How Thomas Cracked His CISSP Exam

I didn’t really see Thomas K.  that active in the Study Notes and Theory group, but apparently he was checking each post everyday!

Thomas is braver than I, because he announced when he will be taking the exam, the actual date.  I always feared divulging my exam date, because I didn’t want to disappoint anyone.  If I failed, then it would be own personal shame, until I took it again and passed.  

Thomas didn’t do that.  He told everybody in the group his exam date.  Then he came back and told us he PASSED.  THEN he came back and wrote a great review of his study experience! 

Thomas I applaud your courage to post the exam date! Congratulations! 


Thomas’ Journey to Pass the CISSP Exam

I’m happy to share my journey toward passing the CISSP exam and hope it may help you pass as well. Since I have so much to share I’ve structured the information into different sections.

Executive Summary

Although I had a wealth of resources I believe the following were the key factors toward me successfully passing the CISSP exam.

– Weekly one hour in person study group meetings for about 6 months

– CISSP All-in-One Exam Guide, Seventh Edition by Shon Harris

– CISSP Practice Exams, Third Edition by Shon Harris

– (ISC)2 CISSP 2015 CBT Nuggets online video course by Keith Barker

– Computer Based Practice Exams

  – Transcender (free with CBT Nuggets subscription)

  – Sybex (free with CISSP book by Sybex)

  – Shon Harris Total Tester MS Windows based application

– Daily viewing of the posts on the “CISSP Exam Preparation- Study Notes and Theory’ Facebook page

The Journey

In November 2015 we formed a weekly, one-hour lunchtime in person study group at work with about 12 people participating. Our weekly assignment was to read the Shon Harris book.

I think it was some time around January that I discovered this Facebook page and it was helpful in adding more diversity to my studies as well as learning about other resources that I was not aware of. I didn’t really post much until the last two weeks but I definitely read and learned from the group often. This group also served as a daily reminder to keep learning each day.

In February 2016 I discovered that I had access to the CBT Nuggets CISSP course (through a paid subscription via my employer) and started viewing them. Sometimes we had extra study group meetings to watch together and discuss the video.

In April 2016 we had a professional on-site CISSP weeklong review course. Since most of us already knew much of the material this was very useful for filling in the gaps as well as having an instructor explain something we didn’t understand. Besides it was 40 hours of focused time across 5 days.

The week before the exam I took the week off from work. I reviewed the chapter summaries and did the end of chapter exams in Shon’s book. Of course this helped me to see what my weak areas were so I’d then reread those sections of the chapter. I also used this time to take one or two 250-question practice exams each day. This was useful for me to know that I can sit for hours for a full exam. Typically I was completing these full practice exams in 2 to 3 hours. Of course any questions I got wrong meant it was an area I needed to study more.

In May 2016 I took and passed the CISSP on the first attempt.




Study Group Details

At the very start of our study group we had somebody who passed the CISSP exam years ago give a presentation on what was ahead for us.

Twelve of us met once a week for one hour at lunchtime.

We charted out a schedule to go through all 10 (old) domains. If the page count for the chapter was close to or less than 100 pages we spent one week. 100 to 200 pages we spent 2 weeks on the material. Over 200 pages we spent 3 weeks. That is a rough approximation.

The first 15 minutes or less were use to discuss logistics or general matters regarding the content we read in Shon’s book.

Then for the rest of the meeting we collaborated on answering practice questions from the matching chapter in Shon’s practice exam book. This was useful to help us understand how to approach answering the questions. Some times the group would agree and some times not. If we didn’t agree we would debate why each group thought they had the right answer to try to learn from that. If we didn’t all agree or got the answer wrong we’d review why the answer was wrong. If we all agreed and the answer was correct we’d typically move on to save time. For each week we answered 15 questions so there was allot of discussion around most questions. 

We’d do odd questions one week and even questions the other. For the rare occasion when we’d have 3 weeks of study we’d use an alternate source for questions such ass CCCure or Transcender.

Other Resources/Tools used

Books – besides the 2 Shon Harris books we also used the Sybex book and 11th Hour book

Videos – besides CBTNuggets some used the Cybrary.IT videos

Audio – CyberSecStudy podcast (mostly for reminders of definitions and terms)

Practice Tests – Transcender, Sybex, TotalTester, CCCure

Experiencing the Exam

This was the most intense exam I ever took! My strategy was to answer every question on the first pass. Sure sometimes it’s hard to make a choice but I think it is best to not to waste time revisiting a question. It’s hard to say what the level was but if I wasn’t comfortable with my answer I’d flag the question. Unlike my 2 to 3 hour exam times at home I completed my first pass in 5 hours. I estimate that I had about 40 questions to review in the second pass. I didn’t change most of the answers. I might have only changed about 10% of them. I did find a couple of corrections needed due to misreading the question the first time. For those questions it became obvious why I struggled on the first pass. I completed the second pass in 45 minutes. With 15 minutes left I decided that I was not going to scan all questions. I remembered what Kelly Handerhan stated about NOT over thinking things in her video about the exam. However, I did check that I did not have any unanswered questions. I only took one 5-minute break during the whole test.


The exam is hard so you really need to be prepared. Of course I can’t elaborate on what I found hard but if you know the content very well you’ll be able to properly answer the questions. My CISSP mentor stated that he thought preparing for the CISSP exam was equivalent to two graduate level courses and I agree with that assessment.

Best wishes toward successfully passing your CISSP exam!