How I Passed the CISSP Exam in Only Two Weeks

The CISSP is considered by many to be the ultimate cybersecurity certification and the exam is known as one of, if not the hardest exams a cybersecurity professional will take throughout their career. Many individuals study for months and even years before taking this exam, and many still fail. With only two weeks of preparation, I was able to pass the CISSP exam on my first attempt. This is how I did it.

Background

I didn’t set out to take the CISSP exam with only two weeks of study. My official plan was to study for two months leading up to the exam. Having taken plenty of daunting tests before, like the GMAT where I scored a 710, the two-month study period seemed to be sufficient for me to pass any test with flying colors. But on February 10th, 2024 I found myself only two weeks away from my scheduled exam date, having not studied directly for the CISSP at all. This was due to a combination of life events that diverted my attention from the CISSP goal. In October of the previous year I had just started a new job and then in January, my wife and I welcomed our first child into the world. Both of these events occurred while I was taking graduate courses for my Masters degree. With all of those events occurring at the same time, I regrettably lost track of my CISSP goal, but two weeks before the exam I was reminded of my impending test date and I was reinvigorated with a drive to study for and pass the exam.

The Process (Trust it)

With only two weeks to prepare, I knew I needed to be very intentional in how I structured my studies. I designed a roadmap for how I would pass the exam. I started off by opening the two resources I had previously purchased, the official CISSP study guide and the official CISSP practice questions books. I then utilized the practice questions book to take my first of three practice tests. I scored a 78%. The book stated that I should be shooting for about an 80% or higher on the practice tests to feel confident I would pass the exam, so 78 with no studying felt great. I knew that the goal was achievable.

This is where I interject and say that I, of course, have many years of experience in cybersecurity that provided me a lot of background knowledge that was useful on the exam. I was able to pass most of the domains with no studying at all due to my previous work experiences and my graduate studies in cybersecurity leadership. An individual with less experience will almost certainly need to give themselves more of a runway than I did to pass this test.

Anyway, after calculating the results of my first practice test I looked deeper into the types of questions where I was struggling. There was one glaring weakness in my existing cybersecurity knowledge, network security. With this knowledge, I was able to set a gameplan for how I would study for the rest of week 1. I spent the rest of that day reading through the entire network security domain in the official study guide and taking copious amounts of handwritten notes. I then utilized active recall techniques throughout the week to attempt to recall as much of the information I had studied as possible, before engaging in another study session. I have a two-hour commute to work, so for the next week I took that time (four hours each day) to study network security. I utilized Mike Chapple’s Linkedin learning videos as a key resource during those commutes. To be more precise, I spent three hours per day on network security and spent one hour each day reviewing another domain, just to be sure I went through all of the material.

At the end of week 1, I took another test. This time, I scored an 83%. That was pretty good, five percentage points in a week is nothing to scoff at, and that score put me above the recommended 80% for test takers to feel comfortable with their exam preparation. I however, wasn’t quite satisfied with that score. I’m not a ‘B’ student, and the 83% felt to me like I was underperforming. With a week left, I set out to solidify my knowledge and fill in any remaining gaps that were leading me to miss questions.

I attacked the week of study with intensity. I moved the video lectures from Linkedin Learning to my time at the gym instead of my train rides. For that week, I spent 5:00am to 6:30am each day listening to those videos, and then I spent 6:30am to 8:00am trying practice questions and reading chapters from the study guide when I got questions wrong. Then, on the commute back home from 5:30pm to 7:30pm I would, again, utilize active recall, selecting a domain as a topic for recall and then writing down everything I could possibly remember about the domain before referencing the book and filling in any gaps that I had. Over the week, the gaps narrowed and I found myself able to answer the vast majority of questions that came up in my morning studies. By Friday evening, I felt prepared to take the test, but I needed to be sure. I took one more practice test and scored a 95%. Not perfect, but that score gave me the confidence I needed, assuring me that my studies had effectively prepared me for the exam. Immediately after receiving that score, I wrote a one-page review sheet for the next day and went to sleep.

Exam day

Saturday, February 24th was here, exam day. My sleep the previous night was less than ideal, that seems to be every night when you have a newborn in the house. I woke up at 6:00am for the 8:00am test. I slept in to try to maximize the rest I would have because a good night’s sleep can be crucial for performing at your highest level. I had the same breakfast I have every day, a 250g egg-white omelet, protein pancakes and a black coffee and as I ate I reviewed my one-page study sheet that included some areas where I was still less confident. Wireless security took up a good amount of that sheet. I left for the testing center and at 8:00am I sat to take the exam. One hour and 46 minutes later I clicked ‘submit’ on the 125th question and my screen changed. There were no results, the screen said, plainly, “Your test has concluded. Please see your test administrator for your results”. I was quite surprised. I had expected to be in the testing center for four hours, receiving all 175 questions. I had felt pretty good about all of my answers leading up to that point, but when I saw that screen all I could think was that I had either excelled or performed quite poorly on the test. As I flipped over the results sheet from the administrator I saw the first word on the page, “congratulations”. I had done it.

Thanks for reading this account of my experience taking the CISSP exam. Within this story were several tips for how I would recommend others prepare for the exam and the resources that I would recommend. I have also summarized them, below. If you would like to read more from me, please consider signing up for my free newsletter. The current goal is to send out a new article about once per week.

Materials

1. The ISC2 CISSP Official Study Guide

2. The ISC2 CISSP Official Practice Tests

3. Mike Chapple’s CISSP Cert Prep videos on Linkedin Learning

Recommended Study Techniques

1. Active Recall. Check out this 2011 study on the benefits of active recall for studying: https://www.science.org/doi/10.1126/science.1199327

2. Take multiple practice tests, taking the first one as early as possible to allow you to focus your studies.

3. Give yourself a deadline. Parkinson’s law states that work expands to fit the time allotted, give yourself a strict deadline and you will be shocked how much you can learn in that short time.

4. Write hand-written notes. This 2023 study looks at the benefits to memory for handwriting versus typing notes: https://www.frontiersin.org/journals/psychology/articles/10.3389/fpsyg.2023.1219945/full

5. When you can’t be seated at your desk, review with audio. That will amount to many more hours studied over the course of a few weeks or a month.

6. Finally, believe in yourself. As Confucius said, “the man who thinks he can and the man who thinks he cannot are both right”.

Next
Next

How to Prevent DoS Attacks