Blue Hat Security

How to Crack the CISSP Certification

April 07, 2021 | 3 Minute Read

CISSP is by far one of the most craved certifications for security professionals. And it is rightly so, considering the amount of effort one has to go through to get this qualification. Yes, a lot of work goes in, but it’s far from impossible and achieving it comes with great satisfaction and it truly opens new doors. Why? Companies trust CISSP. Got CISSP? Companies trust you.

Here are a few thoughts based on my experience split in the following sections:

  • How I prepared for the exam
  • How I should have prepared for it
  • Outcomes and next steps

1. How I prepared for CISSP

You will find many discussions on resources out there, what worked for different people. The following 2 books worked for me:

  • CISSP Official Study Guide
  • Eleventh Hour CISSP

I am confident I couldn’t have passed the exam by studying only one of these books. They don’t overlap 100%, so I wouldn’t think of the Eleventh Hour CISSP as a summary for the official guide, as some do. Were they enough bundled together? Yes. This exam follows a CAT format and you receive between 100 and 150 questions. As soon as the algorithm knows you’re going to pass or fail for sure, the exam stops. Mine stopped at 107 questions and these are the only resources that I used. It is worth mentioning though that I really understood and knew them well before going to the exam - I didn’t just read them as novels.

It took me 4 months to study them - 2 months to read the first time, 2 months to go over the more difficult chapters until it all made sense.

2. How I should have prepared for CISSP

Although I read many reviews and discussions on CISSP, somehow I missed the fact that it was going to be a very practical exam, scenario-based questions. That came as a big surprise to me and, as everyone else, I don’t like being surprised at exams. So if I would do the exam again, there is only one thing that I would change: I would add some practice tests, other than those found in the above books, which are too theoretical. In this way, I would feel more familiar with the exam. I would probably use one of the following:

  • CISSP Official Practice Tests by Mike Chappel et al.
  • CISSP Practice Exam by Shon Harris et al.

3. Outcomes and next steps

As soon as I got CISSP and tiny bit bragged about it, I gained more visibility - more people became interested to network, exchange thoughts on security topics or collaborate. There is also the (ISC)2 portal I got access to, which helps seeing what others in the industry are concerned of or the security tools and practices in trend.

Should CISSP be the final goal as a security professional? Definitely not. With CISSP you gain a broad view on security, but hardly any depth. You’d still have to invest more time in training and with CISSP you’ll have to, as the only way to maintain your accreditation is to prove that you continuously invest in your education.

Conclusion

CISSP is challenging and it takes a great deal of effort to prepare for it, but it’s not impossible. It’s important to use the right resources to get ready for the exam, including going over some practice tests. Finally, CISSP helps you earn others’ trust which goes hand in hand with progressing in your career, hence undoubtly the effort is truly justified.