Mastering the CISSP: Insights and Tips

The CISSP certification is widely regarded as the gold standard in the field of Information Security, and for good reason. Having recently passed the exam, I can attest to its reputation. The breadth and depth of topics covered are unparalleled. No single resource can fully prepare you for the exam; it requires a combination of experience and understanding of how to apply principles to various scenarios. The key to success lies in adopting the right mindset for this challenging exam.

?Here are my top five tips for approaching the CISSP with the right mindset:

• Think Like an Advisor: View situations from an eagle's eye perspective, offering advise rather than trying to fix problems directly.
• Focus on Risk Assessment: Make informed choices based on risk management principles.
• Avoid Technical Overload: Understand technical topics, but approach decisions from a strategic viewpoint rather than getting bogged down in technical details.
• Balance Security Needs: Apply just the right amount of security through proper risk management, avoiding unnecessary complications.
• Follow the Process: Pay attention to the steps involved in managing situations. Often, understanding the process can help you choose the best answer among several seemingly correct options.

I recommend the following study materials:

• CISSP training by Mahesh S CISSP CISM CISA CEH ITIL
• (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th edition by Mike Chapple
• CISSP course on LinkedIn Learning by Mike Chapple
• CISSP Exam Cram on YouTube by Pete Zerger, vCISO, CISSP
• CISSP Prep Coffee Shots on YouTube with Prabh Nair for in-depth understanding of specific topics.

No amount of practice tests can truly prepare you for the actual exam. Experts suggest these tests help gauge your level of preparedness, but I disagree. My sample test scores did not reflect my final exam outcome. In the Mike Chapple Official Practice Tests, I scored in the early 70s—below the recommended 80+ score. Guenevere (Gwen) Bettwy (?bet ?wē) mock exams, which were closest in terms of scenario question length, saw me scoring in the early 60s on the full-length tests.

Despite these scores being low, I felt ready to attempt the exam because:

• I could recall key elements about any topic.
• I had reached a saturation point with reading materials and could not absorb more.

In my view, the CISSP preparation journey, rather than the exam itself, was daunting. Despite my years of experience and expertise in topics like networking, cloud and risk management, the amount of learning I gained was immense. The exam presents two main challenges: understanding the question and selecting the best answer. Unlike practice tests, the actual exam questions were clear and complete, making comprehension easier. However, interpreting the exact intent of the questions remained tricky. Once I understood the intent, I could focus on choosing the best answer, which was the final hurdle.

Unlike many exams that provide immediate results, the CISSP exam results are given after a nerve-wracking wait at the test centre. This adds to the overall stress, but the relief and joy upon seeing a passing score are unmatched.

In conclusion, the CISSP learning experience is both challenging and rewarding, providing immense knowledge regardless of prior experience. The lengthy endorsement process post-exam could be improved to shorten waiting times, but being awarded the CISSP certification makes the entire journey worthwhile.