top of page

How Daniel Cracked His CISSP Exam

Thoughts on the exam:

Easier than I thought it would be. In hindsight, I overthought how difficult/complex it would be based on other people’s experiences. Not a bad thing though, psyching myself up beforehand pushed me to work really hard over the last 4-5 months, really understand the material from different sources and dig deep into the areas I was weak in. I am sure this helped, as could tell as soon as I read the question what was really being asked and how I should answer.

I had decided to go slow for the first 25 questions and aim for 50 questions an hour. About 35 questions in I felt I had understood how the questions were structured and that my concepts were clear enough to know how to answer them. At this point I decided to not look at the clock, focus really hard for 100 questions to close this thing out and leave 30-40 mins for the last 50 questions if I do go past 100. This was a risk, but everyone is different, I followed my gut, and this is what seemed right at the time. I felt I had worked too hard to rush past any questions considering I was fairly confident of most of my answers. For the questions I wasn’t confident in, I used the following: ‘think like a manager’, ‘if one answer covers the others it’s the right one’ and one that really stuck with me from Andrew Ramdayal ‘If you are doing one choice, you are NOT doing the others. For each question I asked myself, someone has come to me with 4 suggestions as I am their manager and I need to justify to the CEO why I did NOT do the other 3 (not why I did one).

I took a break at 50 questions, and at 35 mins left I clicked next on question 100, the exam ended, and I had provisionally passed. Months of study, sacrifice, effort and learning finally paid off.

Thoughts on preparation:

I dragged out the preparation longer than I needed to, but this exam has taught me discipline and the power of Atomic Habits (this book really taught me to just do a little bit every day and trust the process to get results). After initially delaying for months, I decided I’m going to focus on churning out 1-2 hours of study daily no matter what. Some days was just 10 mins, some days 3 hours. Those 10 mins though, I made them count, I made sure I understood just one concept a bit better, that’s all that’s needed sometimes. I booked the exam 3 months out, created a plan and modified it along the way as needed. I aimed for 30 days of testing towards the end. Luke Ahmed’s Study Notes and Theory has some great resources for study plans and of course his practice questions.


Kelly Handerhan’s Cybrary course: This was my first resource, and it gave me a great feel for what content is covered by this exam.

Keith Barker’s CBT Nuggets course: Love Keith’s Cisco training, but I think I didn’t do this course justice and skipped through too quickly. In hindsight I would rely on only 1 full video course, Kelly’s course is what worked for me.

Sybex 8th Edition: Did a couple of chapters initially and gave up – the volume was too intimidating. However, I picked it up again later and read it cover to cover, this took me 2 months, but it really helped get all the material down in some more detail. Slow and frustrating times for me that really tested my will to do this exam.

Shon Harris Eight Edition: Found it much easier to read but I lacked discipline and got overwhelmed having 2 massive books sitting on my table, so gave up without reading anything thoroughly. Later I used this as a reference for the domains I was weak in, and boy did it help with clarifying some concepts. I know people who have just used this book alone and passed, but everyone is different.

Sybex OSG 9th Edition: Yep, 30 days out I freaked out and bought the 9th edition, I think by the time I went back and forth referencing and learning I may have read this book 2-3 times. In hindsight if you have the 8th edition it’s enough, along with other material which I will reference below. However, if you don’t have any books, just get the 9th edition.

For the new 2021 changes: Pete Zergers videos (Inside Cloud and Security) were a goldmine. Also, CCCure has a study guide on just the new changes, these two resources cover everything you need if you only have the Sybex 8th Edition.

If I were to do this again, I would use Kelly’s course to understand what content is covered and the Sybex 9th edition as my main study guide, then reference other sources as required. YouTube, Wikipedia etc are great and the Shon Harris book is excellent to provide a different view on things that may seem complex otherwise.

Practice Questions:

Luke Ahmed’s material: Took the Study Notes and Theory subscription and this was my primary source of practice questions, this really helped put me in the right frame of mind for how to approach questions on the exam. I didn’t keep track of my score, just whether I

understood a concept or not.

Sybex 9th edition test bank: Great confidence builder closer to the exam, as it has straightforward questions to see if you know the material, I did all the chapter quizzes and the 4 free tests along with the flashcards. Progressively scored 70%-80%-90%.

Boson test bank: Was good to test technical knowledge, but also had some good questions all round. I did 4 out of the 5 and scored 70-80% across them.

YouTube questions from IT Dojo, Prabh Nair and Larry Greenblat as and when I got a chance, I got through most of these. Prabh’s ‘coffee shots’ were really valuable.

In all I would have done approximately 2000 questions and never repeated any, but to be honest I wasn’t counting and only used the scores towards the end to see how much work needs to go in.

The aim should be to identify weak areas as many have said before.

Final Revision:

I wish I had not freaked out early on and got overwhelmed by the volume of material to be covered. This resulted in me wanting to cover as much ground in as little time through videos and reading the book etc and I neglected making my own notes. I work best making my own notes for a final revision, ultimately, I had to do this in the end about 3 weeks out, the added pressure could have been avoided early on and my notes were just the bare minimum at this stage.

Took 10 days off work before the exam, I really wanted to make sure I nailed this.

11th Hour CISSP: Some sections are probably dated now, I skimmed past these, but overall, this was the first resource that stitched everything together for me and gave me confidence that I at least know the high-level key areas for the exam. So easy to read, so well written.

Prashant Mohan’s Memory Palace: These were the primary source of written notes I used along with my own notes and between the two I covered everything.

Destination Certification Mind Maps: A gold mine again, went through videos on the domains occasionally over the months when I wanted to see how all the parts of the puzzle fit, also set aside a day to go through all of these 1 week out.

The last week before the exam I cut back on practice questions and focused on revising weak areas from all the sources above and the books/YouTube etc.

Luke Ahmed’s "How to Think Like a Manager": Great read, it helped that I had the subscription to SNT as well to nail down that mindset.

I got confidence reading other’s success stories on SNT and Reddit and learnt a lot from those who did not make it the 1st time as well. I came back to these whenever I was down in the dumps, which was often, because this exam does take focus, effort, determination, drive, patience etc, you already know what I mean.

Last 1-2 days before the exam

Just focused on getting the mindset right, reviewing my notes and went through the following videos multiple times, focused on staying calm and doing a mental recall of things that I felt I needed to memorize, I probably went a bit overboard, but I am happy I memorized so many things (ports, encryption key/block sizes, ISO/NIST numbers etc) I just wanted to cover all bases.


Although I have a background as a network engineer, SOC engineer and am currently an IT Security Manager, I studied for this as if I was new to the field. It helped give me perspective and really solidify understanding in weaker areas. Each to their own, but I feel the exam would not have been smooth sailing if I did not go through the grind. I just learnt so much, but don’t let not having work experience discourage you, it may even be a benefit so that you are not influenced by past experience and have to unlearn things.

All the best to everyone studying for this, just keep going, one step at a time…


bottom of page