The CISSP Guide You Thought You Needed (But Didn’t)

Written by blackheart | Published 2024/10/21
Tech Story Tags: cissp | cissp-study-guide | cissp-preparation | cissp-exam | it-security | what-is-the-cissp | cissp-advice | hackernoon-top-story

TLDRThis is a tale of epic proportions and victory to bring happiness to those who choose to travel down this lonely road. So, strap in, grab a coffee, and put on your brown pants.via the TL;DR App

The CISSP is the most sought-after Cybersecurity credential in the industry. It is also the most recognized and admired among cybersecurity professionals around the world. It is a badge of honor, and a nod to the industry that you will do whatever it takes to secure and advance the industry. It is also a credential that has driven many professionals to the point of insanity and creates income for many educational companies offering study materials for the CISSP.


This is a tale of epic proportions and victory to bring happiness to those who choose to travel down this lonely road. So, strap in, grab a coffee, and put on your brown pants. You are going to need them….(the brown pants portion).

Circle Time With BlackHeart.

Exam day finally came, and it seemed like yesterday I made the appointment. So many months spent reading books, watching videos, and taking notes about the CISSP. I finally had the mental state that I needed to take the exam. The mental state was “You either know it, or you don’t.”


That is how I felt as I drove to the testing center to take the CISSP. I arrived at the testing center early with time to spare. I wanted to do a quick overview of my notes but also listen to music and enjoy the day with my coffee. I made it this far and to me, that was an accomplishment.


I headed into the testing center but made sure to go to the bathroom because my stomach was upset due to the stress and the morning cup of coffee. I was a mess because I do not test well and the CISSP was my biggest test to take so far. I made it to the testing lab went through everything, sat to take the exam, and started the test. I had heard that if you make it past question 125, you are doing great.


I had also heard that you can go all the way and fail. I was one of those people who went all the way to the end of the test. I was so nervous, and the walk to the desk to get my printed results seemed to be miles long. When I arrived at the front desk, my results were turned face down, so I couldn’t see the results.


I walked out the door and didn’t even bother looking because I didn’t want to fail the exam. It wasn’t because of failure; it was because I didn’t want to go through studying again. When I got to the hallway before the parking lot, I looked at my results, and I had successfully passed the CISSP. Queue the Journey music! You know the song.

What Is the CISSP?

The Certified Information Systems Security Professional (CISSP) is an information security certification for cyber security analysts. It was created by the International Information Systems Security Certification Consortium (ISC).


The certification was created to ensure professionals in computer security have standardized knowledge of the field. Earning a Certified Information Systems Security Professional certificate can help you have a successful career as a computer security professional. The Certified Information Systems Security Professional (CISSP) exam is a six-hour exam consisting of 250 questions that certify security professionals in eight different areas:


  • Access control systems and methodology
  • Business continuity planning and disaster recovery planning
  • Physical security
  • Operations security
  • Management practices
  • Telecommunications and Networking security.


If that was not enough for the test, to become certified as a CISSP, you will need at least five years of full-time, paid work as a security analyst in two or more of the eight domains covered in the CISSP, such as cryptography and software development security. You will need to have scored a minimum of 700 out of 1000 points to pass the exam.


After passing the exam, you will need to have an endorsement in subscribing to the (ISC) Code of Ethics and you will have to have an endorsement from another (ISC) professional who can verify your professional experience requirements such as length of employment, professional reputation, and continuing education as a security analyst.


When the candidate successfully passes the exam and is endorsed, they will also need to maintain 120 CPE credits every three years and pay the annual maintenance fees to ISC2.


Don’t start crying just yet. I need to introduce you to the CAT first. Then we can cry it out and hold each other. ISC2 has introduced Computerized Adaptive Testing (CAT) for all CISSP exams worldwide. Based on the same exam content outline as the linear, fixed-form exam, CISSP CAT is a more precise and efficient evaluation of your competency. CISSP CAT enables you to prove your knowledge by answering fewer items and completing the exam in half the time.

How Does the CAT Work?

Each candidate taking the CISSP CAT exam will start with an item that is well below the passing standard. Following a candidate's response to an item, the scoring algorithm re-estimates the candidate's ability based on the difficulty of all items presented and answers provided. With each additional item answered, the computer's estimate of the candidate's ability becomes more precise – gathering as much information as possible about a candidate's true ability level more efficiently than traditional, linear exams.


This more precise evaluation enables us to reduce the maximum exam administration time from 6 hours to 3 hours, and it reduces the items necessary to accurately assess a candidate’s ability from 250 items on a linear, fixed-form exam to as little as 100 items on the CISSP CAT exam.

How to Prepare For the CISSP Exam.

It is said that the CISSP exam is “A mile wide and an inch deep.” This derives from the fact the exam covers so much material with the eight domains it is difficult to remember everything. There is a multitude of study materials, bootcamps, books, videos, etc. available for anyone who wishes to take the exam…but how do you prepare for such a difficult exam and do it the right way? I am going to give you my advice on how to prepare for the exam….passing is up to you.


  • Kiss your loved one, hug your kids or pets, and take time to appreciate the day because you are alive and well. The CISSP is not a great exam. You make the CISSP great with your never-ending ambitious attitude and willingness to better your life. I am proud of you.


  • Think like a manager - If you have a technical background alone, you will need to think from a manager’s POV. You do not fix problems in the CISSP realm. You get to make recommendations instead of fixing problems. You may know all the encryption methods and ciphers but only one is going to work for the questions asked. Remember, what would a manager do in this instance?


  • The right answer is not the best answer - There will be many questions on the test that seem right but not the best answer to the question. Biometrics is a very secure method for authentication, but it may not work for a small company that can’t afford it.


  • Understand why security concepts and mechanisms work - The CIA triad, OSI model, and AAA are something you will also not get away from. It is important to understand how concepts and mechanisms work because you will use them in everything you do. If you can understand why something works, you can apply it to the questions on the test.


  • Take notes that you can understand - There is nothing worse than having pages of notes and not being able to comprehend what you wrote down. I am not talking about your handwriting skills. I am talking about taking notes down that just pass the exam. You will need notes that explain why something works and understand why. When it comes to questions on the test and in your job, you will feel more confident when it comes to problems.


  • Take a walk and eat pizza - Good things come to those who take time for themselves. Make sure to take time and enjoy your study time. If you are having issues focusing and answering a question, take time to take a walk or eat your favorite pizza. The CISSP is going to test your mental state, and you do not want to compromise it. You will be surprised by what a little bit of clarity does for you.


  • Follow the “One, two, three rule” - I am not sure if it is an actual thing, but it worked for me. You need one main study item (Book, video website, etc.), two different study items (Flashcards, books from different authors, or a study buddy), and one set of notes ( You can have as many notes as you want; just keep it simple). It sounds like a lot, but if you just study one main item for the test, you may miss some other insights that could be beneficial.


  • Learn the art of skimming - The CISSP is a “Mile wide and an inch deep.” It will be difficult to read every book from cover to cover and remember everything. With the combination of the items listed above, you can skim through the domains. If you take too much time on one domain, it will take away from the others. I know there are a lot of items that are needed to pass the CISSP and the emotional tools that come with studying. The journey is well worth all the effort to obtain such a difficult certification.


    I titled this article “The CISSP Guide You Thought You Needed (But Didn’t)” in an effort to remind you that the CISSP is not special. YOU make the CISSP special with your journey and the motivation to make yourself great. I can’t wait to come back and see how far you have made it and to hear your success story.



Written by blackheart | A cybersecurity professional with a wealth of experience in IT security, incident response and ethical hacking.
Published by HackerNoon on 2024/10/21