How Tom Cracked His CISSP Exam

Another member of Study Notes and Theory’s Facebook study group got their CISSP, congratulation Tom Limber!

Like a true professional, he modestly shot a quick one-liner about passing his exam, and then proceeded to write a monstrously helpful comment.  He talked about preparation, exam day strategies, and his overall opinion.

Thank you again for coming back to tell us your CISSP experience Tom, we appreciate every word of it.


Ok guys, I’ve had a lot of questions about what I did to pass my exam. I took it a few weeks ago and passed on the first try, and here is what I did to pass the CISSP:


Obtain the following in order of priority (our example is the CISSP):
1. Practice Questions for the exam (I had a list of 1k plus questions and NONE of which were on the real exam, was NOT a brain dump).
2. Official Exam Book (i.e. The official ISC2 book).
3. General Study Book (In this case I read the entire Sybex CISSP seventh edition official study guide).
4. Video Tutorials (CBT Nuggets, some type of instructional videos on what it is you want to learn, youtube is excellent for this as well – example: used youtube to learn more about Kerberos).
5. Optional Audiobook (This would be good for you on your commute if you have one, if not you can use it while you go to sleep at night).
6. Auditory Review and Notes with another person (Teach them what you’ve learned) – One of the best methods to learn is to teach what you have learned, or to talk about it with somebody else.

So, two months before I took the exam I started, I’d take time out of each day and do the following in order, at least 1 hour a day but some days I’d study for 4 hours. No more than 5 hours a day studying. If I had a slow day at work I’d study like 8 hours. Depends on the day, but you should read at least 20-25 pages a day of your book – at a minimum.

I typically do the following,
Watch the videos > do the practice questions > read the ISC2 Official exam book > do the practice questions (new set) > read the Sybex book > do the practice questions > review with another person and teaching others/audiobooks > and then finally do the practice questions.

I have gotten to a point where I eat, breath, and sleep my test. I’d listen to the audiobooks while I sleep at night as well… sometimes I’d talk about it in my sleep, no joke my girlfriend recorded me talking about security risks in the middle of the night.



Test Taking Method (essential), without this I would have failed:
It was a 6 hour test (you can use less time but I used every second I had up to the last 40 or so seconds) at 250 questions. Consisting of all multiple choice questions (4 options) so I went through each and every question and WORKED IT OUT (there were 2 drag and drop and 2 scenarios where you had to read about the company and answer questions) – if I knew the answer I selected it and hit next. For the questions I did not know or was unsure of (like 50-60 questions) I selected the review button so when I was completely through the 250 questions I could go back and review them.

For those that I was unsure of I determine which options were incorrect. This left me with two to three options giving me a better chance. I actually determined that even if I guessed on two options instead of four, I’d pass with a 75% which is what I needed to pass. So just count up the ones you are unsure of and minus them from the ones you know without doubt.

So when you are taking a test, eliminate the ones you know are NOT correct. If you do this for all the ones you do not know you’ll most likely pass if you have at least 50-70% of the ones you do know correct. I took all of the time up to 40 seconds to look at my questions that I marked for review.


This test is ultimately “How bad do you want it?” There is no magic brain dump or questions online that will help you pass this exam. A good portion of the material that was on the test was ENTIRELY NEW and did not directly ask the same questions I had read in any book or online questions. I cannot stress enough that this test will drain the life out of you, but in the end if you put forth the effort and don’t give up, you will pass it!


  • studynotesandtheory

    Ha! Tom I also experienced that zone of doing nothing but CISSP. CISSP when I eat, CISSP when I go to the grocery store, CISSP waiting for my car oil change. Obsessed over it, wanted to be a master at it so I’d have no problem passing the test the first time. You just have to really want it, dedicate yourself, and go for it.

  • Mohamed Nigm

    Hi Tom,
    first of all congratulations on Passing the CISSP exam, this is a great achievement that worth all the efforts.

    secondly, I appreciate your advise on what Audio books you were using and where they are available.


    • studynotesandtheory

      @mohamednigm:disqus I have alerted Tom of your comment and hopefully he’ll have time to respond! If not I’ll make sure to get you an answer somehow!

    • Tom

      Thanks for the response! I would use SANS study guides, an example is

      They are the most helpful in my opinion, in addition to the audio version of the Shon Harris book.

      • Mohamed Nigm

        Thanks a lot Tom, highly appreciated

  • Hi all, found this group and am impressed with what I am reading. Hope you don’t mind me joining :).

    • studynotesandtheory

      First off welcome to the group and thank you for the kind words about the site! And especially thank you for taking the time to comment on this page! I know it can be a pain so I appreciate your time!

      Please let me, or anyone else in the study group know any questions. If you can’t get a hold of me, tag me on Facebook, or just email me!