CISSP certification journey — key resources that helped me pass the exam.
Recently, I passed one of the toughest cybersecurity certifications — the ISC2 Certified Information Systems Security Professional (CISSP) exam. This was definitely a key milestone in my career as a specialised Cybersecurity Program Manager. I thought to document my journey on medium as the strategies, methods or tactics used by me can help fellow professionals chart their own path towards preparing for this certification. One thing I liked about this whole journey was the whole process whether pass/fail, or in process of eventual pass makes you a better, well rounded cyber professional. There is definitely something to learn and apply in real life as well, in terms of setting ourselves tough goals, and the discipline to see things through the end.
At the very start of exam studies, the certification path exactly looks like the depiction attached above — journey would seem like a long road without any start and end, boulders and plateaus in between. The realisation that this was an uphill climb struck me 1 year post purchasing the Sybex official study guide (OSG), and consistently procastrinating on my studies.
Everyone has got their own reasons “why” they took up this certification goal. Mine was solely to expand knowledge, help me further develop and specialise in my role as a Program Manager managing technical cybersecurity programs.
One of my client mentors gave an advise back in 2020 that still stays with me,
“You got to work on your strengths, i.e, program/product management but at the same time sharpen your saw in the technical area you want to transition.”
This meant I needed to choose my learning in the cybersecurity field that attuned to my career aspirations. After a few contemplations, I reached out to folks who worked in this industry to gather their suggestions on the learning path, and gain insights on their day-day challenges on the job.
Post conflicting suggestions, I went back to my mentor and guide to get his advice, that’s where I first heard CISSP. His words still sounded clear to me until this date: “Why do you want to attempt 10 different flavours of cybersecurity certifications? Why don’t you just get the CISSP instead? Folks having program management skills like you with CISSP certification are a rare combination to find whenever we drive a transformational cyber program at Enterprise scale”
Little did I know back then, his recommendation for me was to attempt the gold standard certification in the cyber industry. Folks within the field backoff when they hear CISSP, just because of the sheer breadth of the syllabus as elaborated in the exam content outline. Some refer to it “mile wide and inch deep!”. Nevertheless, I took it up as a challenge back in 2021, and had the foresight that even if pass / fail, this journey will help me gain valuable knowledge in the field.
3 years down the line on April’2024, I was able to reach the summit, with on and off studying and procrastinating from 2021–2022. Right from my first attempt on June’ 2023, up until passing the exam in April’ 2024.
Being a father of 2 lovely kids (5 years old daughter, 1 year old son), I didn’t get the luxury of dedicated or routine study times, not to mention the formal workload.
Taking everything into perspective, I would reflect back as slowly digesting content and taking somewhere between 8–9 months study time. I know it sounds crazy, and you may know folks who just took 1 month to 2 wks to pass this exam. However, I am a slight outlier — shout out to all the family men out there! It's definitely not easy prioritising home, work-life and studies. I had no option but to take the studies as someone cherishes red wine bit by bit, and keeps the bottle stashed in cabinet for years.
This was probably one of the most challenging exams I have ever taken, testament to the fact that CISSP was the very first credential in the field of information security to meet the stringent requirements of ANSI/ISO/IEC Standard 17024 (ANAB accredited). Approved by US Department of Defence 8570.1. Whole journey is nothing short than preparing for a Masters degree in Cybersecurity. Really liked the way the exam makes you a well rounded cyber professional.
First attempt — June’2023
Approach to my first attempt with regards to study materials was rather sporadic, getting hands on whatever was out there on internet and using shortcuts (study notes, readily available ones) — big mistake! Had the OSG, read cover-cover 1x time, attempted practice questions on Boson, LearnZapp — Boson ones had me at 60–70% range. I was feeling a little jittery leading towards the exam on June’23. The computer adaptive test (CAT) beast took me to 175Q to fail me and tell me — go back and study! The whole time, I was failing and felt I wasn't ready! at the end of the exam I had a migraine. Lack of sleep, test taking anxiety and fear of failure kicked in and all culminated to eventuality.
Leading upto 2nd attempt on April’2024
For the 2nd attempt (April’24), I told myself I will not hurry into the study materials. Took some time to slowly digest content — kept telling myself its not about the speed, rather its the retention and application that will make me a better cyber professional.
NOTE: its not fun when you got a certification goal, study with baby on chest with a toddler to take care, and commit to working on critical assignments + household chores :)
Thanks to the mobile revolution, we are able to carry a computer in our pockets to review study materials. This helps when we don’t have a luxury of carrying laptops / heavy books most times. No option but to spare time to study late into the nights when the whole world sleeps. Also, exposure to kinaesthetic learning helps. I recall consuming content through all possible learning modes — audio/video, books — physical, mobile, kindle, show me-tell me sessions etc.
I have listed down the key resources below that helped me clear the exam. For anyone else still studying in shadows, “Keep moving forward, and get this done with!” Trust me, it's worth the sweat, sleepless nights and time invested in this certification journey!
Must-have books:
- The official CISSP CBK reference book, 6th Ed.
- CISSP Official Study Guide 9th Ed by Mike Chapple
- All-in-one CISSP exam guide, 9th Ed by Shon Harris (RIP)
- Destination Certification Study Guide by Rob Witcher
Video Learning / Long form / Short form:
- Mike Chapple LinkedIn learning course — referred prior to 1st attempt.
- Sari Greene course (O’Rielly) — referred prior to 1st attempt, and took up select modules while doing household chores.
- Game Changer: IT PRO TV — Adam Gordon CISSP course along with the detailed course notes per domain — PURE GOLD.
- Peter Zerger CISSP exam cram: Essential for constant listening — I don’t know how many times I played this YouTube video in repeat mode — starting at 1x then going to 2x speed.
- Prabh Nair CISSP coffee shots playlist (all videos)- PURE GOLD in terms of understanding the tactics and tips (few days before exam).
Study Notes:
Prepared my own study notes referencing the above books and CISSP prep videos from various sources. Occasionally relying on the quick references / notes from CISSP instructors mentioned below.
Quick references (For reading in the last 2 wks leading upto exam):
2. Memory Palace — Prashant Mohan
3. Adam Gordon course notes
5. Destination Cert. Mind maps
Practice Tests (Kept testing throughout):
Used custom option (10/20Q mostly) — towards last wk ended up doing max 125 set questions in one sitting (repeated cycle like 6–7 times)
- Boson CISSP exam simulation — worth the money $90 (get 1 year access)
- Game changer: LearnZapp CISSP mobile app — was able to complete 6 full length tests (my readiness was 70% — attempted around 1500+Q).
- Shon Harris — Total Tester — customised set of exams.
- OSG practice tests (online ones).
CISSP mindset videos:
1. Andrew Ramdayal 50 CISSP questions on YouTube — absolute must (1 day before the exam)
2. Why you will pass the CISSP exam — Kelly Handerhan — on the exam day
3. Peter Zerger — Think Like a Manager video
Audio content (podcast) for daily listening:
If you are starting the CISSP journey, its totally worth the effort IMHO. Do send me a DM if you have any specific query regarding the exam prep, I’ll be more than happy to answer.
LinkedIn: https://www.linkedin.com/in/abhinair01/
All the best, and never give up!
