top of page

How John Li. Cracked His CISSP Exam

How I passed the CISSP without ever picking up a book I passed the CISSP exam. 100 questions with 96 minutes left on the clock. It was hard.

Tips: focus on process steps, phases, lifecycles. If it's a process, memorize all the steps, know how different process steps interact. Know what each step does to reduce risk. Know why those processes are performed and how they benefit the organization and save money and reduce risk.

Know BCP, BIA, and incident response. Bad things are going to happen, and you need to know what to do when they do. Think like an actuary.

Don't focus on technical details. You don't have to know algorithm key lengths, or specific port numbers, or how fast data is moving through a type of cable. You need to understand how those technologies can be secured, ways to secure those technologies, and what costs and benefits are associated with those technologies. Think like an accountant.

The exam plays mind games. As you go through it, you're going to feel like you're failing.

You're not. Keep going.

Whatever you do, don't think like a technician. You're not there to fix or configure devices.

You're there to solve problems.

Use the bathroom before the test. The test is stressful on the body. Don't make things worse for yourself.

Now on to my CISSP Resources:

I am an auditory learner. I used the following audiobooks available on the Audible App:

1. Essential CISSP Exam Guide by Phil Martin

2. Eleventh Hour CISSP by Seth Misenar

I also used the following E-books, purchased on Amazon:

1. ISC2 CISSP Official Study Guide 9th Edition by Mike Chapple, James Michael Stewart, Darril Gibson

2. CISSP All-in-One Exam Guide, Ninth Edition by Fernando J. Maymi, and Shon Harris

I also highly recommend the following video lecture series:

1. All of Thor Petersen’s Udemy courses on the CISSP

2. The CISSP Exam Cram playlist by Inside Cloud Security:

Finally, I used the following test banks. Test banks are the most important part of this because you have to constantly test yourself to evaluate what you need to work on.

1. Luke Ahmed’s test from Study Notes and Theory

2. All of Thor Petersen’s test banks from Udemy

3. Boson CISSP test bank

Finally, here's my method for passing the CISSP without ever picking up a book:

1. I listened to the audiobooks and the ebooks constantly almost every day for eight months as I drove, cleaned, did yard work, etc until I had almost everything memorized.

2. I also made extensive use of the excellent CISSP study decks on the flashcard app Quizlet (

3. Finally, I converted several decks of study cards from Quizlet into audio, loaded them on my phone, and listened to them probably a hundred times over. The audio study cards I made can be downloaded here:!Alu2CQyHO40Auhc380iIEkerMQIH

I started studying in June of 2021. I listened to all audio books and e-books at least once by the end of July 2021 and started taking practice exams after that. I would take exams for Boson, Study Notes and Theory, and Thor Peterson. It was important to me to take exams from all three banks and they would each identify different areas where I needed reinforcement. After each practice exam, I would spend a week listening only to the parts of the audiobooks and e-books that pertained to the areas that I did not do well on in the practice exams. At the end of the week, I would take another practice exam and repeat the process the next week. I did that between July 2021 and October 2021. I planned on taking the exam in October 2021, but several life events ended making October of 2021 one of the hardest months of my life. My life did not settle back down until January of 2022. In January, I started the process over again- I listened to all the audiobooks and e-books at least one more time, did practice exams to identify weak areas, and then used Quizlet decks and focused listening to reinforce those week areas. I spend the last two weeks before the exam doing focused study for at least three hours per day. I focused on memorizing process steps and clarifying the subtle differences in related concepts that I often found myself getting confused on. I took and passed the exam on March 7th 2022.


bottom of page