Here is my CISSP journey… First, my background. I’ve been in IT since 1997, arriving late to the game at 33 years old. I started with a Windows 95 MCP then moved across to Access and VB development for a national logistics company. In 2003 I started working for myself providing IT solutions for small/medium sized businesses and non-profits so my day-to-day work touched on 4/5 of the 8 CISSP domains. Studying for the CISSP started in earnest in November 2019. I set myself the goal of taking the exam in March/April 2020. The COVID lockdown here in the UK would extend the date 3 times before I actually sat the exam.
I decided on a multi-layer approach to study materials. These were as follows:
• Sybex CISSP Official Study Guide (OSG) 8th Edition
It is dry and hard to read but it covers the entire syllabus. It is a big book so clumsy to carry round and index isn’t comprehensive so looking something up wasn’t easy. The search feature on the electronic version would have been better but I like turning pages!
• Thor Teaches CISSP Udemy Course – https://www.udemy.com/user/thorteaches/
This was my initial introduction to CISSP training. It was clear and concise and Thor’s real lifeanecdotes were very useful.
• Sybex CISSP Official Practice Tests 2nd Edition
This complemented the tests that came with the Sybex OSG. The questions are generally
considered ‘easy’ but looking back they cover a lot of ground.
• Boson CISSP Practice Exam – https://www.boson.com/practice-exam/cissp-isc2-practiceexam
Technical but invaluable because it gives an explanation for the correct answer and 3 incorrect answers so 4-in-1 learning experience. I printed each answer as a PDF and used these to search for key words.
• MF Prod CISSP YouTube Series – https://www.youtube.com/channel/UCIbeWc3tjvGgTS2uV5D2BUw/featured
This was my main deep dive video resource.
• Larry Greenblatt COVID CISSP course
Larry did this free 5 day live course. I caught the last four days.
• ITPro Accelerated CISSP Course – https://www.itpro.tv
Adam Gordon gives you 30 hours of non-stop learning – sit down, belt up and enjoy the ride!
Pay special attention to when he says “You will see this in the exam” because you will see it
in the exam!
• 11th Hour CISSP book
Short, sweet and to the point.
• Academy of Cyber Security CISSP Boot Camp – https://www.youtube.com/playlist?list=PLFRkA86gg0Q3BIheLZx51cUIil83Zf-H6
This 14 hour video series by Graeme Parker on YouTube is like the OSG being read out to
you. I watched them all (speeded up at x1.25) as my pre-exam revision instead of reading
the 11th Hour. It was fresh material and very helpful.
• Certification Station on Discord – https://discord.gg/certstation
This was my main resource. I would NOT have passed without the support of everyone on
there. The discussions, questions, workshops there were invaluable. It is like having a live
‘boot camp’ available 24/7
Each resource was stronger in certain domains. Laminated on top of one another, their combined strengths gave me a comprehensive study pack. I did not take many handwritten notes, preferring to type them out or cut and paste into Word/Notepad so I could read and search for key words later. I must have answered hundreds of the mini quiz questions that were posted on Discord. To start with I was getting many of them wrong, so I read the explanation and remembered key words. Do not dismiss older technology because anything in the Official Study Guide is fair game for the exam. I had two questions on technology I had not seen or used for 15 years. Each took up 2 lines in the 1,000-page OSG and could easily be overlooked. That said, you don’t need to memorise everything in the OSG word-for-word to pass.
Am I ready for the Exam
This is probably one of the most asked questions. Mindset is key. I had not read the OSG all the way through, so I spent the weekend before my exam reading it and completing the tests at the end of every chapter. When I did the tests this time, I knew why the answers were correct. Some would say I left it too late but for me it was a mental tick box exercise, a due diligence thing. After I completed the last test, I was ready to take the exam. This has been said before – know the flow of the SDLC, RMF, IR, BCP, BIA, DR etc. You will be asked questions on these and you will need to identify from the question where you are to answer it correctly.
Before the Exam
The test centre was 90 miles away, so I allowed plenty of time to get there. Remember your two
forms of ID!!
I listened to Domain 5 again in the car on the drive there (it must have helped – I had 2 questions on
IAM in the exam that I was able to answer immediately!).
I listened to Larry’s (https://youtu.be/eLYbFtS7G9E) and Kelly’s (https://youtu.be/-99b1YUFx0A)
videos about exam tips and the risk advisor mindset in the car park before making my way to the
I booked in about 45 minutes before my exam start time. I was the only person in the test centre, so
there was no completing the forms and having my photo taken. The staff were very helpful. I had a
face mask with me but was told I did not have to wear it so that was left in the locker with keys,
Before the exam starts, there is a countdown timer during which time you MUST agree to the NDA. I
used this time to write out the mnemonics for SDLC, IR, RMF etc. I started writing the OSI out but
could not remember layer 2! My heart was racing. “Calm down” I told myself. I took a deep breath
and moved to layer 3… layer 2 would have to wait until after the exam!
Following the advice of others who had taken the exam, I took my time on the first 15 – 20
questions. This allowed me to get over any nerves and focus on the questions. I made sure I read
each question twice and read through the answers. After I selected the answer and clicked “Next”, I
focused on the next question. This is key! You cannot go back so there is nothing you can do about
previous answers. Focus on the question in front of you.
Some questions were ‘easy’. I was able to identify (what I thought was) the correct answer immediately, so I didn’t hang around – I selected the answer and clicked “Next”. Some questions would take longer to answer so I made sure I kept an eye on the clock because timewise I could not afford too many of these. After a maximum of 3 minutes I picked the BEST answer, clicked “Next” and moved on. There were questions where all answers appeared correct, but they were looking for the CISSP answer. These required a bit more concentration. At 100 questions, and with 50 minutes left on the clock, my exam finished and was told to make my way to reception to get the result. I had noticed the questions getting easier after 90 but could not say if I passed or not. Unfolding the printout, the first words I read were “Congratulations. We are pleased…” I didn’t need to read any further…I had passed! PTL!
As I have already said, the Certification Station Discord server was key in passing this exam. There are too many individuals to thank personally, both the members and the “professionals” – you all helped me to pass. I am very grateful to you all. I want to give a special mention to one member – “In”. The undisputed “Test Bank King”, his unlimited supply of questions, and the ones other members posted, helped me no end. I had 5/6 questions that I was able to answer because of the sheer volume of questions I had seen.
You can pass the CISSP and you can teach an old dog new tricks!!