CISSP: Exit Notes

This blog is my experience appearing for Certified Information Systems Security Professional (CISSP) Exam.

The Pretext

CISSP is a highly values certification issues by ISC2 . Obtaining a CISSP certification demonstrates a comprehensive knowledge and understanding of the eight domains of information security, including security and risk management, asset security, security engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security.

Having a CISSP certification with relevant experience can lead to greater job opportunities, increased earning potential, and higher levels of professional recognition. Many organizations require or prefer candidates with a CISSP certification for roles such as chief information security officer, security consultant, or security analyst.

Moreover, earning a CISSP certification requires a significant amount of experience and knowledge in the field of information security, which means that those who hold the certification are regarded as experts in the industry. This recognition can be beneficial for networking, professional development, and building credibility in the information security community.

Moreover in May 2020 UK NARIC, the UK’s designated national agency for the recognition and comparison of international qualifications and skills, has found the CISSP Certification comparable to RQF Level 7 Masters degree standard.

My First encounter

I have appeared and cleared the CISSP exam in April 2021. But, I first learnt about the Certification back in 2012. Since 2012, I have tried to read about the literature couple of time with multiple non-serious attempts or scanning the textbooks.

In 2020, I had bought the Exam Voucher with ISC bundle on online training at a discounted price. In March 2021, I was appearing for IEC 62443 Certifications and was on track of reading. Once I finished my IEC 62443 Expert Certification I had put a 30 days plan for CISSP. The 30 days plan had worked well for me.

I have used the 30 days learning to mentor 5 of my colleagues to appear for CISSP and fortunately all of them were successful.

The Plan

I had started my learning first using the Videos of Mike Chapple at Linkedin Learning. Mike was in the process of releasing the 2021 version of the course and I could only attend the few of them and used the earlier version learn. I watched the videos religiously and kept notes of the new topics and facts that i had learnt.

Immediately after the video lessons of a Chapter I had started to appear for the Test Practice book of by Mike Chapple . Wherever I was not able to answer the questions I used the ISC2 official CISSP book to read the topic thoroughly.

Reading the book gave me the understanding that the Videos are good to learn at the high level and to get to the factual level information I had to read and make notes. I used Post It note for the topics that required rehearsal. I had finished this for all 8 chapters.

After finishing All the chapter I had reattempted all the questions once again and this time maintained an excel of the questions which i was not able to answer to revise before the exam. So in total I had reviewed all the questions in the (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide & Practice Tests Bundle. This would be some where close to ~1400 questions.

Day before the exam

One day before the exam I had used the CISSP Cheat sheets graciously shared by Nikhil Singhvi Jain S 🇮🇳 (Doctoral Student, CISM, CISA,CCSFP-CHQP, ISMS LA) . I had also reviewed Eleventh Hour CISSP®: Study Guide. This guide i was able to finish in couple of hours.

The Day of exam

I had reached the exam centre intime and was lucky to get cabin room. This has provided me unhindered focus in the exam. It was a 100-150 question exam with 25 survey questions(Unscored). It was revised to 125-175 exam in June 2022 with 50 survey questions.

When is started seeing the questions I was unamused , All my previous experiences for certification exams was that I would solve the questones from the official sources and the quetions in the exam would be of same pattern. CISSP was different. In the practice book most of the questions would be with short text and 2-3 words options. In the real eaxam the questions were lengthy and the options were sentences(sometimes multiples).

This not only gives you the fatigue of reading the questions but also to answer you have re-read the options a couple of times. Since its a Computerized Adaptive Testing (CAT) format exam. If a candidate answers with high accuracy the exam will stop at any point after 100th question and declare the candidate as pass. Or it may do otherwise if the candidate is answering the questions wrong it will stop and declare the candidate fail.

I had started becoming jittery after 100th question as I was not sure what was happening. I had to answer till 150th question. It was 4 hour exam but I was able to finish it within 3 hours. I had submitted the exam and since there is no notification I was clueless till i reached the admin desk to get the printout of the result which has declared me as pass.

Learning from CISSP

So I have passed the exam and got the certification in 2021. I am writing this article in 2023 and want to share the outcomes and the professional benefits I got after this.

I have been working in cybersecurity field since the beginning of my career in 2009 and till CISSP all the learning were scattered. CISSP had given a structure through the eight domains. The thought process to approach a project has changed. This had increased visibility and diversity of projects i could take. My credibility in customer pitches has increased and networking became more concrete.

CISSP is a highly valued certification with 156,054 members globally in July 2022 and only 3364 in India. The pass rate of CISSP is approximately 50%-60%.