I passed the Certified Information Systems Security Professional (CISSP) exam in April 2023, after having prepared for 2.6 years. The CISSP is considered the most valuable information security certification in the world and the gold standard credential for information security professionals.
I have a total working experience of 11 years. My primary working expertise lies in application security and penetration testing. I decided to learn more about information security, such as policies that define the security posture, risks to the business, software
development security, security operations, and the design and review of an enterprise security architecture.
Beginning my CISSP Journey
After COVID struck in March 2020, followed by the restrictive lockdown, it became evident that we would be confined to our homes indefinitely. I decided to make use of this time and prepare for the CISSP.
I started my CISSP journey in October 2020. I began reading the official study guide to have a head start prior to start of weekend online training in December. I joined the training specifically to gain valuable insights about the exam approach, outline & concepts. I dedicated 2 hours per day on weekdays and close to 6 hours on weekends. I booked my exam date and started my preparation.
I appeared for the exam in April 2021 and failed my first CISSP attempt. I began to retrospect on what went wrong. I realized that I had put most of my time into reading and less time into practice questions. The thing about CISSP is you can read on forever, but you have to face the practice questions to test your actual knowledge. In this exam, you should think like a manager and not as a technical engineer. It is not just about applying technical security controls but about fixing the process that broke the technical controls. The question may not always be technical, but it is framed to mislead you using simple English. Memorization of certain terms is necessary, but understanding the concepts is even more important. The exam stresses on certain aspects:
(1) Always think end game;
(2) Do not fix;
(3) Be only a risk advisor.
Back to Square One
With the exam date in mind, I came up with a strategic plan. I woke up daily at 5 am and made use of all the possible study materials, starting with the Official Study Guide, All in One Guide, 11th Hour CISSP, Memory Palace by Prasanth Mohan, Prabh Coffee Shots, Questions from Thor, Boson, and Wentz Wu, Various Youtube videos, etc., but the complete game changer was practicing the 900 questions from Study Notes and Theory which helped me adopt the mindset of "How to Think Like a Manager" in the exam. I referred to my handwritten notes for a last-minute revision. I also had installed 6–7 apps on my phone for practise tests. I gained confidence from all these and finally decided to take the exam.
Trying Again
This time, I booked the exam only three days before my exam date. The 4-hour exam was extremely tough, chaotic, and mentally exhaustive until the final 175th question. Certain questions really test patience. Every word in the question had to be given equal importance. I finished the exam just before 5 minutes. I thought that I had failed, but when I saw the scoresheet, I was very ecstatic and couldn't believe that I had passed the exam.
As people say, "The doors will be opened to those who are bold enough to knock" and I had knocked twice. My hard work finally paid off, and I am now a CISSP certified professional. This exam is very hard, and there are no shortcuts, but at the same time, with proper dedication and preparation, we can easily conquer it. I mainly thank my parents, who helped me stay focused and encouraged me very much to complete this exam. I express my
sincere gratitude to all my friends and colleagues who have supported me throughout my certification journey. I also wish everyone who is currently preparing all the very best for their CISSP journey.