How to Pass the CISSP Exam on Your First Attempt: 7 Tips from a CISSP-Certified Pro

CISSP is one of the most sought-after and elite certifications in the information security industry. Almost everything that you heard about the CISSP exam is true: It is hard, terrifying and resource-intensive. But it’s not impossible to pass it! Below, I share seven tips for how to study for the CISSP exam to pass it on your first attempt.

Tip #1. Know what CISSP is and make sure you meet the prerequisites for the exam

What is CISSP? As you may already know, CISSP stands for Certified Information Systems Security Professional, and it’s a certification created by the International Information Systems Security Certification Consortium, or (ISC)2, in 1991. CISSP certification is a way to demonstrate your knowledge and prove that you can establish and lead an information security program.

The CISSP exam covers eight domains from the (ISC)2 Common Body of Knowledge (CBK):

  1. Security and Risk Management
  2. Asset Security
  3. Security Engineering
  4. Communications and Network Security
  5. Identity and Access Management
  6. Security and Assessment Testing
  7. Security Operations
  8. Software Development Security

To qualify to take the test, you must meet certain prerequisites. First, you need at least five years of full-time work experience in at least two of the domains. Alternatively, you can satisfy the requirement with four years of experience if you have either a four-year college degree or an approved credential or certification. Second, you have to agree to the (ISC)2 Code of Ethics and explain on your application things like felony convictions and any identification with hackers.

Then, of course, you have to pass the exam itself, a 6-hour, 250-question, 8-domain Goliath. The minimum passing score is 70%.

Please note: The exam content is updating as per the regular three-year cycle. Here are the CISSP exam changes effective April 2018.

Tip #2. Make sure you speak CISSP language fluently

Don’t be overconfident about your knowledge of security and the CISSP domains. You may think you understand a lot about security, but you probably don’t yet understand all the types of questions you’ll encounter on the exam. Therefore, I strongly recommend you start your preparation process by going through each domain in the study guides to make sure you understand the language of the exam, the content of the questions and the concepts CISSP aims to teach. As I did this, I tried to relate those concepts to real-world examples that I knew from my career. This approach helped information stick in my brain.

Tip #3. Make use of multiple study sources

I went through two or three CISSP all-in-one study guides. It’s best to start with an official CISSP study guide. These guides cover all the material in each domain. Plus, I did CISSP practice tests online — there are plenty of sample tests you can do, so I did those CISSP practice exams repeatedly.

Tip #4. Buddy up with peers who are to pass the exam

CISSP training courses and boot camps are rather expensive but they are totally worth it. I was very lucky to get a spot in a boot camp the week prior to the exam, so I was studying intensively from Monday to Friday and passed my CISSP on Saturday. Even though the camp was in Barcelona with plenty of distractions, it helped me a lot. We had great group discussions in which we could review the domains together and talk over the things we did not understand. This kind of exam preparation is useful because you can take advice and guides from other people who are about to take the exam, even over drinks while sitting in a bar.

Tip #5. Estimate and distribute your time wisely

It took me about two months to get ready. I reviewed CISSP books two to three hours a day every weekend. On weekdays, when I had spare time in the evening, I did test exams online, taking them over and over again until I could get at least a 70% score.

Of course, my experience is very individual. How much time you need will come down to your level of experience and how quickly you can memorize what you need to know. I advise you to go through the study guides and mark out both the areas you understand and the ones you are not familiar with. This will help you predict when you will be ready to pass the CISSP exam.

As for splitting your time, a reasonable approach is to spend 50% of your time reviewing study guides and 50% taking practice tests. If you can also work with peer groups, I’d recommend 40% guides, 40% tests and 20% peer group discussions.

Tip #6. Get a good night’s sleep before the exam

The 6-hour, 250-question CISSP exam is horrendous and very long indeed. I remember leaving the exam devastated and exhausted, and having no idea if I passed. Getting good sleep the night before is a must, because you will need plenty of energy for the exam.

Tip #7. Establish the strategy you’ll use during the exam

I had simple but rather efficient exam strategy. First, I looked through all the questions to make sure that my brain was on the same wavelength with the examiners. Then I answered the questions I was 100% sure about. Next, I answered the ones I was not quite sure about but thought I knew. That left just a few questions that, quite frankly, I just did not know the answers to. Since the CISSP is a multiple-choice exam, I eliminated the two answers that were clearly wrong, and then gambled by picking one of the remaining two.

So, is CISSP wort it? Take a look at the list of benefits that the CISSP credential has brought to three cybersecurity experts.

Final thoughts on CISSP certification

CISSP certification is formal recognition that you understand the industry well, and I definitely attribute some of my personal success to the exam. The knowledge I acquired gave me a lot of confidence when speaking with C-level execs in the organizations I was dealing with — I definitely felt that I was better able to understand the needs of the cybersecurity pros and add value to the discussion.

Keep in mind that CISSP is about a lifelong learning, so passing the exam is just one step. To maintain your CISSP certification, you have to be recertified every three years and get continuous professional education. To earn the Continuing Professional Education (CPE) credits I need to maintain my CISSP certification, I attend events such as webinars, write white papers and so on. Even more valuable, these activities help me constantly improve my knowledge of the information security industry and stay on top of news and trends.

Studying for the CISSP exam? This CISSP free study guide takes you through each stage in your journey. Download it now!

Former General Manager EMEA at Netwrix. Matt holds a CISSP certification and has over 19 years of experience in the cybersecurity industry. He has worked for many organizations, specializing in areas such as risk management, identity and access management, and network and database security. In the Netwrix blog, Matt shares insights on how to achieve greater levels of security and compliance.