DEV Community

Cover image for How I obtained my CISSP
Toul
Toul

Posted on • Updated on • Originally published at toul.io

How I obtained my CISSP

Intro

The Certified Information Systems Security Professional or CISSP is known for its rigorous exam and challenging requirement of needing at least 5 years of experience working in security-related roles.

I'm happy to say I was able to pass on the first attempt and would like to share my experience and study path with others interested in the CISSP.

I. Career Background

DevSecOps engineer for 4 1/2 years building security features for a platform in AWS cloud with Python, Go, and Kubernetes which obtained the ISO 27001 & ISO 27002 type I and Type II. During that time, I also received the AWS security specialty certification. Then moved to a whole security infrastructure security analyst job for about 5 months before attempting the CISSP Exam.

I felt that being in a DevSecOps role building a platform was advantageous since most of my day-to-day work revolved around the 8 tested domains of the CISSP;

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

II. Study Plan

II.a Get a Smaller Cert First

Obtaining a cert or two before going after the CISSP will be helpful because it will aid in building/refreshing study skills and building confidence. So, I first went after the AWS Security Specialty certification and recommend readers to do the same by selecting one of interest for themself.

II.b Books, Courses, and Bootcamp

I read it on my kindle over a month by aiming for 1-3% a day before bed, spacing it out helped me since the material is dry and is what I would recommend for all the books provided. But some folks are able to read them all in a month. In the end go at the speed that works for you and at which you can retain information without falling asleep.

I didn't use Thors Course at allβ€” the material felt redundant with info found in All in One and Official Study Guide. Also, I wouldn't say I liked that I had to set the play speed for each video manually to x2, so it interrupted me while working and listening. However, it is a well done video course for those who prefer videos.

I went through every question at least once until I got 90% of them right. For those that might not be aware within Official Study Guide books there are registration codes for Wiley's digital practice exams which I strongly recommend.

I did the BootCamp because the company offered to pay with no strings attached, so I figured sure why not. It was a grueling 5 day 12 hour a day experience with great books provided. Yet, I didn't read the books that came with that course felt redundant since I had already read the others.

However, I took lots of notes from the in-class session on the digital pad (my style of learning, which was especially helpful for the cryptography sections.

I focused on the "test-taker mentality" that the course instructor taught. Like how to select the best answers for the CISSP exam and how to think like a manager (I think this was most beneficial but can be found online pretty easily).

  • Pocket Prep phone app

I tried it but found it to be lesser than the already paid-for OSG tests and questions.

I didn't like the paywall since I had already paid for other resources and frankly the official resources are more than enough despite what others might say.

Doing, all the above took around 6 months to a year to accomplish. I prefer to space things out but others might prefer prepping in a shorter amount of time.

What is most important is finding a routine and sticking with it which for me was typically reading before bed and doing at least one practice exam a day of 120 Questions.

III. Days leading up to test

I kept doing OSG practice tests and
listened to YouTube videos by Larry Greenblatt and Kerry for thinking like a manager for the exam

IV. Day of test

I didn't sleep the night before from nerves, so I arrived with only 4 hours of sleep and went through the exam in 175 Qs at around 143 mins.

I took a break when I got frustrated with the vagueness of some questions and just started to click out of annoyance.

IV.a Test taking strategy

I focused on picking the best answer and trusting my gut.
It would be mentally exhausting to pick the 'right' answer each time versus the other choice, so I trusted my gut after reading the question 3 times.

  • Read each answer choice once
  • Start with the Last answer choice, then read up
  • Pick the Cheapest option if stuck between choices
  • Pick the thinking option if stuck between 2 choices
  • Test Qs review

The technical questions were decently similar to tech questions from OSG in terms of format 1-3 sentences
Overall, though, the questions weren't anything like the study material as anyone who's taken it will tell you.

Conclusion

I hope my shared plan helps you if you're going after the CISSP. I'm happy to answer any other questions as well!

Top comments (0)