top of page

How Derek Cracked His CISSP Exam

How I cracked the CISSP. The journey begins… Started in September 2016 by taking the the free CISSP course by Kelly Handerhan at Between September 2016 and June 2017, I studied on and off. I allowed a work matter to get in my way and it wasn’t until I resolved it in June 2017 (by securing another contract with vastly improved working conditions) that I turned up my studies a few notches…well…quite a few notches. I got “hungry” and my studies became intense; no less than 2 hours a day…sometimes up to 8 hours a day…while keeping down a full-time contract. Yup, that meant up to 16-hour days but as I said, I was “hungry” for the CISSP! Tools for the journey My core books were the Syngress CISSP Study Guide 3rd Edition (Conrad) and the Sybex Official Study Guide 7th Edition (Stewart). My secondary references (when I wanted to get a deeper/clearer understanding of a concept, especially when I got a practice question wrong) were (in order of liking): Official Guide to the CBK 4th Edition and the ubiquitous All-in-One Guide 7th Edition by Shon Harris (RIP). People have commented that the CBK is dry, dry, dry :-) I personally found it to be a more engaging read…BUT WARNING…the index SUCKS! Hopefully the authors will improve on that in the 5th Edition (April 2018?) Personally, I bought but did NOT read Shon Harris’ book apart from the occasional cross-check. I know some of y’all fainted right there because you've heard it time and time again referred to as THE study resource. My two cents? It is WAY TOO DEEP for the exam, BUT it IS an excellent on-the-job reference. For videos, I watched and *highly* recommend Kelly Handerhan's CISSP course on Cybrary. It's free, it's GREAT, has a tight focus…and it’s free J Plan to watch these videos twice…once now and once within 3 days of the exam. You will need to allow yourself about 16 hours to watch the complete set once. When I needed to go down the rabbit hole, I watched Larry Greenblatt's CISSP 2017 series on YouTube (30 hours of video). You do have to pay for them and they are DEEEEEP, but they are a great resource. I converted them in to MP3 format (NO, don’t PM me; they are not available. Show Larry some love and rent or buy the videos J) I also watched David Miller's CISSP Certification series on SAFARI. Again, you'll have to pay to view them but they are also an excellent, in-depth resource. Preparing for the CISSP made me rediscover the world of podcasts. Specifically, I indoctrinated myself with the SECSTUDY podcasts ( These are basically your 1000+ CISSP terms and concepts in a digestible audio format. If you're into subliminal learning, these might help do the trick of "learning" the terms and concepts; listen with headphones (especially at bedtime) or while driving/commuting ("Turn your car [or bus/train] into your university" ~Brian Tracy). For practice tests (my most worthwhile resource), I used the CCCURE test engine (paid subscription) primarily. I went through the complete CISSP test bank; nearly 2000 questions! They are varying levels of difficulty, including a study mode which, along with the dashboard, is GRRRRREAT for identifying and working on your weak areas). From hearsay and now from my own experience, the "Hard" level is sufficient for the test. The “Pro” level is (in my opinion) over-the-top because the questions expect presented at PRO level assume DEEP, TECHNICAL knowledge of the subject matter. Remember…this a managerial concepts exam...NOT a technical assessment (like CCNA, MCSE etc). When you are getting 80% and above consistently at “HARD” level, you’re good to go. I also did both of the 250-question tests from the Sybex CISSP official ISC2 practice tests 3rd Edition. I occasionally used flash cards from many sources (I used Quizlet a lot but there is also the official ISC flashcards tool at Another little-known gem is SSI Logic's CISSP Exam Prep - Questions, answers and Explanations, 5th Edition. 1000 questions! The key is to do as many practice tests as you can…and then do some more. Cracking the CISSP is as much (if not more) about being a proficient test-taker as it is about knowing the material and how to apply it to the questions. I did also create a mind-map to capture the areas I was weak on. I actually forgot it at home the day of the exam but fortunately, the Creator helped me to remember what was on it! :-) Executive summary: I used a variety of learning modalities and multiple sources within those modalities. Why? It’s a long journey and I’m that “Are we there yet?” kid J The night before On Thursday August 17th 2017, I booked into a hotel five minutes from the exam site. This was a strategic move to ensure that 1) I beat the morning rush-hour (the location was downtown) and 2) I separated myself into a quiet secluded “space” in preparation for the big day. I ordered in a big meal and snacks…watched TV, listened to audiobooks (NOT CISSP-related) …and did ZERO revision! Why? I figured, “Why stress myself out? If I don’t know it by now, one night is not gonna make a difference!” The big day is here! I had a good night’s sleep and woke up at 6 AM washed, dressed, prayed, looked at my photo-shopped CISSP certificate one last time (if you have a vision board, you’ll understand the significance) and headed over to the exam site…got there like 7:40 AM. The exam I brought pineapple chunks (the actual fruit, not the candy), water and noise-canceling headphones. So…all of that ended up in my assigned locker, along with my watch, wallet etc. They gave me some KILLER noise canceling ear protectors (so good that I bought myself some soon afterwards…NRR33-rated) and I could pop out and get ice cold water from their cooler whenever I needed to (but of course the clock keeps going). That being said, I only took two breaks…one when nature called (around question 150, I think) and the second at the end of the exam, after which I went back through the 250 questions, changing only three answers. I finished the exam in 4.5 hours and finished my review and clicked “end” at the 5.5-hour mark. And the winner is… Once I signaled that I was done, I breathed a sigh of relief and went out to the desk to await the result. The proctor had a poker face on so I couldn’t tell. After a minute, he handed me the paperwork…and then a wry smile crept across his face as he said the words I had been study to hear, losing sleep to hear, pulling 16 hour days to hear, praying to hear… CONGRATULATIONS!

bottom of page