Hey students! Professor Simon here. I want to make a quick video about the CISSP Certification to share some information about it, tell you about my experience, give you some tips and tricks, and let you know the methods I used to pass the test.
The CISSP certification is very popular, especially for those entering cybersecurity. I highly recommend it if you’re aiming for a management role in cybersecurity or if you want a solid foundational knowledge of almost everything in the field.
If you haven’t heard, the CISSP certification is often described as “a mile wide and an inch deep,” meaning it covers a lot of information but only scratches each topic’s surface. When I took the test in 2015, it had just been condensed from ten domains to eight. These eight domains (or chapters) include security engineering, cryptography, compliance, laws, regulations, and more. Knowing them will help you organize your study plan.
My experience with the CISSP was challenging but extremely rewarding. I took the test in 2015, self-studied, and passed on my first try. Back then, the test was non-adaptive, comprised 250 questions, and we had six hours to complete it. As of May 2020, however, the test has been about 120 questions given over three hours, and it’s adaptive. In an adaptive test, if you get a question wrong, the next question will be similar, which can mess with your head a bit.
When I took the test, I had to put all my belongings in a locker and sit in front of a computer for six hours. I finished my first pass in about four hours and used the remaining time to review my answers. Even though the allotted time has been shortened, I still recommend taking breaks to stay focused.
A common question I get is when to take the CISSP. While I can’t recommend a specific timeframe, I will say that the more experience you have, the easier it will be to understand the questions. The test isn’t technical; it’s more about management. As an engineer, I had to switch from an engineering mindset to a management mindset to answer the questions correctly.
Here’s my study methodology: I bought the official CBK book from ISC² and read it cover to cover without taking any practice questions at first. I calculated how many pages I could realistically read each day and stuck to that schedule. After finishing the book, I took practice questions from various sources—like CCCure—focusing on one domain at a time until I consistently scored 80% or higher.
After completing all domains, I took a week off; then I took a full-length practice test. If I scored above 80%, I repeated the process. I also read Eric Conrad’s 11th Hour book right before the exam. This approach helped me pass the exam on my first attempt.
Keep in mind that you need five years of paid, full-time experience in one or more CISSP domains to get the credential, although certain degrees or certifications—like Security+—can waive one year of this requirement. You’ll need a sponsor with a valid CISSP credential to endorse your application.
For students without the required experience, consider starting with other certifications like Security+ before attempting the CISSP. If you pass the CISSP without the experience, you’ll become an Associate of ISC² and have six years to gain the required experience.
I hope this helps. If you have any questions about the CISSP, feel free to reach out. See you soon!
Questions?
If you have questions, feel free to email me at info@professorsimon.com or fill out the form on the Contact page. Also, check out the services I offer on the Services page and sign up for a FREE 30-minute consultation call.