Dave On Cyber

I failed the first CISSP attempt on 26th October 2022.

After more than a year of preparation, I had no determination to face the exam again. But the report card forced me to look at the shiny side.

The exam summary indicated I have passed four domains and require proficiency in others. After retrospection and a few long walks, I told myself to measure the gain, not the gap. At least I was 50% there.

(ISC) 2’s voucher with financial relief boosted remaining confidence. I booked the exam on 21st December 2022. I had roughly three months. The mental game was on. I shifted my fundamental approach.

I focused more on practice questions than study materials. Moreover, I spent more time understanding why the wrong answers were wrong.

Although the CISSP exam format, structure and material are static for everyone, the individual journey to achieve the certification is dynamic.

CISSP is not just an exam. It’s an emotion.

CISSP is an exam that makes you feel emotional whether you pass or fail.

CISSP is not a sprint. It’s a marathon.

I am privileged to share my CISSP story. I hope it motivates you. I love the non-linear storytelling style. So, let’s start from the climax and then move to the beginning.

I will highlight seven areas in this article.

1. CISSP Exam (The D Day)

2. Background (The Mindset)

3. Consumption of material (Acquisition)

4. Leverage Creativity (Retention)

5. Connecting the dots (Strategy)

6. Thought Provoking Ideas (Wisdom)

7. The Custom Approach (Your Style)

1. CISSP Exam Day

On exam day, the mantrap entrance door reminded me of physical control. The CCTC cameras on the wall recalled preventive and detective controls. I entered the exam hall and signed a non-disclosure agreement (NDA). It reminded the concept of trade secret. I scanned my thumb and palm, and biometric security types and false positives flashed before my eyes.

CISSP was in my nerve, mind and body. For the first time, I felt what it means to sleep, eat and walk CISSP.

I went inside the exam centre. It was so quiet that I could hear my heartbeat. I asked myself. “Am I confident?”

The answer was “No.”

I sat down and took a long breath.

I didn’t take a break during my first attempt. But it’s essential. It reset your mind. My strategy was to complete 120 questions in two hours. I took a break after two hours and completed the remaining 55 questions at my own pace.

When I was about to answer the last question, I knew I didn’t pass, but I was happy for some reason. I have improved in those four domains and as an overall security professional. That’s the beauty of CISSP.

You will never be the same person after studying CISSP. It doesn’t matter whether you pass or fail.

I came out and had no courage to look at the report. When the exam facilitator gave me the printout, I told her, “I need another attempt.” She smiled and didn’t say anything.

Which domain may require more study? I needed to be more confident in the security operation next time. The residue effect from the CISSP exam is significant. I kept thinking about some of the answers I attempted with confusion. There was a bombarding of thoughts in my mind.

It took me more than five minutes before I opened the exam report. The first keyword that grabbed my attention was “Congratulations!”

I had goosebumps in my body. I felt extreme emotions and energy.

“You did it,” I told myself with wide-opened eyes and a state of shock.

Although the entire journey wasn’t a piece of cake, I rushed to the bakery and ordered a pineapple cake.

2. Background — The Mindset

I am starting with a brief background because it plays a vital role in your CISSP journey. You may only realise that your career background is your mindset once you start facing CISSP practice questions.

I had a 100% technical mindset due to my security engineering and architecture career background. I needed a significant mind shift to think like a manager for the CISSP exam. If your exposure is related to a managerial position, it would be easy to adapt to the taste of the real exam.

You want to address problem-solving and troubleshooting attitudes as early as possible. Luke Ahmed’s How To Think Like A Manager For the CISSP Exam helped me adapt to the new mindset.

Once your mind is ready on what to focus on, the next step is to consume the material with that mindset.

3. Consumption of Material (Acquisition)

I started by reading every word of the Official (ISC)2 Sybex Study Guide from the first to the last page. I took practice exam questions at the end of the chapter and from (ISC)2 practice exam book. Those are far from the actual exam but require gaining momentum and testing your solid understanding.

The most important thing that helped me was taking handwriting notes. I have scanned all the handwritten notes. You can download handwritten CISSP Notes for your study reference. I hope it’s helpful to anyone who is preparing for the exam.

Putting my study notes in the public domain is a genuine effort to contribute to the community.

After reading the book, I subscribed to Study Notes And Theory, watched all the videos and read articles.

4. Leverage Creativity (Retention)

CISSP is a beast only if you ride without interest. Finding your way to make the entire journey as joyful as possible is crucial.

You should have the same urge to sit and read CISSP as eating a pizza with beer! The below sketch depicts what it means to eat and drink CISSP.

I was always into writing and learned digital sketching during the pandemic. I used art and creativity to express CISSP concepts on LinkedIn with digital sketches. LinkedIn’s likes and comments encouraged me to continue and sustain my study momentum.

The best way to retain is to teach others. Writing articles on LinkedIn, making videos on YouTube, or publishing podcasts amplifies the study experience. But spend less time on the creative side. You can continue after passing the exam. I am expanding those sketches into full-length articles on this site with my ambitious project – Cissp As An Art.

5. Connecting The Dots (Strategy)

The thing about CISSP is you can read forever, but you have to face the practice questions to test your knowledge. I failed the first time because I spent most of my time reading and less on practice questions.

I called a few people who passed CISSP and understood their strategy. I tweaked a few things and came up with my custom strategy.

• Take BOSON Exam A — review incorrect answers and pay attention to weak domain areas. Study those topics from (ISC)2 official study guide and All In One. I would also read at least three articles on those topics. Repeat these for the rest of the BOSON exams. This exercise gave me a good grip on handling technical questions.
• Practise the 25 most challenging questions of How To Think Like A Manager For the CISSP Exam. I would hide the answer on the right page. My overall score was 13 out of 25 (52%). Note those questions are tough, and they are crafted and designed to test your manager’s mindset. Whether I got the right or wrong answer, I religiously read every word in the explanation. This workshop elevated my managerial approach to handling questions.
• Take Adam Gordon’s CISSP Question of The Day on LinkedIn and apply the same approach. I would dedicate two hours to answering 120 questions. This intense exercise aimed to complete 120 questions in the first two hours of the real exam. I would review incorrect answers and spend dedicated sessions understanding those topics/ processes.
• Prabh Nair’s Coffee Shots — Don’t just watch the video. I would pause the video when the question pops up and think about the answer. Take your own time. Enjoy every sip of the coffee.
• Prashant Mohan’s Memory Place — It’s a quick CISSP refresher from Prashant’s notes. It’s short and to the point and must be read for core CISSP concepts.
• Discord Certificate Station is a 24×7 community where I can discuss doubts but mainly use it for practice questions.
• Driving sessions with Destination Certification — I made a dedicated 5 km circuit to listen to Rob’s videos in the car. It was my go-to playlist whenever I was driving. It gives you a solid mapping of concepts in the CISSP domain in less than 15 minutes.
• Eleventh Hour CISSP — I use this as a handbook wherever I go. Whenever there is a little timeslot (five or ten minutes), I read a few pages of the weak domain.
  

  6. Thought-Provoking Ideas (Widsom)

  I am sharing some wise thoughts from Luke Ahmed and Prabh Nair on the CISSP exam.

  Be the master of elimination — if you don’t know the correct answer, train yourself to find wrong answers. I used this as a critical tactic in my preparation. If you get the correct answer during the practice exam, invest a minute in understanding why wrong answers are wrong.

  Everything is connected to everything in CISSP — this is mindblowing. Once you see CISSP as a big tree, you will see all the domains are not separate. Invest time and see how to connect one topic from domain 1 to all the domains. Luke explained this well in one of the Study Notes And Theory videos.

  Dedicate an entire day to a specific topic — there are core CISSP processes and issues that deserve a day of research and reading, such as DR/BCP, Risk Responses, Kerberos, SAML and OAuth 2.0

  Learn to read the keywords — invest good time in reading the question and train your eyes for the keywords such as “least”, “most likely”, and “most important”. Once you know that every question has a keyword, it will help you eliminate the wrong answers.

  7. The Custom Approach (The Style)

  Many stories can inspire you. But create your own at the end.

  I am sharing a few custom approaches that helped me pass the exam. Discover your style and share it with the community.

  Prepare with intensity. For example — practise exams with a clock timer and make them more intense than the actual exam (time-wise). The idea is that the more intense your preparation, the less anxiety you will have in the exam. But if you take a practice exam with ease and without a timer, you might get anxious during the actual exam. I almost ran out of time on the first attempt, but I came out 40 minutes earlier on the second attempt.

  Ensure every practice exam is an improved iteration. For example, if you take a 150-question exam with incorrect answers, you must understand Kereberose, MAC, and DAC. Take a break from the practice exams and study those topics from all the material, Internet and discuss with your buddies. Once you work on the current iteration, you should have a revised understanding during the next practice exam. I repeated this approach for all the practice exams.

  Start slow. Read my article on CISSP for slow readers — CISSP is like a raw salad! You have to chew it properly to digest it. You rush into it. Spending an hour deeply understanding one concept is better than finishing a chapter. From this context, whether you pass or fail the exam, you will be a better security professional.

  Start your CISSP journey today with Cissp as an Art project.

  –

  Join my private email list – I share CISSP concepts, AI insights, short films, industry news, learning resources, and curated content. You can check out the sample newsletter before you subscribe. No spam. No ads. Unsubscribe at any time.