About 5 months ago, I passed the CISSP certification exam. People have been asking me what I did to prepare, and I wanted to share that journey here. For the record, what worked for me may not work for everyone.
The First Attempt
I started this journey about 5 years ago when I first took the CISSP exam. Back then, the exam was 6 hours long and you had the ability to go back and change your answers. The CISSP exam is now 3 hours long and is a computer-adaptive test — meaning each question is dependent on how you answered previous ones, and you can’t go back to change an answer.
On my first attempt, I finished early and, since I had time remaining, went back and changed some of my answers. The minimum score to pass is 700. I got a 690. After that I was deflated, and spent 3 months studying on my own before losing motivation to try again.
Getting Back on Track
I wasn’t really motivated to return to the exam until the pandemic rekindled my itch to study. I had just passed the Certified Kubernetes Administrator (CKA) and Certificate of Cloud Security Knowledge (CCSK), and wanted to carry that momentum into tackling the CISSP.
Since I had come so close on my first attempt — studying entirely on my own — I decided to invest in a boot camp to help get me over the finish line. There are a lot of companies running boot camps for various certifications, but I heard from multiple people that Training Camp is a great place for the CISSP. It’s pricey, but worth it in my opinion. For those who are employed, it’s worth checking whether your company will reimburse a portion of the cost. The boot camp price should also include a voucher for the exam, and Training Camp gives you the ability to retake if you don’t pass.
The Boot Camp Experience
The boot camp was 5 days long — 8+ hours each day — and covered all of the domains. Even so, it still required me to go deeper into each domain after class each evening. There were topics I wasn’t as strong in, and I had to spend extra time reading the CBK to make sure I thoroughly understood the material as we covered it each day. The practice exams were invaluable for identifying where I needed to improve.
I’m not a great test-taker, so the practice exams also helped me get comfortable with the actual exam experience. I had about 2 weeks between the end of boot camp and my exam date. During that time I consistently timed myself, reviewed material, and minimized distractions.
The Best Advice I Received
The best piece of advice I got was to treat each question as its own standalone question — meaning: remove any outside factors or assumptions that might pop into your head as you’re reading. As I worked through practice exams, I noticed I was consistently making assumptions that got in the way of actually answering what was being asked. Breaking that habit was a big turning point.
Experience Matters
The other factor I believe helped me was the 5 years of learning, exploring, and growing across so many aspects of information security between my two attempts. Having real-world experience going into this exam matters — you start to genuinely understand a lot of the topics being covered, not just memorize them.
After You Pass
After passing the exam, you have to submit paperwork proving your experience and find someone to endorse you for the certification. After that, you receive a certificate in the mail along with some literature. From there, it’s about staying on top of CPE credits to keep the certification valid.
If you’re pursuing the CISSP and have questions, feel free to reach out. My LinkedIn and GitHub links are below.