top of page

How Wai Cracked His CISSP Exam

Dear Future CISSPIANS,

I’d like to share my study experience with hope you may get some ideas to boost your study. Yes, CISSP is made up of broad concepts and it would assess your deep understanding of each one (Memorization won’t work well). First of all, I want to explain a little about myself. After passing my Security+ on late 2014, I just first heard the word “CISSP” in some infosec forums and Googled about it to know more about this infosec Gold standard achievement. But I couldn’t study at that time and then I started studying at Jan 2016. I got a baby boy in this year and busy with family cases and delay my study processes but I just wanted to make this dream happen for him as a present. Then I found this awesome and lovely CISSP group (I think the best one among the CISSP group due to admin, Luke Ahmed who was born to make CISSPs) with daily discussion, practice tests, strong encouragements to keep hopes alive (really helpful when I feel upset and depressed upon first attempt failure), sharing of success stories, reviews from who failed unfortunately, and lots of various insights to beat this beast. Till now, I always visit this group everyday as my primary study source. I have taken my first attempt on Nov, 2016 after thinking I’ve got enough knowledge to take it (memorization was my main focus) and the result was a fail. I didn’t understand what the question asks clearly and no idea of how to choice best/most/least answer (I didn’t know what some words mean due to my weakness in English). I marked a lot of questions and took a nearly 5:45 Minutes for the whole test and changed a lot of answers with back buttons. (Thanks to CAT for not allowing to go back and change the answers in this time). I felt depressed at that time but I encourage myself to make it happen again. Then I study harder and changed my study styles (Memorization to deeply understanding) and after taking over 1 year, I took the CAT style exam with full of confidence and passed after taking 107 questions for 2:30 hours. OK, please let me stop my brief story here and allow me to share my study techniques.

Primary Sources of Learning


  • CISSP Official Study Guide Sybex 7th Edition (My main focus, Easy to understand most of the concept and strongly recommended)

  • CISSP AIO 7th Edition Shon Harris (Broader than Sybex in concept exploration but a little boring for me, however recommended to practice tests in this book as the questions will dig your deep understanding for each topic like the real one)

  • CISSP Official CBK 4th Edition (Boring but uses as redundancy for my knowledge and practice tests are great)

  • CISSP Official Practice Tests (Practiced each domain and mixed one)

Online Study Sources

  • (Kelly Handerhan’s videos are very good and strongly recommended)

  • CISSP Study Notes and Theory Group


  • Mcgraw-Hills Practice Tests (Very tough and should try to assess your knowledge)

  • Many other online practice tests by searching in google ‘CISSP practice online tests’ and try nearly every test. ( etc...)

Study Techniques

  • Study time is 2 hours to 4 hours depend on your planning time to take the exam (1. Try to deeply understand what each concept mean and how it is using in real world. 2 Its security risks and security related things. 3. How to prevent it etc…)

  • Take your own notes for each topic and study it whenever you free

  • Do practice tests after each domain (Try as much as practice test questions to get the feeling of exam and to know your readiness, I took around nearly 3000 questions)

  • Never give up and force yourself to make it happen. Find some motivation ideas of what you will do after passing the exam and think of it whenever you try to surrender of studying or failing unfortunately

  • Search for peers and discuss any unclear topics (Like we did in the study notes and theory group)

  • Infosec working experience will make you view some questions easy, hence it would be great if you are working currently in infosec industry

  • The most important things is to build a life and work/study balance style because taking some time with family or friends while studying will make you refresh and it would be helpful when you study (Don’t forget we are humans and we need to enjoy life also)

  • Study focus and believe in yourself

  • Sleep well before the exam day (I couldn’t sleep well at that night and this gave me a lot trouble while taking the time and it will disturb to focus on the questions and so relax yourself and try to sleep soundly at that night)

  • Get Luke's Think like a manager book or consultant (Not like and technician or engineer) I strongly believe Luke is the brand for the CISSP world. He is humble, non-competitive, and quiet guy, but likes to excel in whatever he touches.

  • Senior Management is ultimately responsible for security matters

  • Roles and responsibility of information security matters

  • If you think you got wrong choices at the beginning, remember that there are 25 not scored questions in the test and you have still chances and never give up (CAT is very great to reduce your exam time and it has greater chances to pass than the old linear one)

  • All you need to pass is your constant dedication for your dream and self-confidence

  • Get the feeling of beating the beast and enjoy your greatest ever achievement

Good luck to you all.

With Best and Warm Regards,

Wai Yan Phyo


bottom of page