Everything you need to pass CISSP
All the resources and advice you need to pass the CISSP exam.
In this guide, I will discuss the best way for you to pass the CISSP exam and what resources you should use on your journey.
Passing the CISSP exam is no easy thing and can be very overwhelming. However, if you break it down into manageable chunks and follow my advice you will be fine.
If you are already familiar with (ISC)2 and CISSP and you are just here for the study resources you can scroll down to CISSP Study Roadmap (5 easy steps).
What is CISSP?
CISSP stands for Certified Information Systems Security Professional. It is a prestigious certification and is often referred to as the gold standard of CyberSecurity Certifications.
The CISSP is provided by the (ISC)2 - which is the International Information Systems Security Consortium - they also have many other respectable certifications and examination training.
Passing the CISSP exam and becoming certified validates an Information Security professional’s deep managerial knowledge and experience to effectively design, engineer, and manage the overall security system(s) and posture of an organisation.
Do you have to have 5 years of experience to pass CISSP?
Short answer, No.
If you have less than 5 years of experience and wish to sit the exam you can become a CISSP Associate. An associate is someone who has passed a (ISC)2 exam but has not met the experience requirements and become ‘Certified’.
To become certified - the CISSP certification process requires you to have:
5 years of information security experience in one or more of the domains';
Endorsement from another CISSP professional - You can be endorsed by (ISC)2 through a different process;
Continually pay an annual maintenance fee to ISC2 and complete continuing education and training known as CPE’s; and
It’s important to note that other education and/or certifications can waive 1 year of the experience requirement.
Once you are a member of (ISC)2. You receive benefits which you can find out more about here - https://www.isc2.org/members.
Understanding the exam
The CISSP exam is different from many other exams you will encounter. (ISC)2 uses Computerised Adaptive Testing (CAT).
CAT exams essentially change and mold what questions you are presented with based on the results of your previous answers. So, if the exam algorithm feels like you are strong in one particular domain, it will ask you other questions on your weaker domains. i.e. You need to be well-rounded and strong in all areas as one weak area of knowledge can cause you to fail.
The CISSP Exam Outline gives you an idea of what you need to know.
CISSP Study Roadmap (5 easy steps)
In the following sections, I break down the steps required to obtain the knowledge to pass the exam. It’s worth noting that other ‘Study Roadmaps’ exist, this is just what worked for me, my friends, and a large portion of my audience on YouTube.
Step 1: Birds Eye View
Firstly, you need to achieve a high-level understanding of what is contained within the domains and understand the mentality and approach you need to have while sitting the exam.
One of the best ways to understand the mentality needed is this video by Kelly Handerhan.
Keep in mind it’s important to revisit this video throughout your study journey to recenter your thinking and mentality.
The next thing you need to do is to build a high-level mental map of the CISSP domains and the topics contained within them. I think one of the best resources for this is watching this whole playlist (all 30 videos) by Destination Certification.
I would suggest watching all of these in the correct order before even buying the CISSP book (I will touch on CISSP books in the next section). You will need to pay full attention but do not take any notes at this early stage. It is just about getting that bird's eye view. You should also revisit this playlist throughout your study journey.
The book How To Think Like a Manager for CISSP Exam - by Luke Ahmed - is a great way to understand the CISSP mentality. I strongly recommend you purchase a copy and ready this too.
A crucial set of notes you are going to need throughout the journey is Sunflower-CISSP notes. These notes are a great summary of the domains and topics covered and will be a crucial aid to reference throughout the study journey.
Step 2: Read the Official Book(s)
Now comes the main part of your studying.
The book.
But how do you know which one to choose?
You have a range of choices available by different authors but the book that I used and my recommendation would be the (ISC)2 CISSP Official Study Guide.
This book is beginner-friendly and will be the best path in my opinion.
However, don’t just read it cover-to-cover.
It doesn’t sink that way (at least for me).
I use this great method and study technique to learn anything/everything from textbooks that I talk about in this video, I suggest giving it a watch as it can save you so much time!
Feel free to explore different study techniques and do what works for you.
Make sure you're doing the questions at the end of each chapter.
The goal is to reach an 80-90% pass rate on the end-of-chapter questions.
However, the end-of-chapter questions are too easy (in comparison with the real exam) so keep reading on to see how we tackle the harder questions.
Step 3: First Set of Practice Questions
The questions in this book are great, but again don’t compare with the real exam.
However, it is a necessary step in the process.
Work through the Official Practice Tests. You should already have a copy if you bought the bundle if not you can grab it here:
It’s worth noting you can use the online version once you purchase the book and use the Sybex Online test banks (my preferred method personally).
Step 4: Revise and Recenter
Now that you have finished the books and done the first question bank - the Official Practice Tests mentioned above.
You should figure out your weak areas, and revise those domains.
Re-read the chapters, watch videos on the topics, and do some practical work (if possible) to cement key ideas.
For example, I struggled with Networking… luckily I had access to a network engineer/architect that I worked closely with and just shadowed him for a while and asked him lots of questions.
I do understand that not everyone has that privilege, but you can find a ton of stuff online to help you out too.
The goal is to fortify your weak areas of knowledge. You should end up going on mini side-quests of research and conversation in whatever area you are struggling with.
Once you’ve revised your weak areas, and are a little bit more confident then you need to recenter and remind yourself of the “CISSP Mentality”.
Rewatch Kelly Handerhans Video - Why you will pass CISSP.
Rewatch CISSP Mindmaps by Destination Certification.
Reread How to think like a Manager for the CISSP Exam.
Step 5: More Questions - Increase Difficulty
This stage is about tackling some of the most difficult questions banks available for CISSP.
By far… the best resource for this is Luke Ahmed's Study Notes and Theory.
Luke’s question bank includes approximately 900 questions, each accompanied by detailed explanations. These explanations clarify why your answer was incorrect, what the correct answer should have been, and how specific wording in the question influenced your choice. They also highlight how certain phrasing is designed to mislead or confuse you.
It’s important to be timely at this stage, you want to finish Luke’s CISSP questions about 1-2 weeks before the real exam.
In those 1-2 weeks you go back to “easier” questions from the Pocket Prep App.
The reason for this is that his questions are so difficult they will tamper with your confidence.
I failed 50% of his questions and passed the real exam a week later with full marks.
So, performing badly on Luke’s questions is not necessarily a reflection of your readiness.
Read the questions carefully, learn from your mistakes, and read every single word on why you got the answer wrong - even for other answers you didn’t pick.
Every answer (right or wrong) has a rich block of text with golden nuggets of information.
This step is here to “over-prepare” you for the exam.
Better to be over-prepared than underprepared though?
So make sure you read all the explanations, even if you got them wrong!
Make sure you are constantly going back and revising weak areas throughout this and other practice questions.
Bonus Tips
You need to live and breathe CISSP until you pass.
Do not underestimate it.
The UK National Academic Recognition Information Centre assessed the CISSP qualification as a Level 7 award, the same level as a Masters degree.
So, do not repeat question sets ever.
There is no point.
Repeating questions will trigger your memory function as opposed to thinking about the answer logically and analytically based on your study.
Also, make sure you take a trip to your testing center a week or so before the exam.
You don’t want to be worrying about journeys, parking, or public transport on the day of your exam.
Before I dump a few more resources on you I got a few more tips.
The few days before your exam make sure to chill out, get some good sleep, eat healthy, and prepare mentally. You probably won’t sleep well the night before so just make sure to get good sleep the week leading up to the exam.
Realistically, last-minute cramming is not going to do anything to help you.
If you are not ready the day before, you're going to fail - last minute cramming won’t change that for CISSP.
So, do nothing on the last day (study-wise) and relax.
On exam day make sure you do about 50 or so practice questions before going into the exam just to warm your brain up too.
A few more key resources:
Reddit - CISSP - This sub is for those who are pursuing the CISSP® and those who have taken the exam and wish to provide feedback on the study methodology and materials employed.
Pocket Prep is a handy question bank to use along the way. It’s a great mobile app with some great CISSP questions and explanations. Highly recommended!
Prabh Nair has some amazing videos on CISSP and is great content to watch throughout the journey.
Good Luck!
Doing all of these steps is what I believe is the best and most efficient way to self-study and pass the CISSP exam.
I had many 4 am mornings and late nights in preparation, and I lost time out with family and friends and needed a good support structure so I could focus.
I would advise if undergoing the CISSP journey you consider this carefully and have conversations with close ones so that they understand the time commitment you are making.
Thank you :)
If you’ve enjoyed this, show some love and comment, share, and subscribe. Reach out to me on Linkedin too if you have any questions - happy to help!