This article provides tips and support for those interested in preparing for the CISSP exam.
What is the CISSP exam?
The Certified Information Systems Security Professional (CISSP) is a valuable information security credential. According to Cyberseek, the demand for professionals certified in CISSP is growing. ZipRecruiter states the US national average annual salary of a CISSP certified individual is a well-paid $125,470.
My Story: The Time I Took the CISSP Exam
A few years ago, a friend suggested I take a course on cybersecurity from her training company. Little did I know I had actually signed up for a CISSP preparation course. I told another friend I had signed up for the course and he remarked it might be a little hard for me considering I had no IT background. Feeling a little uncertain, I almost decided to back out of the class.
Though I was not trying to change careers, the trainer convinced me to continue with the class. She told me I would get a lot out of the class even if I did not understand all of it. It sounded like an adventure, and of course, I did not realize what I had gotten myself into. I did not know the magnitude of the CISSP test or how much effort it would take to prepare.
On the first day of the class, the cybersecurity teacher said to all the students, “Go ahead and schedule your CISSP test. It will help you with your test preparation.” I did. I scheduled it right after the last day of the 3-month cybersecurity class. I don’t regret it - even though ultimately I failed.
I took the cybersecurity class and I started learning new ideas. The class was interesting and the teacher made it humorous. I read a couple of textbooks that were recommended. I kept learning. By this time, I realized I would not be able to pass the test I had scheduled only a few days away. I swallowed the $50 exam reschedule fee, and I rescheduled my exam. I kept reading about cybersecurity to keep learning. The pearls I have learned resulted in this CISSP preparation guide.
CISSP Preparation Resources I Tried
All the resources I used to study for my CISSP exam were high quality in my opinion. My biggest concern is that I did not use them properly.
I used this resource as my main CISSP study guide: (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle. Mostly, I read this book and its earlier edition like a novel. Several people told me not to do that, but the book is thick and heavy! The prospect of making hundreds of physical flashcards did not appeal to me at all. In hindsight, I could have used Anki or Quizlet to make better flashcards. Hindsight is 20/20.
“Make flash cards!” - Well-meaning friends
I did not end up making flash cards until rather late in my CISSP studying process. There was a lot of vocabulary and acronyms that were new to me. Using flash cards would have been an excellent way to test my knowledge. I could have studied a few flash cards every night before bed to prepare for my CISSP exam.
Pluralsight and O'Reilly Media Video Courses
There are many study materials on these sites to help you prepare for your CISSP exam. These online libraries have great CISSP courses; one on O’Reilly Media is Sari Greene’s video course which was high yield. Another option that I used was Pluralsight.
Despite this, what I learned about video courses for CISSP exam prep is that they lulled me into a false sense of security. By watching the video course, I thought I had studied, but actually, I had only taken in information passively. I found that taking in information passively delayed my learning. When I watched a video only one or two times, I found I would not be able to recall the information as well as if I had taken notes or used flashcards on that information.
I watched several videos on CISSP preparation, but I think I could have used that time better had I engaged with the material in an occasional study group, with flash cards, or just simply taken notes as I read the study guide books. A big part of engaging with the material is testing what you know. It’s easy to avoid self-testing early in your CISSP studying process because it's not very motivating if you get a bad result on a practice exam.
I learned that is exactly what I should do when studying for the CISSP exam! I needed to be testing myself early in my study process. Not engaging with the material was an important problem for me, and it's one of the key reasons I failed my test.
Linkedin Learning
LinkedIn Learning had numerous basic courses on cybersecurity including CISSP preparation which I watched and found helpful. These courses helped me pass the CompTIA Security+ exam.
Thor's Udemy Course
I used some of the hard practice tests from Thor’s Udemy course to self-test before I took the exam. I think I had waited too long to use these practice exams. Ideally, I would have been doing them from the beginning rather than at the tail end of my CISSP exam preparation.
Create a Manageable Study Schedule to Prepare for Your CISSP
I did not have a study schedule. Because the CISSP test covers so much material, it's a good idea to break the domains into smaller manageable chunks.
Do not get overwhelmed. Starting your studying by creating a study schedule is a good idea. It can even be on your Google calendar. Get a CISSP study guide book and some practice tests. Create a simple study schedule in which you read 1-3 chapters per week while making flash cards. Read some flash cards every night before bed. Then self-test 1-3 times per week with practice exams.
Take breaks when needed, but do not push your test back. I kept pushing back my test date because I did not feel ready. Do not do this. Use your exam date to motivate you to study for the test and use your study schedule to keep you on track.
Don’t Underestimate Your Work Experience
Work experience (even volunteer work experience) in the security field would have been helpful. The CISSP exam is an expert-level certification. If you do not have experience in technology or security, you will be at a disadvantage. I did not have any work experience in cybersecurity or even with technology. Basic practical knowledge is just as important as knowing the theory when it comes to preparing for your CISSP exam.
What I Might Do Differently Next Time
If I were to retake the CISSP exam, I might try these resources next time to help me prepare:
Boson has an excellent question bank for CISSP preparation that is not too expensive. They sometimes have sales on their CISSP test prep materials. The problem for me was that I was using a Mac and not a Windows computer. The program’s specifications they had at the time required a PC.
CISSP official practice materials - I have not tried this though I have been getting numerous emails about the official test prep materials. It might be a good opportunity for those seeking to ace the test.
Key Take-Aways to Prepare for the CISSP Exam
- Make a study schedule.
- Do not reschedule your test.
- Find ways to actively engage with the material.
- Consider getting work experience if possible.
- Try again if you fail.
I learned having a regular study schedule would have been a better, more organized way for me to study for the CISSP exam. I would have done better if I had made more flashcards and reviewed them more often. Testing yourself with small quizzes and practice tests would be a good idea. I hope you can take this knowledge so that you do not make the same mistakes I made. Proper preparation can lead to success! Take this CISSP preparation guide and use it to ace your test.
