Open in app

Sign in

Write

Sign in

Passing the CISSP exam in 60 days

Angel Mercado
Writeups/notes
Published in
5 min readOct 6, 2023

What is the CISSP?

The CISSP certification is a widely sought after certification that demonstrates a candidates knowledge about cyber security and how it is applied in a business environment. The exam covers the following domains:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communications and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

This exam is a bit different from other certifications in that it employs a computerized adaptive testing (CAT). This type of exam adapts to the student’s ability, this provides more accurate scores and better demonstrates competence in the tested topics. In addition to the exam itself ISC2 ensures that candidates have a minimum of 5 years experience in two or more of the exam domains prior to being fully certified. You can still become an associate if you do not have the required experience in which case you have several years to gain the experience needed.

Materials used to prepare and my review

  • Official Study Guide: 10/10 reading this book is essential to passing the exam. It would certainly be possible to pass without it, however you may be risking $800 not to.
  • LearnZ app: 8/10 This comes with 8 practice tests, a ton of pre-made flash cards. The only reason I do not give it a 10/10 is that it is not essential to passing. The questions look the same as the questions that come with the OSG. If you are looking to save money when studying I would recommend only purchasing the OSG, taking its practice exams and making your own flashcards. However it is extremely convenient if you are short on time.
  • Boson exam questions: 7/10 The CISSP sub reddit seems to really dislike these questions as they claim its a bit more technical than what is required for the exam. I disagree I think the challenging nature of these questions ensure that you have a deeper understanding of the exam domains. Its answer descriptions are invaluable and thoroughly explain why each answer is right/wrong.
  • YouTube: 10/10 I watched several CISSP videos including @InsideCloudAndSecurity exam cram video, and most notably the ‘Think Like a Manager’ video which in my opinion is essential in getting the right mindset for taking the exam.

Studying breakdown

I originally considered attempting the exam with only 30 days of studying, however after reviewing other students experience with the exam I thought it best to double my time. I am paying out of pocket for the exam and it would be devastating to have to spend $1600 due to a failed attempt. I figured that because the CASP+ is somewhat similar to the CISSP that I could simply skim through the Official Study Guide book and simply read up on topics that I needed a bit more depth on. In the end I decided against this and read the OSG cover to cover and am glad I did. Had I not read the OSG cover to cover I do not think I would have been successful in passing the exam. I used Obsidian to take notes on topics that I did not feel overly confident in and in areas where a lot of memorization was required. I waited until after I had fully finished reviewing all material prior to taking any of the exam questions.

I was unemployed while preparing and was therefore able to dedicate at least 4 to 6 hours daily in studying. The majority of this time was spent reading the OSG, taking the end of lesson quizzes and taking notes. It took me about a full month to fully complete the OSG, its end of lesson exams and my notes. I spent week 5 reviewing my notes and re-reading each chapter summary and exam essential bullets to ensure that I knew about each bullet listed. On week 6 I began taking the CISSP app practice tests. There are 8 practice exams, I took one each day. I began by scoring around 78% in each exam, and scoring upwards of 85% in the later exams. This left me feeling confident. After completing these exams I began using the Boson exam questions in study mode to get more questions, these were considerably more difficult than the CISSP app questions, however the explanations for each question were fantastic and I felt like it gave me a bit more coverage on a lot of the exam domains. In the final week I mostly watched YouTube exam cram videos, focusing on the topics which I felt less confident in, particularly the Software Development Security domain. I finished up with watching a bunch of ‘Think Like a Manager’ videos which I think are essential, as many of us are tempted to fix problems rather than fix the process causing those problems.

Study Tips

  • Use the practice questions to identify which domains you are weak in, and focus on them heavily.
  • Do not take any practice exams until after you have completed studying all domains
  • Find a method of studying that you will help you stay consistent whether that’s a video courses, the book or audio book. Just make sure that the source you use is of high quality.
  • Take notes and review them regularly to ensure that you do not forget stuff you already reviewed.
  • If possible implement some of the stuff you read in the book. In my case I had no experience with a SIEM platform so I installed Wazuh to try it out and get a feel for how SIEM might be used in the real world. This can help reinforce learning although I recognize it might not be possible in every domain.
  • Schedule your exam as soon as possible after completing all study materials. This will ensure topics are fresh in your mind.
  • Use r/cissp it is a great resource with a bunch of knowledgeable people who have achieved or are studying for the CISSP. You can ask questions here and can even find the most popular study materials people use.

Exam Tips

Due to the NDA I cannot discuss any particulars relating to the exam, however I can make some general recommendations that may help those considering taking the exam.

  • Ensure that you have the Manager mindset, it helps to repeat this mantra to yourself as you take the exam. This will ensure that you are thinking from the correct perspective on answering each question, you need to remember that you are not the technician fixing the problem.
  • Read the available answers. If you are struggling in understanding what the question is asking, then read the available answers and then re-read the question. I found this method helpful as it helped me gain some context as to what kind of answer the question was looking for.
  • Don’t panic. The CAT exam will change the difficulty of your questions regularly, you may be presented with easy questions and then considerably harder questions. I would try to keep this fact out of your mind and keep focus on the questions. It certainly messed with my head and I almost wished that I had not known this fact prior to taking the exam.
  • Ensure you read each question carefully. There are often keywords (NOT ,BEST etc.) that you can easily trip you up if you miss them
  • Be well rested. Many people recommend not studying the day prior to the exam and I agree, it helped me have a fresh mind when entering the exam room.

Good luck to any future test takers!

Cissp
Cissp Certification
Cybersecurity

--

--

Angel Mercado
Writeups/notes

Written by Angel Mercado

18 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams