Researching the CISSP
In February 2019, I decided to start my journey toward obtaining the CISSP (Certified Information Systems Security Professional) credential. The CISSP is a certification covering a wide range of information security topics. It is consistently included in annual top ten lists of the best IT certifications.
At that point in my career, I had 18 years of professional experience across various aspects of IT and, during the last two years of that time, I had become more directly involved in information security. After spending time reading about the exam format, the domains covered by the exam, horror stories about its difficulty, and some healthy procrastinating, I began studying at the beginning of May 2019.
As part of my initial research, I read seemingly endless posts in which people claimed to study 8+ hours per day for months to prepare for the exam. I also found a number of posters who claimed to sit for the exam with minimal (or zero) study. How much time should you spend studying? It depends! The amount of preparation needed to pass the exam depends entirely on you — your educational background, your professional work experience, and your ability to absorb the study materials. The domains covered by the exam are broad and many people describe the exam as a mile wide and an inch deep. I assumed that I wouldn’t need much preparation given my background and experience. I was wrong.
Studying for the CISSP Exam
Between family and work commitments, I limited my study time to a few hours of reading during the early hours on weekends. I set a goal to read a chapter per week from (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide. WARNING — this book is dense, dry, and repetitive. I found it to be a difficult read and I used 3 months (May through July) to finish it.
While the study guide has 20 practice questions at the end of each chapter, I didn’t attempt them until I finished reading the entire book. Thinking back, I probably should have attempted them immediately after finishing a chapter or a week later at most. The questions uncovered that I didn’t retain a lot of detail from each of the chapters over that 3 month period. I was scoring in the neighborhood of 60% in each chapter. It was an alarming realization because I thought I was retaining much more.
I knew I needed to do something more than reread the study guide so I supplemented my studies with free audio resources from Kelly Handerhan available on Cybrary. This allowed me to take advantage of my commute and add about 2 hours per day of study time in addition to any weekend reading. From August through mid-October, I probably listened to Kelly’s course 3 times completely and some individual lessons many more times.
PARENTING HACK — The audio course served a dual purpose as it is apparently boring to children (and most adults) and can put kids to sleep if played in the car for everyone to hear.
From September until a few days prior to the test, I used the Boson test simulator almost daily for practice questions. This software helped me identify weak points and also exposed me to material beyond the study guide. The software provides very detailed explanations of the answers and why one answer was more correct than the other choices. The software allows you to configure custom exams to focus on troublesome domains or on questions that are consistently answered incorrectly. The software is worth the additional cost and you can occasionally find discount codes on the CISSP Reddit group.
Up to this point, I had not scheduled the exam. I didn’t want to lock myself into a date but by mid-September I felt ready. I had been preparing for over 4 months and I didn’t want to prolong it. I scheduled the exam for mid-October. Also during this period, I significantly increased my time spent reading. I revisited the Official Study Guide and started the Eleventh Hour CISSP: Study Guide. I also branched out to YouTube videos to help me better understand concepts where I had lower practice scores. I know I went too deep into the technical aspects of networking, but at least the videos were interesting and I learned (or refreshed my memory) on many topics I had not touched in a while.
I was very nervous on exam day. I felt like I wasn’t ready but I had to go for it. I was tired of studying, taking practice questions, and generally worrying about the exam. All I will say about the exam itself is that it is challenging. When the first question popped up I had a moment of panic, but I took my time and tried to calm my nerves. In the end, I finished the exam in roughly 90 minutes at question 100.
After the Exam
Once I passed the exam, I received an e-mail with instructions to complete the application for the CISSP credential. I completed the application and requested an endorsement from another active CISSP. This took about 5 days for me to complete after passing the exam. From this point, it takes another 6 to 8 weeks for (ISC)2 to review and approve the application. I received an e-mail that my application was approved exactly 4 weeks post submission and membership fees were due. After paying the fees, I received a confirmation that I was officially a CISSP! The welcome package with printed certificate, membership card, and CISSP pin arrived about a month later.
To answer the question of how long does it take to prepare for the CISSP — for me it took 5 and a half months from May through mid-October with varying amounts of weekly study time.
|Months 0-3||5 hours per week reading|
|Month 4||• 5 hours per week reading|
• 10 hours per week listening to Cybrary audio
• 1 hour per week on practice questions
|Months 5-5.5||• 20 hours per week reading|
• 10 hours per week listening to Cybrary audio
• 5 hour per week on practice questions
One other point to note is the cost to obtain the CISSP (all amounts here are in USD and as of 2019). It’s not inexpensive. The exam itself is $699 and the annual membership fees are $125. I also purchased two books totaling $55 and the Boson software for $85 (after discount). My total cost was $964. Keep in mind that the exam fee is required each time you take the exam. I was very hesitant to schedule the exam too early because I didn’t want to risk not passing and paying another $699.