information security managers to portray security as strategic and business issue rather than operational and tactical one.?Further, it emphasizes the importance and commitment of board of directors and senior management to the successful implementation of information security programs.

Most embarrassing and humiliating security incidents occur due to lack of governance at the top. Thus, CISM certificate enables information security managers to develop persuasive business cases. Moreover, it will help aspirants to educate people at the top about the importance of alignment of information security programs to their business strategies.

Certified Information Systems Auditor (CISA)

CISA by ISACA is the de-facto standard for information systems auditors. Additionally, this certification is for professionals with high work experience. And it is for people who have direct work experience in information systems auditing, cybersecurity and related domains.

It is a certificate for information technology or information systems auditors, security control and assurance people, and information security professionals. Moreover, this is one of the most reputable and sought-after certificate in the industry. CISA is therefore a must have certificate for information security professionals. And aspirants who want to specialize in auditing enterprise information systems and information technology should earn CISA.

Certified in Risk and Information Systems Control (CRISC)

CRISC is another fascinating certificate by ISACA.?And it is a certificate for professionals experienced in the management of information technology risks and the design, implementation, monitoring and maintenance of information systems.

Professionals who aspire to be certified in CRISC should have minimum of three years of direct work experience in information technology risk management and information systems controls. More specifically, this is ideal certificate for individuals who work in risk management and governance positions.

GIAC Certified Forensic Analyst (GCFA)

GCFA (GIAC Certified Forensic Analyst) by GIAC is one of the best certificates for security professionals. And it is for people who are interested to advance their career on digital forensics investigation and incident management. Maintaining chain of custody and preserving integrity of evidence are cornerstones for evidence to be admissible in cart-of-law. As result, highly skilled forensics professionals are in critical demand to bridge the gap between cybersecurity and law enforcement endeavors.

Forensic analysts should further cooperate with system administrators and law enforcement authorities. This will help to deliver better result. Moreover, GCFA certifies candidates’ knowledge, skills, and ability to conduct incident handling and investigation tasks. The certificate focuses on skills required to collect and analyze computer data.

GIAC Certified Incident Handler (GCIH)

GCIH by GIAC is another reputable certificate required by incident handlers in organizations. And it validates security practitioner’s ability to detect, respond and resolve computer security incidents. Besides, GCIH certified professionals should work on incident handling procedures and computer crime investigations. Furthermore, candidates should have advanced knowledge and practical hands-on skills on hacking tools . And they should be able to exploit attacks and resolve incidents.

GIAC Network Forensic Analyst (GNFA)

GNFA by GIAC is one of the sought-after certificates for professionals who want to specialize in investigation of network systems forensics. These candidates should have solid understanding of network architectures and protocols. In addition they should have Knowledge and skills on incident log management, protocol reverse engineering, and attack visualization and analysis tools.

Certified Ethical Hacker (CEH)

CEH by EC-Council is one of the most common and sought-after certificate to work on penetration testing and related areas. This certificate is provided in two flavors. One is more conceptual multiple choice questions. And the other version is hands-on practical exam. Moreover, it covers ethically hacking into systems, web applications, mobile platforms, cloud computing, cryptography and so forth domains.

E-Council Incident Handler(ECIH)

ECIH by EC-Council is for professionals who wants to pursuing incident handling and response as their career path. And it is a program that employs holistic approach to incident handling. It concerns with incident handling starting from preparation of?procedures up until recovering assets.

Security+

Security+ is offered by CompTIA.?And it is one of the popular entry-level security certifications. Moreover, candidates will have a glimpse of cybersecurity in this basic certification. To the beginners, I highly recommend you to start earning this certificate before advancing to other certification options.

Cybersecurity Analyst (CySA+)

CySA+ by CompTIA verifies candidates’ knowledge and skillset required to leverage threat intelligence and detection techniques. It further verifies candidates’ ability to analyze and interpret data, identify and address organizational vulnerabilities. In addition, candidates should recommend preventative measures. And at times, they should effectively respond to and recover from incidents in an organization. Besides, it is one of the best certifications for intermediate cybersecurity analysts.

Project Management Professional (PMP)

PMP by PMI is one of the best and must have certificates by cybersecurity professionals and information security mangers.?Even though this certification is not in cybersecurity category, it is highly recommended to have it for better management of security projects and programs.

Understanding project management methodologies and standards will serves as a bridging platform between security professionals and business owners.

Overview of the 8 Domains of CISSP

The CISSP exam covers eight large domains. Brief explanation of each domain and weight in the final score is provided as follows: However, these parameters are subjected to change periodically. Candidates must score a passing mark in all eight domains to earn the credential.

1. Security and Risk Management [15%]: This domain covers broad security functions and strategies employed to reduce and keep risk to an acceptable level. This domain resonates around figuring out the relationships among risks, threats, assets and vulnerabilities an organization may face. Security controls employed to minimize those risks are discussed comprehensively. Moreover, measurements to evaluate effectiveness of the security controls is further described in detail. Many American and international standards, models and frameworks are incorporated and explained in this domain. I advise candidates to comprehend all American, European and international frameworks and standards for the exam. Risks associated with supply chain managements and third parties are elaborated. The maturity of an organization is mostly anchored on the level of education, training and awareness programs provided to its employees. This is because most risks, threats and vulnerabilities emanate from weaknesses of human factors. This domain hence covers and emphasizes on the importance of personnel capacity development programs for organizations.
2. Asset Security [10%]: This domain concentrates on identifying, inventorying and protecting tangible and intangible assets of an organization. Organizational assets include information stores, hardware, software, database, reputation, and network systems. This domain mainly begins by classifying organizational information and assets. Further, classification is mainly done through assessing criticality and sensitivity of assets. Data classification and declassification should at the end align with business requirements of the organization. Secure provisioning and de-provisioning of resources to/from concerned bodies is at the heart of asset security. Besides, organizations are required to establish data retention policies to properly manage and maintain their assets. Data security controls and standards are extensively covered in this domain.
3. Security Architecture and Engineering [13%]: This domain is combination of two broad subdomains namely security architecture and security engineering. The security architecture part is concerned with design and integration of components, processes, services, and controls appropriate to reduce information security risks to an acceptable level. Whereas the security engineering module is concerned with the actual implementation of those designs and architectures. Both are based on appropriate risk management programs. This domain focuses on applying secure design principles in all phases of engineering processes. Old and recent security models are addressed in this domain. Cryptographic modules and different computing paradigms are comprehensively covered.
4. Communication and Network Security [13%]: This domain comprehensively covers computer networking and as it relates to information security. Network topologies, secure network architectures, firewalls, network devices and protocols are included in this domain. Secure communication channels, LAN/WAN, TCP/IP and OSI reference models are given due consideration and explanation in this domain. Candidates are expected to have solid fundamental knowledge on communication and computer networking as it relates to on premise datacenters and cloud networks. It is one of the most prominent and technical domains that candidates should diligently explore in detail.
5. Identity and Access Management [13%]: It is one of the building blocks of information security. Access to resources and services is orchestrated with proper identification and validation of entities. ?Entities in this regard can be people, services, and devices. This domain is primarily based on four fundamental modules namely identification, authentication, authorization and accountability, aka IAAA. Controlling access to physical and logical assets is the main theme of this domain. Access controls are the nucleoli of this domain.
6. Security Assessment and Testing [12%]: This domain focuses on designing and validating assessments, various tests and auditing strategies. The candidate is expected to design and develop security controls testing programs to evaluate the effectiveness of the same. Conducting security audits for information systems will uncover weakness in security controls. Candidates are expected to have good understanding on code review, vulnerability management and penetration testing procedures.
7. Security Operations [13%]: This domain focuses on maintaining various aspects of security controls of an organization. Emphasis is given to maintain security across people, processes and technologies. Organizations are expected to periodically assess their levels of risks and should propose mitigation strategies through security controls or perhaps business process reengineering. Conducting patch management, logging, change management and incident management activities falls under this domain.
8. Software Development Security [11%]: Information security programs should incorporate security functions for software development endeavors. Candidates are required to understand the integration of security in software development life cycle (SDLC) phases. Software development methodologies, coding standards, and maturity assurance models are given in depth explanation and consideration.

My Study Resources

Firstly, I personally recommend you to critically read the official documents from (ISC) 2. This strategy will serve to understand the nature, depth and unique characteristics of the domains covered by the exam. By mainly relying on the officials CBK and study guides, candidates will be able to identify the scope and boundaries of their preparation.

I believe this opinion stands true with all certification endeavors from all vendors. This will serve as a blueprint for you to capitalize on the topics covered in the certification and look for further references if needed. You only understand the true color, format and context of the actual exam questions from the official resources.

These official materials will be your compass to genuinely navigate through the resources required to pass the exam. This strategy will help you to be more specific for the exam. And it protects you from information overload and fatigue.

I have listed below the resources I used in chronological order and iterative fashion to pass the CISSP exam.

The Official (ISC)2 CISSP CBK Reference

Objectively and iteratively reading this book is ideal to pass the exam. And this will give you real image about the exam and the domains you must know in detail. Furthermore, every candidate should rely on this publication for firsthand information, guidance and understanding.

It is the blue print of the exam. And candidates are at least recommended to comprehend each concept covered in this book.

CISSP Official Study Guide

This official study guide is your best companion throughout the whole preparation period. And it expands the official CISSP CBK reference book and makes sense of everything covered in the exam. In addition, this book is invaluable to pass the exam and candidates should read it cover to cover. Furthermore, it should be read at least twice just after managing to finish the CBK.

CISSP Official Practice Tests

This official practice test will help the candidate to understand characteristics of (ISC) 2 questions and expectation to pass CISSP exam. And the candidate must understand the nature and standards of questions from the provider’s point of view.

I highly recommend you to practice the questions in this book to have a glimpse of understanding about the questions.

The candidate must definitely know that no question in any book is similar to the actual exam questions. And it is therefore imperative to build strong mindset to approach the questions through continuous practice.

Candidates should spend half of their preparation time on practice tests to develop a proper mindset to answer questions objectively. And attempting to answer questions of the actual exam by memorizing snippet of questions from reference resources will have disastrous end.?

CISSP All-in-One Exam Guide

This book is one of the best resources outside of the official study materials. It covers the eight domains in depth and comprehensively. And I recommend you to read this beautifully organized and content rich book after reading the official resources.

CISSP Practice Exams

This practice book should be a companion of the CISSP All-in-one exam guide mentioned earlier. Candidates should read this book after practicing questions from the official materials.

Note: The reason why I firmly recommend firstly to heavily reply on official study guides and references is that the people preparing and reviewing these materials are the closest to and the most familiar with the exam. The main theme of this approach however is not to draw a line and compare official and unofficial resources. As a matter of fact, we have to acquire firsthand information from the source itself. We can then aggressively expand our horizon by consuming as many additional resources and references as possible. Finally, know that it is through intensive practice tests you sharpen your saw of passing the CISSP exam.

How to Think like a Manager

I think this book is one of the most valuable resources to read to pass the CISSP exam. Because the questions and explanations provided in this concise book are extremely helpful in the exam. Moreover, questions and explanations provided in this book will help aspirants to understand the nature of the questions and the mindset required to approach them.

The author cordially advises his readers to think like a manager to answer the questions. The author of this book then clearly paves and depicts the way for you on how to think like a manager using his well thought explanations. I highly recommend you to repetitively read this book and deeply understand and apply its intent in decoding the questions in the real exam.

CISSP Study Guide 11th Hour

This book is highly summarized version that you must read at the eleventh hour. When I say at the last hour, I don’t necessarily mean you have to wait up until the end of your preparation period. You can read it at the beginning, middle and anytime that works for you. But, note that this is summary and you cannot rely heavily on this book to comprehensively understand the contents of CISSP. However, make sure that you read this book in the course of your preparation and before you seat for the exam. It is well-written and organized book to understand the domains of the exam at helicopter-view. After reading all these study materials and watching some of the video resources and surfing the websites recommended below, you should deeply and wholeheartedly?feel that you will 100% pass the exam.????????????????????????

CISSP Videos and Web Resources

I would like to remind you that you are not alone on your journey to hit your milestone of achieving your certification goal. In addition to the publications mentioned above, I recommend you to watch the following videos from the top instructors in the industry. I further advise you to frequent the platforms mentioned below to equip yourself with the required mindset, knowledge and skills.

• Kelly Handerhan is one of the most experienced instructors in cybersecurity. You can rely on her guidance to achieve your CISSP certification. Her video courses on cybrary will very much help you readied yourself for the exam. I found Kelly’s videos to the point and helped me to pass the exam.
• Mike Chapple is one of the leading instructors and authors in cybersecurity. ?He simplifies and demystifies the eight domain of CISSP for you in an easy to understand manner. In addition, he is the co-author of the CISSP Official Study Guide. Any aspirant can count on him for guidance and inspiration. I advise aspirants to learn firsthand from his robust platform and LinkedIn learning.
• Thor Pederson is also one of the best instructors in the cybersecurity domain. He dissects the CISSP exam deeply for you in his platform and his video courses. I recommend you to follow him on Facebook and other platforms for up-to-date information about the exam and cybersecurity in general.
• Luke Ahmed provides reliable teaching on CISSP exam through his dependable platform. He is the author of the best CISSP book titled as “How to Think like a Manager”. You can rely on his teachings and insights to crack the CISSP exam. His book helped me to achieve my certification.
• Sari Green in her CISSP video courses dives deep into the concepts covered in the exam. I recommend you to watch all her videos for solid understanding of the CISSP at large
• Adam Gordon tirelessly works on daily CISSP questions and answers on his LinkedIn and platform. You have to check his platform and LinkedIn feeds quite often to understand the exam.
• Prabh Nair publishes good articles on his platform. You can read those by visiting his platform. His youtube videos are also easy to understand and helpful for you to have a glimpse of understanding about the CISSP exam.
• IT Dojo has good CISSP questions in his youtube channel. You should finish watching all of them.
• CIS – I advise you to register and frequent this website. It will help you understand security controls, frameworks and other important resources that are helpful for general understanding of cybersecurity and the CISSP exam.
• CSA: I recommend you to visit this site more often for broader understanding of security of the clouds, which is very testable in the CISSP exam. It also contains many more security resources helpful for the exam and beyond. It offers and maintains CCSP in collaboration with (ISC) 2.
• NIST is the best hub for cybersecurity professionals and aspirants. In my opinion, this platform is the most resourceful not only for CISSP but for any certification in cybersecurity. It has tones of resources directly related to the exam and your profession. The special publications are important resources to understand cybersecurity in its broader sense. I advise you to make this platform your companion.
• SANS Institute is one of the best platforms for cybersecurity professionals and aspirants alike. You will find amazing resources in SANS and its affiliate organization GIAC. I advise to frequent SANS Institute website for updating yourself on cybersecurity and training requirements.
• OWASP is one of the best online community platforms that is dedicated to providing organizations with free and practical resources to support application security. It provides a plethora of tools, articles, and documentation in the domain of application security. I advise you to frequent this platform for up-to-date information on web application security, which is highly testable in the exam.
• I recommend you to frequently read the summary of CISSP in this sunflower notes by Maarten de Frankrijker. It is very helpful for self-assessment about the contents in CISSP at high level.
• You have to frequently visit a blog maintained by Luc Desfosses to have good understanding about the content covered in the CISSP exam.
• The memory palace by Prashant Mohan is a must read note for every CISSP aspirant. It will walk you through the contents of CISSP in a friendly to read, understandable and memorable fashion. Candidates should read this amazingly summarized content and thank the author for his great work in simplifying the exam for you.

Preparation Period Mindset

Some security folks out there preaches quite often and tell us it is ok to “FAIL”. But I say to them and others, not until you just PASS the exam. Just aim to pass the exam, no more no less. Meaning, you have to avoid any seeds of doubt about your passing by just committing and working really hard as per your plan. I believe you can do it and just do it. Even though it is out of scope, you may think of what to do perhaps after you will have failed at the end. However, during your preparation period, you must constantly avoid the failure mentality and only focus on how to pass the exam. I am telling you, just try to focus 100% only on passing the exam.?

It is inevitable that you will be distracted now and then to pause and think about failure during the course of your preparation. I advise you nonetheless to keep adjusting and nurturing the success mode through dedication and hard work. Moreover, you have to keep trying to close the valves of failure popping up here and there in your brain throughout your journey.

Positive Energy

Your day to day mantra and spirit should goes like when I pass the exam, not at all if I fail in the exam. If failure mode diffuses your conscious and subconscious mind, you will be probably in fear and panicked state even during your preparation period. Thus, you will be doubtful and disturbed the whole journey just until for sure you will finally miserably fail in the exam date. In my opinion, you will be doomed to fail if you keep thinking about failure during the course of preparation process.

So, I did not sit by idly, rather devised a simple and proactive technique to nurture victorious feeling and mindset throughout my journey to alleviate issues with failure mentality as presented below.

The Magic Note: Celebratory Mode

Dr. Covey in his bestselling book titled as “The 7 Habits of Highly Effective People” published seven highly regarded habits anyone who strides to be successful in life must inherently practice. The second habit in the book reads as “Begin with the End in Mind”. Dr. Covey in his book firmly advises his readers’ to start with crystal clear understanding of their destination. I found this habit to be pretty applicable and inspirational to anything we do in life including during preparation for our certifications.

Hence, I highly recommend you to stick a note that reads exactly as “I PASSED THE CISSP EXAM” be it on the wall of your room, office, computer desktop or smartphone wallpapers right after you schedule your exam and way before the exam due date. It should be on visible surface that you can check on daily. I coined this phrase during the course of my preparation for the exams. And it helped and uplifted me greatly to fine-tune things when I was desperate and exhausted at times.

I believe it will send you quite encouraging positive signals and thus setting you up on achiever mode by picturing yourself just after the fact of passing the exam. Besides, it will bring smile and happiness to your face. And this will motivate you to keep moving forward in pursuit of achieving your certification goal. Moreover, I trust it will empower you to prepare well and bridge your gaps or weaknesses to finally succeed and congratulate yourself. But, this approach should be continuously backed up with absolute dedication. Good preparation and hard-work are perhaps irreplaceable and the best antidotes to the bubbles of failure that may keep nudging you what you will do after you fail.

Think like a Manager and Act like an Advisor

You have to always think like a manager and act like an advisor when facing the questions. And the whole purpose of the exam is not all about evaluating your deep technical knowledge and skills. It rather asks about your level of fundamental understanding of each domain covered in the CISSP exam.

You are expected to be a knowledgeable and skillful facilitator between the technical professionals and the decision makers at the top. All your answers should thus be based on the viewpoint of a catalyst who galvanizes the middle field between the top and the bottom. You don’t fix technical issues and you don’t have the responsibility of approving decisions that will bring about significant change to the business either. Specifically, your role is purely risk advisor and you have to always understand and answer each question with that in mind.

Planning and Scheduling Considerations

Another important ingredient to pass the exam is to commit early and schedule way ahead of your exam day. In fact, you have to take your time and cautiously plan ahead to succeed in the exam. After all, you are willingly choosing to become member of highly vibrant community who must steadily and continuously update themselves to stay competitive.?Frankly speaking, quick fix does not often work in cybersecurity as it will sometimes be source of further exposures, incidents and sometimes disastrous ends.

Well thought and proactive preparations and working plan always come to the rescue of information security professionals’ disastrous and embarrassing failures. That means, the candidate must therefore prepare working study plan and schedule. In addition, you must strictly follow your study plan and schedule. If aspirants keep procrastinating and do not follow their study plan, it is highly likely that they will be doomed to fail. Another reminder, the candidate must minimize social media scrolling as much as possible and focus more often on studying. Finally, I advise you to stick note of the final day of the exam on visible surface or mark it on calendar of your choice.

Avoid Study Fatigues

You have to avoid cramming approach at any cost and allocate enough preparation time ahead. As the saying goes “Don’t bite more than you can chew”, our mind is not created and trained to handle so many parallelisms and bombardments at once. I would rather recommend you to move and attack step by step to understand and digest each aspect of information security required to pass the exam.

You will encounter people in youtube and other websites brag on how to pass CISSP in one or two weeks. These are probably rogue individuals who try to manipulate people to increase their number of viewers or visitors. Maybe these must be individuals who have been in information security for more years than we can even remember. Perhaps, they already know and are experts on the domains covered in CISSP certification. Even so, it is going be a 50-50 probability to pass the exam. I nonetheless recommend you to formulate a steady preparation approach that will render very less fatigue to your body and mind.

?A Marathon Journey

You should better know that it is going to be a marathon journey and thus you don’t need to be in hurry and turn everything upside-down. Here is one million dollar question for the purposeful candidate, why do you have to rush and be in hurry in the first place please?

The whole process is all about very important deal in your life and career. You cannot therefore fix things that way and make yourself marketable in-front of the eagle-eyed recruiters and prospective employers waiting for your expertise. Thus, you must very well plan it way ahead of time. Last but not least, I advise you to deeply understand and internalize everything covered in the domains.

Exam Day: Deep Breath and Relaxation

It is time to breathe deeply and relax. Because, I trust you have left no-stone-unturned and there is nothing left for luck by this time. It is time to reckoning and breathing deeply to acknowledge the fruitful journey you have been through. You must sleep well before the big day. It is highly imperative to avoid stress, be relaxed and rested as much as possible during the exam day.

It is now time to celebrate your successful journey in covering all the portions and study materials required to pass the exam. And by the way, you should be thankful that you are in good shape, healthy and fit to sit for the exam. In other words, you have to fill yourself with positive energy. Because, you have been preparing for this day for so long and it is time to fight head-on and crash the exam. More importantly, you should feel energetic and determined to cross the finish line gracefully and confidently. Besides to that, you have done everything at your disposal to pass the exam, Haven’t you? Moreover, you must arrive at the exam center earlier and spare some minutes for yourself to relax and seep a cup of coffee.

Exam Techniques and Time Management

You must manage your time to complete all the 150 multiple choice questions within the given 180 minutes. And the time information will be visible for you at the top most right corner of your screen. Moreover, you have to pay attention to the ticking time and adjust your pace accordingly. In addition to that, you must read each stem question and the choices provided very carefully. Besides, cautiously apply cancellation procedure to eliminate the obvious wrong choices and focus on the remaining choices to select the best answer.

The CAT Algorithm

The algorithm of CAT (Computer Adaptive Testing) that runs behind-the-scene will evaluate your exam performance in real time.?It works by setting a threshold that a candidate must maintain and achieve to pass the exam.?I strongly advise you to try your best in answering the first 20 questions correctly. If you start badly in the first 20 questions, you will have stiff slope to climb and may affect your whole journey until the finish line. Additionally, you should never rush to answer questions quickly as you will be easily tricked to fall in the trap.

You must avoid overanalyzing questions so that you will not attempt it in a more subjective thinking. Further, you should discard pre-existing assumptions and answer questions objectively based on the provided information ONLY. Plus, you should never try to rote-memorize an answer for a given question from practice tests you might have taken previously. Beware of double negative questions and nested choices as well. The choices should be evaluated critically to pinpoint and select the most inclusive answer of all in regards to the question under consideration.

As Luke Ahmed loves to say, you have to always think like a manager to pass the exam. You should not try to fix things by yourself rather think one step ahead of technical jargons and make business function.?

After Passing the Exam

Hooray…It is time to officially celebrate the achievement and self-reflect on the amazing journey you have been through. And the next move after passing the exam is to apply for endorsement and certification. Furthermore, the candidate should be able to submit all relevant reference documents that support the experience claims.

Once proof of experience and maintenance fee are delivered to (ISC), a digital version of the certificate will be available on the official website of the same. Finally, beautifully packed hard copy credential will be sent to the candidate within two months. To retain the hard earned credential, the CISSP should then pay maintenance fees and collect at least 40 CPEs (Continuing Professional Education) annually for three years.