So, at the end of August of this year, I passed my CISSP 2024 exam after getting to 100 questions. I figured I’d create a post detailing my experience preparing for the exam and taking it (as much as I can without going into too much detail).

To those that are preparing or thinking about taking the exam, here is what I did.

NOTE: My background consists of a BS in Computer Science, 5 years of experience in RMF cyber compliance, 2 years of Penetration Testing, along with some software development internships as well.

Step One: Buy 💰

The first thing I did before studying was buying and booking my exam at a local test center - I bit the bullet and did it. No stop, just go. It light a fire underneath my butt to be as studying as consistent as I can so that I didn’t waste my money in the end.

Personally, this helped a lot since a lot of the content in the CISSP can be dry at times and would cause me to procrastinate less.

Ultimately it’s up to you and how much risk you are willing to take on… (pun intended)

Hot take: Depending on your skill level and experience already in cybersecurity, book the exam and only give yourself 2-3 months to study and prep. All of this is dictated on what your experience level in the field is and how technical you are as well.

I used both the Official ISC2 CISSP Study Guide book and bought the Destination Certification book later on based off of recommendations on the r/CISSP sub-reddit. I’d recommend reading the ISC2 book all the way through once and use it as reference since that is exactly what the exam will be on. I found with the Destination Certification book, the Mind Maps and visualizations they provide helped the most. Personally, I am more of a visual learner so it definitely helped in learning complex topics or ones I just wasn’t too familiar with.

Step Two: Study study study… 📚

First things first, creating a simple study schedule in excel, your favorite text editor (neovimbtw), I don’t care. The point is to have some kind document with your written down schedule

Second of all, and probably the biggest thing, Go through lots and lots of question sets. Practice makes perfect here - this is really how you learn to answer the questions “Like a CEO” a.k.a like a manager/how ISC2 wants you to answer them.

IMO you should be going through at least 100 questions a day, depending on your exam timeline. 100 sounds like a ton, but in reality it isn’t if you are doing it at least some throughout the day using great apps like Pocket Prep or LearnZapp. I liked doing a Quick 10 questions during lunch at work or even sitting on the toilet - do whatever works best for you.

NOTE: Unfortunately, no matter how many questions you do - it won’t be the same as taking the exam itself of course. Do all of the practice questions you can and just know that they won’t exactly look or sound like the actual exam questions, but they get close to it.

Both have great question sets for all 8 Domains, but I personally I invested most of my time in the Pocket Prep app and bought the premium subscription (around $15-20 per month) and it was worth the price with all of there features (Question of the Day, Subject Scores, Quick 10 questions, Level Up - a gamified way to test your knowledge of a specific domain) and practice exams.

Lastly, listening and watching CISSP Cram and Destination Certification Mind Map Youtube playlists during free periods of time or while doing other things.

If I was meal prepping lunches for the week - I was watching the videos on my phone.

If I was doing chores such as folding laundry - I was watching the videos on my phone.

If I driving to and from work during the week - I was listening to videos.

If I was driving to and from the gym - I was listening to videos.

Tip: If you want to do the video idea I recommend downloading all of the video playlists onto a video player app on your phone like VLC or just buy Youtube Premium if you want. But if you want the free option, use yt-dlp or youtube-dl to get the videos and play them on VLC :)

Step 3: Exam 📝

Didn’t do anything crazy on exam day - since I booked the exam for 9am.

Basically I got up, had my breakfast, got ready for the day, reviewed a couple of sections that have been tricky for me, and head out. I was a little nervous, but I just went into the exam with an open mind and told myself that no matter what happens, it doesn’t make me less of a cybersecurity professional. Walking into the examination room confident is better than not walking in with confidence at all.

If you aren’t experienced with taking “adaptive” based exams, it can be a bit jarring at first. Answer all the questions to the best of your ability and try to keep pace as best as possible

Tip: In Pocket Prep (maybe other apps too) you can see the average amount of time it takes you to answer questions. Use this as a guide to help you understand if you are going to fast or slow.

I’ve heard through reddit and other co-workers that have taken adaptive exams that answering the first 10 questions right on the exam is a big deal and can make or break the exam. Not sure how valid that is so take the with a grain of salt.

Step 4: Win 🏆

Get that white slip of paper saying you passed and celebrate!

… yes it’s not as easy as it sounds. But with a bit of hard work and dedication, you too can prosper with your “HR bypass” slip of paper.

If I can do it, you can do it too.