Getting your CISSP Certification

I have two ISC2 certifications, the Certified Information Systems Security Professional (CISSP) and most recently the Certified Cloud Security Professional (CCSP).  I often get asked for tips on how to study and pass the CISSP or CCSP.

When I speak at conferences, many times I will be asked if I have any tips for passing the CISSP.  I recently passed the CCSP and received a similar question on twitter from @shqeel, so I decided to write this blog post with my ISC2 study tips.

I do have a few pointers to help you study and pass the exam.  First of all, buy the official ISC2 book!  It may seem obvious, but I was told don’t buy the official study guide???  By that time, I had already bought the official ISC2 CISSP Study Guide and was studying it.  I didn’t see any reason to change course at that time, and I am glad I didn’t because I was on the correct course.  I was able to pass the CISSP exam on the first try via self-study alone.  To be fair, I had practical working experience in nine of the ten domains.  Yes, at that time there were 10 domains in the CISSP.  What I did is create a study plan.  For the most part, I spent one week on each domain.  I remember there were some shorter domains, so I ended up completing 2 domains in one week for a few of them.  I spent approximately 1-2 hours per day reading the chapters and completing each practice exam at the end of each chapter over 3 to 4 month time period.

To reiterate, you have to read the official ISC2 study guide whether you take a boot camp or not.  I would say spend no longer than 5 months studying because the material is so broad and there are so many things you have to understand and yes sometimes memorize.  Now I know you are looking at the book online and saying what???  The official CISSP Study Guide is over 1,000 pages.  What I do when I am studying for an ISC2 exam is create a study plan and stick to it.  I spend 1-2 hours a day reading the material and taking the practice exam at the end of each chapter.  I make sure I at least get a 70% on each chapter exam before I proceed to the next chapter.  Of course, any test questions that I answer incorrectly, I go back and reread those sections.  You want to understand the material, so don’t just memorize it.  There is one caveat, there is some material that you will have to memorize.  Pay close attention to a particular diagram that keeps showing up in more than one chapter.  Think of something memorable such as a mnemonic to remember the diagram.  For example, years prior to taking the CISSP exam, I took a networking class and the instructor gave us a mnemonic for the seven-layer OSI model, and I never forgot it.





Recently I took a CCSP boot camp and studied for the exam and did not pass it on the first attempt.  One of the reasons why is I didn’t purchase and study the official ISC2 study guide.  The reason you need to buy the official study guide is that you have to think the way ISC2 wants you to think when taking the exams.  Sometimes you may be an expert in an area and the question isn’t exactly accurate.  This doesn’t matter!  You have to read and answer the question based on the answers provided.  You have to answer the best possible answer that is provided.  On my second attempt to take the CCSP, I regrouped and looked at my CISSP study tips.  The first thing I did was buy the official CCSP Study Guide and began reading the book and answering the questions at the end of each chapter.  Halfway between when you are planning to take the exam, sign up for the exam.  There usually is a 6-8 week delay in being able to sign up for the exam.  The testing centers get filled up quickly.  This will also force you to stay focused on your study plan.

On testing day, I was told to bring a lunch by someone who had already taken the exam!!!  Believe it or not, this really helped me to take a break 60% through the test and just mentally regroup.  I was able to sit at the back of the room and each my lunch.  Now please double check with your testing center that this is still allowed.  For the CCSP, it doesn’t take as long as the CISSP, so no lunch or snack was necessary.  You will also need 2 forms of identification.  I took my driver’s license and passport.  Lastly, don’t get up at the end of your test.  Just sit there and raise your hand for the testing staff to come help you exit the testing room.

I even got a tweet from ISC2 on this post: