Preface
I’ve had this one in my head for a while. Essentially, I’ve described what I did, and most importantly what NOT to do while pursuing the CISSP, or any other professional certifications for that matter. It mostly boils down to eliminating procrastination and maintaining positivity. I really hope this can help someone out there.
Starting the Journey
When I was a young government contractor, I always looked for the next step. I still am, for the most part, learning to savor the process more and enjoy life. I came into the Civilian workforce with the basics- a successful 8-year enlistment in the Navy, Security+ certification, and a solid IT foundation. I had planned to become a direct Government employee as soon as possible and knew many who had “upward” mobility held the coveted CISSP. Therefore, I started dipping my toe into practice questions but was in for a rude awakening.
Taking it a Bit More Seriously
After leaving my contractor position, I had finally “made it” to where I wanted to be- the coveted GS, Civil Service pay scale. However, it wasn’t until a couple of more years that a certification of that magnitude became a hard requirement, meaning my job literally depended on it.
In early 2019, I was able to attend a “Boot Camp” for CISSP, which consisted of roughly two working weeks of content. For the two years before that, I was focusing on some things. I was heavily content and concentrated on my job and cycling in/out of college courses. In fact, I was in college courses DURING the Boot Camp. That was a bad call.
Had I been focused, the Boot Camp would have worked wonders. The instructors were great, and the other attendees really knew their stuff. The ones I know who passed (the CISSP exam on) the first try were surely in the correct mindset and lightyears ahead of me when it came to studying maturity. I had skimmed some of the Official Study Guide, sure, and again dipped my toe into random practice questions before the Boot Camp.
The Exam- Initial Attempts
During the Boot Camp, it was advised that we did not wait more than a few weeks to a month to test, otherwise we would risk losing comprehension of the material. Of course, I took the advice, especially since I had a family vacation shortly following. Luckily, work paid for that attempt (and two more). A word of advice- when studying for the CISSP, try not to have anything else going on other than your normal job. Hey, we all need to get paid, right? The goal is to have as little distraction as possible.
The first attempt was an absolute nightmare. Honestly, it felt like I got the wrong test, and nothing I had ever studied for in my life. My palms were clammy. My heart was racing and I just wanted to get out of there. I will say that the testing algorithm allowed me to complete the maximum amount of questions, 150. I suppose it thought I had some hope. Following my summer vacation, the second attempt actually felt worse, after more futile scatter-brained study methodologies. I’d like to note that I did have many coworkers in my corner, however. I was also going through a lot in my personal life. Again, the test allowed me to complete the maximum questions.
Side Quest: The CISM
After my second CISSP failure, I had one more exam attempt funded by the Federal Government. I did some research on next steps. A co-worker had recently passed Certified Information Security Manager (CISM), and also got picked up by a very large company that I will not name. I will say they build a vast majority of commercial planes in the US.
After doing some digging, I liked the sound of the CISM. Studying was a breeze with just a book and the official Questions and Explanations from ISACA. I quickly blew that test out of the water.
I’ll likely write a piece on the CISM in the future. Overall, it is highly relevant to my job and absolutely made me better. The ISACA community, webinars, and learning ecosystem is top-notch as well. I highly recommend pursuing at least one of their (ISACA) certifications in your career.
More Studying and Procrastination
Over the next couple of years, I continued to dip my toe in and out of studying. Over those years, I can honestly say I read, or at least touched, every one of the 1,000+ pages in the Official Study Guide and drilled over 1500 questions. You do NOT need to do that.
Destination Certification and an All-Out Grindfest
It was roughly March or April, and I had reviewed some of the world famous CISSP Mind Maps on YouTube. One of the videos brought up the topic of a “mini” crypto masterclass https://destcert.com/mmc-cryptography/
I highly enjoyed the format and true/false knowledge assessments, which gave me the feel of the ISC2 logic of the real deal. After completing the mini masterclass, I also downloaded the companian apps of questions and flashcards. It was the practice questions that really made me realize “I don’t know shit.”
Of course, I knew more than shit, though that didn’t stop me from purchasing the entire Master Class. I am also my own harshest critic, by a long shot. Over the next few months, I went through the videos of every domain, performing each knowledge assessment as I finished the videos. I then focused on grinding out all 600+ practice questions provided by Destination Certification. I would then go back to watch video or review the Official Study Guide on my weak points. Mine was mostly domains 3 and 4.
I was scoring and rationalizing about 80% proficiency on ANY random sampling of reputable questions. Prior to Destination Certification, I was scoring around 70-80% on Boson and the official practice questions as well, but could not rationalize that great. Brute-force memorization is futile here. Around April, I scheduled my exam.
The Exam
For me, it was a Monday. I recommend taking the day off work and having a restful weekend prior. New week, new you, right? The feel of the test was still similar to that of my 2019 failures, but I was infinitely more prepared. Below are some tips for that:
During the test, stay calm. It’s MADE to jack you up. You’ll find yourself extremely disturbed at most questions and say to yourself, “I did not study this” or “There’s no way I read this.” It’s made to do that. You’ll feel like a fraud. A punk that doesn’t deserve a seat at the table. Just stay positive and focus on your “why”. Additionally, like the first two attempts, it is a bit more technical than many lead-ons, especially if you don’t work the technical side much. Focus on rationalizing like you would through practice questions. They are not the same, however.
For rationalizing questions, I recommend the “50 Hard Questions” that many know and love by Andrew Ramdayal https://www.youtube.com/watch?v=qbVY0Cg8Ntw and apply it to your practice questions during study. IT WORKS! It holds even more true during the real deal. Even if the real deal question makes no technical sense to you, use this methodology.
By the time I got to question 100, with sporadic bouts of self-doubt and rage, I clicked the Next button. I figured it could be either really good or really bad after.
After question 100, the test finished. It finished. I couldn’t believe it, but knew what would be on that printer, on the other side of that wall in the testing center. Bliss. Freedom from an 8-year burden.
Summary, Peace, and Creativity
You don’t need dozens of sources for this exam. Pick one book, and buy the Destination Certification class. If your employer will cover some of the costs, great. If not, I want you to think about something. If Cyber is your career for the long-haul, the cost of NOT investing in yourself and career is much, much greater than spending $1000-$2000 on career growth. Just think about it. By all means, KEEP IT SIMPLE when it comes to study material!
Stay as calm as possible during the exam. Breathe. Know that you have about a minute and change for each question. I took a break at question 80 and finished in about two hours. If a question is frustrating, do your best to narrow the options to two and make your best guess. There’s zero penalty for that.
This summer, I look forward to being present for my family, improving at my job, and learning/creating—best of luck to you. You do NOT have to take 8 years of studying to get this cert. Realistically, like 6 months.
If you made it this far, I sincerely thank you. It’s my hope that you find value in this during your studies. Even if you’ve already done it, please share with those who haven’t.
– Mark E.
Cyberlynx 
Leave a comment