Getting certified in CISSP

The CISSP is one of the world’s most valued information technology and information security certifications and I had the opportunity to attend the training and take an exam. So my journey to CISSP certification started with registering the training at the security consultant company.

CISSP training and study material

At a security consultant company I was able to follow a CISSP training of 10 days spread over 10 weeks. I really liked this, because a lot of theory, spread over 8 domains, is told and for each domain a specialist came to tell something about that domain.
The 8 domains of CISSP

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communications and Network Security
5. Identity and Access Management
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security

Books

At the first day of the training we all received to hard copy books. They told us that book 1 was the official guide and the truth for the exam. However they gave us a second book (book 2), which was according to the trainer more useful because the written language was kind of normal.

Book 1: Official (ISC)2 Guide to the CISSP CBK ((ISC)2 Press) 4th Edition

Book 2: (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition

To be honest, book 1 was opened once and book 2 multiple times, to practice the questions at the end of each chapter, or to look up some theory after answering a practice question wrong.

Every week I traveled by public transport to their location and while travelling by public transport I watched Youtube videos about CISSP from Thor Teaches and CBT nuggets and the slides that were sent weekly. In public transport I was able to absorb a lot of information for almost 2 hours one way to the location and back home.

For my daily work at the office I traveled by public transport so I could spend quite some time learning. I alternately read The Sunflower and The Memory Palace (both PDF) every day or watch a Youtube film about CISSP. I really liked the PDF files for support, it’s well explained with mnemonics, clear pictures so it can stick in my memory.

Two famous PDF files

• The sunflower PDF
• The Memory Palace

Flashcards

During my office day, I sometimes take a short break when I walk to the coffee machine and make coffee. During this short break, I either tried to catch up with colleagues or take a look at the Official (ISC)² CISSP Flash Cards. The advantage of the flashcard is that this can be done quickly and can actually be done anywhere. Of course, this alone is not enough to pass the exam, but every little bit is taken into account.

Practice exams

There are many opportunities to prepare for the exam. Personally, I also liked to take practice exams, this way different topics came along and so I could practice with the PDF files and the Flashcards or by looking it up in the Study Guide.

There are many providers online that offer practice exams for a fee. I had an account for CCCure through the cyber security company. There were more than 2000 questions on this platform. Almost every night I practiced questions for 90 to 120 minutes. Questions I didn’t understand or had incorrectly marked so I could look them up. In this way, I also tried to identify and improve gaps in my knowledge. In general, I was pleased with CCCure’s practice material, not that the questions are like on the exam, but that they give me plenty of practice. In addition, they also offered me the opportunity to learn English terms as a non-native English speaker. I finished all the questions a weak before the planned exam date.

The exam

I had scheduled the exam on Monday morning (24th February) at 10:00 AM, so that I was still clear when I took the exam. The weekend before was deliberately a relaxing weekend in which there were no appointments and where I could possibly make a number of practice questions.

On Monday morning I traveled by public transport to the exam location. This way I could still browse the Memory palace on the way to keep the last things clear in my mind. I was at the exam location well in time and I was kindly received and I could have a drink and go to the toilet. Just before 10 am I was allowed to enter the exam room, a bit nervous, because the CISSP exam is a computerized adaptive examination. And I didn’t know what to expect with all 8 domains that contain a lot of theory. With an adaptive exam, the questions are chosen based on the answers given. Each candidate will be presented with a minimum of 100 items and a maximum of 150 items. Enough reason to make me feel nervous, because with 100 questions it could just be over.

After going through the rules and agreeing to the terms, it then started. The first questions seemed okay, but the further I progressed, the more difficult the questions became and I was no longer sure whether I passed the exam. Because there is also time pressure on the exam, I occasionally checked the number of questions I had already made. Luckily I was on track when I was around 90 questions and I realized that this could be the time when these could be the last questions and it could be over because it didn’t feel right to make it. The questions I answered and then there came the 100th question, I assumed I was going to go to the 150 questions to answer. I continued and a message came on my screen something like: “You can report to the reception!”. This didn’t look good. :fearful: I cleaned up where I was sitting and I walked to the reception with lead in my shoes. I opened the door of the exam room and the receptionist took a paper from the printer. She looked at me and congratulated me. Other candidates looked up how happy I was when I passed this exam and jumped of joy.