top of page

How Pratyush Cracked His CISSP Exam

I would talk about the motivation first because that’s what drives your efforts. I was really looking for a course which can give me good technical knowledge and cover wide range of security services as well from an architect perspective. Got to know about the hype of CISSP and I was attracted. Analyzed the course content and made up my mind that this would be the best for me.

I started in August 2019 but was not regular with my studies. I got really disciplined since October 2019. Completed Sybex once which was very tough to read for me. I have never been a “reader”, so obviously that was a big challenge but wanted to complete it once somehow. Completed chapter end questions. Till February 2020, I completed Sybex around 2 times and I did read Shon for around 70% of the content. Absolutely, love that lady. Sheer art of making someone understand alien concepts, she knows it very well.

I attended Prabh Nair’s boot camp in March 2020 and it was really good. The extent to which he goes to ensure we pass is just amazing.

Signed up for Luke’s questions and used to practice one set every day. He has some really solid technical and managerial questions which are good to attempt. Completed till set K and my average score was 68-72. Completed ISC2 practice tests, average score 78. (Use promo code "LATENIGHTSTUDY" for 15% off his subscriptions)

Around June, I felt I needed may be a month more was enough and really wanted to finish the exam, so flew down to Bangalore towards June end . Completed mandatory 14 days home isolation procedure. I started with Boson and completed 3 sets. Average score 75. Completed Luke’s practice questions completely twice. Completed all the planned things and I booked my exam for 17 th Aug’20. I have read almost all the material out there except CBK which I really hate and practiced all those BOSON, total tester, ISC2 tests etc. So, I won’t go much into that but mainly about last week of my preparation and exam experience.

Last 5 days:

- Revised all those big topics. SDLC, DB, Governance F/W, Data Remanence, Firewalls etc.

- Closed books. Walked around for hours and talked myself through the topics just to feel comfortable.

- Co-related topics and domains.

Last 2 days:

Was relaxed and calm. Just waited for the exam day. I did study till last day until afternoon.

-Watched a movie last evening. Did not have stress, was forcing myself to feel some, but was just happy and easy.

Exam Day:

Got up at 7. Revised GDPR and 1-2 important topics. Saw Kelly’s video “why you would pass”. I had booked 10.15 AM slot and reached the exam center at 9AM. I had zero stress and no fear, don’t know why. Mainly because I completed almost everything I had planned for. I had that feeling that I have done whatever I could and could not have done better to prepare myself.

Very clear mind set. Told myself below things:

- I am a CISO or a business person. I need to ensure everything goes well for my organization in the best cost effective manner and I don’t know technology unless I am forced towards that line only.

- Expect the worst of the questions.

- Plan the approach to answer thinking exam will go till 150.

- Allot around 1 minute only for every question, although I knew practically it would push ahead.

- Take first 25-30 questions easy, even if I finished 30 questions in 40-45 minutes, it’s good.

- Even if the questions and their options are all ALIEN to me, I would continue answering all the questions on their MERIT ;won’t panic and pick the best possible option as a risk advisor or whatever is in the best interest of the organization.

- If I get really stuck between 2 options, would take 30 seconds to think. If that helps conclude/ eliminate; continue thinking for next few seconds more, else choose the better one instinctively and move on. No point wasting time.

- Take 30 seconds break after every 50 questions and do deep breathing.

-Exam started and I was very comfortable because they had a big monitor and noise cancellation headsets. I had practiced all my 6000 questions in a 14’ laptop, so exam questions in that monitor were very clear to read. What I mean to say is even if they were 2 lines there, our standard 14’ laptop would show that as 3 lines. So, the feeling that it’s not a long question helps psychologically.

First 10 questions were okay. I was able to make out the best option with medium level of efforts. Then it started getting tougher. There were situation based questions. There were 3-4 direct easy questions, which are like low hanging fruits. Ensure that you pluck them well and eat fast. You will have watermelons and lemons ahead to deal with, so manage your time well with these easy questions.

After 15-20 questions, I believe decision making was becoming tougher. At times, there was confusion with 3 options, but in most of them between two only. For some of them, I could eliminate and reach to a final conclusion. This is where your knowledge and maturity of concepts would count.

I completed 30 questions in 40 minutes. I knew ; I was taking some more time than required but felt ROI would be better considering it’s an adaptive test. After 35-40 questions, it was mainly about instincts. Wherever I had a tough decision to make and have exhausted all my knowledge, would think for 10-15 seconds; reach somewhere and then my mind would pick one option with utmost confidence.

Don’t know how. I had to mark that and move ahead because of conviction in my head. That conviction at times was because of knowledge but at times it was purely instinctive. I did doubt that instinct for few questions and re-assessed before clicking next. The best part was that for most of such questions, I did not doubt my mind and moved ahead. If I read the question and options well and still had tough time picking answers, my mind would think “A, B or D? A, B or D?……..pause…long thought…...B, B it is.

Next question…..mmmm…..A or C? ..A or C?….long pause……...C, C it is” There were at least 15 which I marked like this and these did not sound like BETA questions at all.

I was waiting for the below few things during the course of the exam.

1. Exam to get tougher as it moves ahead - Did happen.

2. Exam to get heavier on a particular domain. That would have indicated I got earlier questions of that domain wrong. Did not happen. Kept getting questions from all the domains throughout.

3. See some ALIEN questions which I would have no idea about. These would be BETA questions. Did not happen. I was comfortable with the content of almost every question.

There were 2-3 questions which I felt were absurd and content was not seen but I could understand them well. I was so high on confidence and energy and could use common security sense, some english and elimination method to arrive to an answer ; marked and moved ahead. Even these questions, I hardly spent 35-40 seconds on each of these.

Reached 50 questions in 60-62 minutes and did not take a break. Felt I was lagging behind time and mind was responding well, so continued. I took a break around 75 th question and took 2 long deep breaths. This technique has helped me even while taking practice tests. Just relaxes your mind and then next 10 questions get answered with more efficiency. The reality is how much ever you plan for 150, there is always that hope to end at 100 and that kept rushing through my mind after 75 questions were done.

At around 90 questions, I was convinced this won’t stop at 100 for sure because I think I have marked enough questions wrong till now while doing those instinctive ones.

100 th question, around 84 minutes left, clicked NEXT, exam ended. BOOM !! That was the first time in the past 2-3 days, I felt stress. 2 options. Either I have done exceptionally well that there is no need to test with next set of 50 questions OR horribly BAD that there is no point throwing up next set of 50 questions. I was not on either of these sides in my mind but was more inclined towards the first choice.

Raised my hand, looked at the test centre person. He would immediately start walking towards you from outside the moment you raise your hand. Asked them what to do next. They asked me to click on END exam, did that. I actually started getting weak then. Past 1 year memory, all the hard work , all the sacrifices, 4.30 AM alarm clocks, every day 8-10-12 hours of study, everything got to me in next 1 minute.

Walked outside the test room and my result was getting printed. That bloody printer did print for quite some time. I thought it might be two pages then. LOL. 2 pages would have domain wise proficiency level and that’s the reason one page won’t be enough. Over looked, could see just one page in the tray, was still not sure though. She picked that up, then I was sure it was just one page. Tried to peep into that sheet while that lady was still holding it and

I saw “Congratulations”. Got weaker, had tears. I wanted to cry more, so collected my helmet and wallet. Went outside. My brother was waiting for me. Stayed there in that campus just outside for 2-3 minutes alone, cried, felt that moment and then went to my brother, hugged him and had tears again. He literally suffered all my drama because of my studies in the past 2 months at least. That’s why I say; this exam is just not YOUR own effort only. There are so many players who contribute to your success.

I really felt this result was meant to be. I could feel that throughout my journey. Things were molding in that direction. Lock down, ample time to study, whenever I had hurdles it got resolved some how, instinctive calls in the exam , zero stress, that utmost confidence and carefree attitude while picking those answers. I had to literally fight with my family to come back to banaglore just to write exam and they were not okay with this considering pandemic situation. Flew down here, all went okay, could complete my quarantine period well. One more thing, you need luck to pass this exam. THAT day matters.

Some points for all my hard working future CISSPs

- Be thorough with the material. Be AWESOME with at least 90% content while preparing and at least more than GOOD for that extra 5-10%. It’s practically not possible to be equally good with the entire content so don’t target that..

- There is a different approach which I took during my last week, please see if this works for you. “Walk and Talk”. Once you have read a chapter or a domain, try this method to gauge your preparedness. Close the books, pick up a topic (let’s say IDS) in mind. Start walking and talk to yourself about the below questions.

What is an IDS? Why does it exist on this earth? What would go wrong if it’s not present?

What is the relevance in terms of security? Security advantages/ disadvantages? Which part of CIAN does it cover?

Trust me this, this makes a lot of difference. So many people don’t know after doing all that they can is “Am I really ready for the exam?” You can use this “walk and talk” method to assess this. You won’t get answers to all these questions initially because there are always loopholes but you would know your weaknesses about a topic.

- Don’t over study. I did a lot of repetitions which I don’t think gave output always. Check on yourself what is not working for you. I kept revising a topic multiple times from sybex or shon even though I was at the same level after every round of it. Don’t do that. I wasted a lot of time doing this and realized this mistake very late. See, what works for you. I switched to videos after some time and that made me feel better about those topics. So, have an open

mind to understand and assess your capabilities.

- After initial practice phase, please don’t follow a practice question source if it does not challenge you to make tough decisions between options. To give an example; Which of these would best be used to establish integrity (with some more context)? Hard tokens OR SHA-3 OR SLA OR UPS. Dump this source, if majority questions are like these. Which of these would best be used to establish integrity(with some more context) ? SHA-1

OR SHA-3 OR UTP cable OR Separation of Duties. Good source.

- Please, please, please book your exam. It’s fine to reschedule in the worst case but trust me all your doubts would start getting cleared when you have a deadline. All those tough topics would some how get digested then.

Below are some assumptions and stigma around this exam which I have heard around before I took the test. Have tried to discuss those below.

Statement: “It’s not a technical exam, everything will be managerial.”

My exam experience: Don’t agree. I had quite a few technical questions which did not mention anything about management but pure technical concepts.

Statement: “Exam won’t try to trick you.”

My exam experience: Completely agree. You would not understand this statement unless you take the test.

Statement: “All the options were alien to me. I did not quite understand what they were trying to ask.”

My exam experience: Did not feel this at all. I was comfortable with the language and the ask of each and every question. Options were close most of the times, but not alien or absurd. They want to test your knowledge and maturity of concepts and they would do this in a very upfront way. Options wont be easy to pick and move, but you would understand them with

modest effort.

Statement: “I got stuck between 2-3 options and were just not able to make a decision.”

My exam experience: Completely agree. At least, 60% questions were like that but then

ultimately you have to make a decision; a calculated, intuitive and a convincing one and move ahead. If you spend 15-20 seconds doing “A or C? A or C? A or C?” and still unable to

conclude to eliminate; trust the most intuitive one and move ahead. Really that’s the best you can do.

Statement: “You have to read the questions 2-3 times for most of them to understand what

exactly they are asking.”

My exam experience: Don’t agree. As I mentioned, I was clear about the ask of the question and did not feel they are insanely twisted to understand only if you read multiple times. I did read though 2-3 times few questions but not because of the above reason but because my mind keeps going to the memories of adventurous trips me and my friends completed earlier.

So, it was “my” problem more than the twist in the language or ask of the question.

At the last, I would say there are few mentors out there who are doing a commendable job to ensure the list of CISSPs keep getting longer. Please be in constant touch with them.

Prabh Nair and Luke Ahmed, thank you for all your efforts and dedication for this.

To all future test takers, Good luck !! It’s doable, just be honest with your preparation. This is a big statement and has a deep meaning, remember; “Being honest with your preparation”.


bottom of page