Hello! I passed the CISSP exam in April 2021. So much has happened in the 3 months, but I wanted to write my story to encourage others who may be in the same situation that I was in months ago.
Here’s my story:
I have close to 15 years of experience working within the security field, ranging from Systems Engineer to Technical Project Management, leading projects in a variety of Security Domains within the enterprise. I have a Bachelor’s and a Master’s degree in Computer Information Systems. Just after obtaining my Bachelor’s, I went back and attended security-related classes at a local university to learn more about the field as I became more interested in IT Security. The CISSP certification had been in the back of my mind since I started my career in Security in 2007. At that time, I attended an in-person Bootcamp offered by my company, along with the option to sit for the certification exam. It was the first professional certification I’d attempted to take. I used to be terrified of taking certification exams because I didn’t have the best study habits and had a fear of failing. It was challenging for me to retain a huge amount of information, which is necessary to prepare for a large-scale exam as a CISSP. So when it came time to take this test, I didn’t prepare well. I didn’t know how to prepare, so I failed it. After that point, I decided not to allow such failure to happen to me again, and I refrained from taking any exams for certifications.
So what changed? About 8 years ago, I built up the nerves to attempt another certification. This time it was the Project Management Professional (PMP) certification. After working for years in the field of PM, I decided to get my PMP. But, I failed my first attempt. This time it happened because I was over-confident and convinced I would pass it since I worked in that field, and did not study well. A month later, I decided to retake the PMP exam. I studied hard and cracked the exam after tackling it with determination. But let me continue the story about the CISSP experience.
The CISSP was always in the back of my mind as it was on my list of certifications to obtain for my career growth. I decided to revisit my CISSP journey about two years ago. I debated whether to attend another in-person Bootcamp course or go solo. By January 2020, I tried twice to be a part of study groups within local meetup groups but it did not work out for me each time. However, I was still determined to continue forward. By March 2020, I decided to make use of lockdown and quarantine time and continued to study and focus on the certification. During the peak of COVID-19 restriction, the chances of finding an in-person Bootcamp course or study group were slim. Therefore, the only reasonable way was to find virtual study groups and online courses.
I continued my studies on my own, but as a working mom of two, I realized I needed a structured approach because there was too much material and not enough time in the day to get through all the information and retain it. I figured I needed to find an outlined plan or make one on my own. That's when I found Mike Chapple's Virtual Study Group Program, in September 2020. After signing up, I received automated emails each week that outlined the suggested days a task should be completed, whether it was reading a domain, viewing the related video, or taking a practice test at the end of the chapter — there was a plan outlined for each day of the week to follow, including when to take a break ;-). The recommended books with this program were: CISSP Certified Information Systems Security Professional Official Study Guide, and the CISSP Practice Test. My initial target was to take the exam in December 2020, but I needed more time. Therefore, I changed my date and decided to take it on March 4, 2021. But, I failed it.
Not passing the CISSP exam, that time, was difficult. I passed through so many mixed emotions: I cried, at one point I thought I was a failure, felt exhausted, and sometimes I wondered why did I put myself through this. I even felt that it would be so much easier if I just stopped. I thought I had studied enough; I thought that my experience of working within the Security field was enough but it wasn’t sufficient. After taking a couple of days to think about my failure, I realized didn’t want to give up. I had come too far in my preparation and studies to give up at this point. So, I went back to the drawing board, checked the areas where I scored the lowest, and developed a new strategy to execute a new plan. I regained my confidence and motivation and rescheduled the exam for a new date, April 28th.
I purchased a few more books like the Shon Harris All-In-One series, and I also decided to add in Cybrary’s CISSP Training and Destination Certification’s CISSP Mindmap series. I later found Luke Ahmed’s Study Notes and Theory’s, and I signed up. I didn’t start using Luke Ahmed’s Study Notes and Theory immediately because I was using Cybrary’s CISSP Video Training by Kelly Handerhan and thoroughly reading and cross-referencing with the books.
But one day I decided to reference a video within Study Notes and Theory to help me understand one of the domains I found difficult. That was a turning point for me. The way the instructor broke down the content was so helpful for me, and I wondered where it had been all this time! He talked a lot about how to think like a manager which I’d heard before but he also explained what that meant in preparation for the exam. So I began incorporating Study Notes and Theory into my studies. After reading a chapter, I would cross-reference it with Study Notes and Theory and/or Cybrary CISSP Video Training and then take practice exam questions on that topic. I did this for each domain where my score was the lowest. I also used NIST publications and spoke with a mentor who worked in areas where I didn’t have previous experience. My mentor helped me with real-world scenarios to cement it into my brain. Because I’m a visual and hands-on learner, I need to see and understand how it’s applied in real life, using examples and diagrams. I also used audiobooks when going to sleep to listen to the domains where I was weakest.
After countless hours of reading and reviewing stacks of CISSP books, writing pages and pages of notes across two notebooks, flashcards, over 2,000+ practice questions, viewing various videos (outlined below), listening to audiobooks, tips from other professionals, and prayers to God -- I am proud to say that I finally passed the CISSP exam on April 28, 2021!
If you are like me and have fallen short on passing the exam and are afraid to take it again, my three tips (besides study, study, study) are:
#1 Know your learning style.
The key for me was knowing my study and learning style. Find out what works for you to help you learn and retain the information. Don’t be afraid to try new ways or a new approach if what you are currently doing isn’t working. There’s a lot of content available to help you study. It’s provided in different formats: video, books, forums, online study groups, so find what works best for you, come up with a new plan of attack and get back out there and give it another try.
#2 It’s Not a Sprint, It’s a Marathon
The preparation for the exam is a marathon and not a sprint. I’ve trained and ran a half marathon before so I know it's not something you wake up and do the next day. It takes time, practice, planning into your schedule, preparation, and dedication. And during the race, I know what it is like to look for a mile marker to know where you are and how far you have to complete the race, to remain focused on the finish line. Therefore, for the exam, I always set a date to complete a task and had a milestone date of where I should be. As a working mom, my available time to study was not always consistent and often limited. There may be times when I had to slow down in my studies or speed up or take a break. I had to readjust my study schedule and test dates a few times. If I started to slip on my study tasks, due to higher priority, I knew I would not be ready for the exam so rather than stop, I readjusted my plan and rescheduled. Find out what your mile markers are for you, make adjustments along the way, and stick with it until you cross the finish line. For some, they may be able to complete within a few months, but for me, it took over a year from start to finish, but I didn’t stop — slow and steady to win the race.
#3 What motivates you to keep going?
As I mentioned in point number 2, this can be a long process. Figure out what will motivate you to keep going. My motivators were my daughters. I realized that I could not give up on something I’d worked so hard for, for so long. How would I be able to teach my daughters to overcome adversity, setbacks, and failure if I gave up and I stopped when things got tough. I had to figure out how to get past it and move forward. That is a test in itself.
Here’s a list of the resources I used to study for and pass the CISSP exam.
Books:
Michael Chapple's ISC2 CISSP Official Study Guide — I read once, took practice tests after each domain
Michael Chapple’s ISC2 CISSP Official Practice test — I took all practice tests within the book
Eric Conrad Eleventh Hour — I read it twice, this was the smallest book I had, and it was used the night before my exam, each time, to go through.
Shon Harris AIO, 8th edition Book — I used it to read the domains where I scored the lowest.
Shon Harris AIO, Practice Test, 5th edition (Hardback and Ebook) — I took every practice test.
CISSP For Dummies, 6th Edition — I used it to cross-reference with other books for topics where I scored the lowest.
Online & App-based Practice Test Engines:
https://www.cccure.education/home — I took this every night before bed and adjusted the auto-generated questions to focus on the weakest areas after I failed the first exam.
App: “CISSP Pocket Prep” https://apps.apple.com/us/app/it-security-prep-comptia/id1501744813 — great for quizzing yourself when you are on the go.
App: “CISSP Flashcards Pro” https://apps.apple.com/us/app/cissp-flashcards-pro/id1252354597 — great for studying while on the go
https://quizlet.com/278795946/cissp-practice-test-1-250-flash-cards/ — I used it a few times to test my knowledge after a chapter as a review.
Of note: I registered to use www.boson.com -- I heard of it and thought it would be a good resource for online practice tests but I was unable to use it on Mac OS.
Online Resources, Courses, and Videos:
1. https://www.patreon.com/certmike — Michael Chapple’s membership group as a forum
2. https://www.linkedin.com/learning/paths/prepare-for-the-certified-information-systems-security-professional-cissp-exam — Michael Chapple’s LinkedIn Learnings Modules for CISSP Exam preparation. There’s a video for every Domain.
3. https://www.youtube.com/c/DestinationCertification/videos — Destination Certification CISSP Mindmap Series
4. https://www.reddit.com/r/cissp/ — I used this as a reference when I failed, for lessons learned, to gain strategies and new methods to consider from others to help regain the confidence to step back into the exam and pass.
5. www.studynotesandtheory.com/signup — I subscribed to get access to all of the videos, which ended up being valuable content, on the last attempt.
6. https://www.youtube.com/watch?v=-99b1YUFx0A — Video on “Why you will pass the CISSP” by Kelly Handerhan.
7. https://www.cybrary.it/course/cissp/ -- by Kelly Handerhan, a great set of videos
8. https://csrc.nist.gov/publications/sp800 -- Downloaded and read several NIST guides.
10. Article on “SOC 1, 2, & 3 Audit Reports, and Why You Need One”
11. https://commoncriteriaportal.org/pps/