My experience of passing the CISSP

I recently passed the CISSP exam and I want to share in this article my experience and methodology for undertaking this personal project. Of course, I'm not claiming that this is the best way or that it should be followed to the letter.

??Take the time to build your project in relation to your personal context.

???Know the rules of the game

My first suggestion is very basic: make sure you have a good understanding of the prerequisites and the content of each of the areas you will need to master. Where do you stand in relation to the prerequisites?

Currently, the exam is only available in CAT (computer adaptive testing) format. You can watch this video if you want to find out more, because you probably didn't take such an exam.

Take a look at the test center and the dates when you can take the test. Is it far from your home, are there lots of slots available? This will help you plan ahead.

If it's still possible, take ISC2's FREE One Million Certified in Cybersecurity program before taking the CISSP. It's a good entry-level certification and I used it to learn about the ISC2 exam format even though it's not a CAT.

??Prepare yourself

I remember that when I decided to start preparing for the CCIE, I ordered a book that I really enjoyed: Your CCIE Lab Success Strategy: The Non-Technical Guidebook. It's a personal development book in which the authors share their experience and very simple advice to apply. I often recommend this book before embarking on a CISSP-level certification ??

It's important to select the right course materials for you: we're all different in the learning process, so it's normal to have preferences in the way courses are designed. In general, I prefer video courses that I can watch on multiple media and in different locations rather than reading large books.

If you want to obtain a CISSP-level certification, it's important to have a realistic schedule and adopt the best strategy for you. From the outset, I planned to devote my free time for the three months leading up to the exam. After a month and a half, I was sure I could keep to my schedule, so I booked my place.

??Acquire the knowledge

In addition to the official course materials, there is a huge selection of books or video courses. My choice fell on these courses:

• Complete course by Thor Pedersen - Lead trainer at ThorTeaches on Udemy
• 8 hours of lessons summarized by Exam Cram ( Pete Zerger, vCISO, CISSP ) on Youtube
• MindMaps by Destination Certification Inc. on Youtube
• Also, the official study guide is really essential

Pete Zerger explains the memorization process very well at the beginning of his course. Having several different sources allowed me to avoid the repetitive effect in learning and to perfect the understanding of the subjects presented.

??Joining a community can also be a great help in discussing topics with other people:

• https://www.reddit.com/r/cissp
• https://discord.gg/certstation

I found it very useful and motivating to follow the feedback shared on the Reddit channel.

??Train for the exam

A helpful tip is to find a partner to do question practice with and discuss understanding of the statement and the most appropriate choice. My partner and I have regular hour-long sessions to practice asking questions. This allows you to think about what you're presented with and to use the knowledge you've gained to justify the choice you make. In my opinion, the fact that two people are working at the same pace is a real advantage in terms of progress.

It is generally recommended to practice answering at least 3,000 questions. My picks, in order of use, were Boson Tests, Official ISC2 Mobile App, Thor's Hard Questions. Boson is well known as being more technical than the others but the corrections there are also more detailed. The official app costs just €17 per month and lets you track your progress over time. I advise to use it continuously because it has 2300 questions in total.

You may need to understand subtle differences between words and ensure the accuracy of statements and answers as part of the test. If necessary, build your own personal dictionary during your training.

Before taking the exam, it's essential to complete practice tests of either 125 questions in 3 hours or 175 questions in 4 hours. It is advisable to spend the last week before the exam doing the last part of the training alone, to simulate real exam conditions.

Finally, I suggest that you consult the following videos to better understand the expected approach during the exam:

• Test Taking Tip by Gwen Bettwy
• Think like a Manager by Gwen Bettwy
• CISSP Practice Questions by Destination Certification

I remember the advice of a trainer on this subject: you have to constantly ask yourself the question why did I choose this answer? That's exactly what we did with my partner, especially when we disagreed on the choice. ??

??The D Day

It is well known that the exam is stressful and if you have seen the explanation of the CAT format, you know that passing the first questions is very important.

I watched the app clock most of the time, as I spent most of the first hour on the first 40 questions. The average is in training is rather 50 questions per hour. After a while, relative trust settled in and the stress passed. Of course, when I got to question 125, I felt a little apprehensive as I clicked NEXT.

But it was even worse when the exam ended a little later, in the 128th. I thought the game was over! It was then a very strong moment when I opened the folded results sheet that the supervisor gave me: the text Congratulations was written there at the very beginning! It took me a few minutes to realize that I had succeeded. ??

My final piece of advice: As many trainers say, the exam is very different from practice tests. It is therefore very important to come to the exam with a full understanding of the 8 domains and not to rely solely on the practice test results. Indeed, you can get into the habit of answering by finding keywords, rather than using your real mastery of the subject.

I wish you all the success in obtaining the CISSP! ??