Master Ultralearning and Conquer the Hardest Exams—
CISSP and Beyond
This article is not for those with extensive cybersecurity experience or those seeking “tricks”
or “shortcuts” to pass the CISSP exam. If that’s your goal, stop reading here. Instead, this
article is for those who are brave enough to embrace complex topics and committed to
mastering hard skills—even without the comfort of prior experience. It’s not just about
earning a certification; it’s about upskilling and transforming into a better version of yourself,
aligned with your professional aspirations. The certification is merely a natural outcome.
A New Chapter: My Cybersecurity Journey
When I decided to transition into cybersecurity after years in IT, I had no idea where to start
or what I needed to learn to excel in this field. My goal wasn’t to be average or just
competent enough to do my job. I wanted to become the best I could be and master the
essential cybersecurity skills.
Preparation: Learning How to Learn
Before diving into cybersecurity, I realized I first needed to understand how to learn
effectively. I read several books, watched countless videos, and found inspiration in Scott H.
Young’s book Ultralearning. I highly recommend this book to anyone pursuing self-
education. Scott documented how he completed MIT’s four-year computer science
curriculum through self-study. Ultralearning involves acquiring hard skills effectively and
efficiently. It’s not a one-off effort; it’s a strategy that must be continuously refined throughout
the learning journey.
I adapted his strategies to my situation and designed a long-term plan based on his nine-
step framework. His work inspired me to take on the CISSP challenge, and through this
article, I hope to inspire others with the grit to learn but who may be struggling to find the
right approach.
Step 1: Metalearning
Metalearning is about understanding how to learn. I began by analyzing how cybersecurity
knowledge is structured. Using the CISSP Official Study Guide, the CBK reference, and the
exam objectives outline, I mapped the key concepts. Initially, the sheer volume of
information was overwhelming.
To make sense of it all, I used Xmind to create a comprehensive concept map. Over two
months (yes, it’s long but good things take time and patience), I connected each concept to
its corresponding domain and exam objective. This effort answered three critical questions:
• What should I study?
• Why should I study it?
• How can I learn it effectively?
Step 2: Sharpen Your Focus
Balancing learning with a job, family, and social life is challenging. To focus, I created an environment conducive to uninterrupted study. I set up a quiet room at home and explained to my daughter that unless there was an emergency, I couldn’t be disturbed while studying.
Step 3: Go Straight Ahead
Directness ties learning to its practical application. Many learners study concepts indirectly, divorced from the contexts where they will be used. Instead, I embraced immersive learning.
I was fortunate to join a team tasked with implementing a cybersecurity program aligned with NIST standards. As an experienced IT project manager but a cybersecurity novice, I was given a unique opportunity. Every meeting, document, and conversation became a learning experience, helping me tie theory to practice.
Step 4: Attack Your Weakest Points
Even immersive learning couldn’t address all my weak spots. For instance, networking (The very famous Domain 4 :)) was a significant gap in my knowledge. As a former software
developer and IT project manager, networking had never been a focus for me. However, mastering cybersecurity requires a solid understanding of networking.
I decided to drill down on this topic. Inspired by Scott’s advice, I paused my CISSP studies and enrolled in a Cisco CCNA course. It took me six months to complete the courseware. Although I didn’t pass the CCNA exam due to insufficient lab practice, my goal wasn’t the certification but understanding networking—and I achieved that.
Similarly, I needed a deeper understanding of hacking to complement my cybersecurity knowledge. I enrolled in the CEH program while continuing my CISSP studies. Access to hands-on hacking labs significantly enhanced my learning and the dept of EC Council’s official courseware corresponded to what I was looking for. I passed the CEH exam successfully just 15 days before the CISSP exam.
Step 5: Feedback and Retrieval
Feedback is an essential component of learning hard skills. Testing yourself isn’t just a way to assess readiness—it’s a learning method in itself. By facing difficult labs and challenging questions, I trained my brain to retrieve and apply knowledge under pressure.
I also discovered the power of flashcards late in my journey. Using Anki, I created my own flashcards to reinforce key concepts. I wish I had started this practice earlier, as it’s an incredibly effective tool for active recall.
Step 6: Building the Big Picture
Direct learning and drilling often break knowledge into fragmented pieces. Over time, I accumulated a vast collection of notes and concepts. Revisiting my initial concept map, I began connecting the pieces from all the sources (CCNA, CEH, CISSP) into a cohesive whole. At this stage, having a different teaching perspective is crucial to identify any misunderstanding. Luke Ahmed’s videos and his way to explain things was extremely helpful.
Finally, I experienced the “whoa moment”: the point where everything clicked. The intimidating materials became a manageable and even enjoyable puzzle. I was ready for the CISSP exam—and I passed it on my first attempt.
Final Thoughts
As I said at the beginning, this journey wasn’t just about passing an exam. It was about mastering hard skills and becoming a better version of myself. Great achievements take time and effort, but the result is a transformed individual ready to tackle even greater challenges.
If you have the grit and determination to embark on a similar journey, I hope this article inspires you to take the first step.