Well, this post has been a long time coming. I have been wanting to take the CISSP exam for quite a while. I had tried off and on beforehand but never really sat down to study it. What finally motivated me was seeing an advertisement for the FRSecure Training Course that was offered free. I saw that back in January, it started in March. So in reality, I spent since February 2022 to this point studying for the exam. It has been a ride.

So What Worked.

I first started in February, knowing I would have until April 11th before the course started. Material-wise, I had my notes from when I did the free CISSP course on Youtube last fall so I had a starting point there. Those eventually became my Git Repository for my notes. I wanted to get some material fresh in my head from a cybersecurity standpoint, so I did something a little unconventional, I took Security Plus first. I used the Udemy course from Dion Training to get quickly up to date on some of the latest material. I took that test the first week of April (at the Michigan State University Campus which is a beautiful campus, Go Green!!!) and passed. Next, I purchased the book that FRSecure uses for the CISSP, the CBK from ISC2. I like how this book is laid out compared to the Official Study Guide. Subjects were clear, easy to read, and not full of fluff. Combined with the instruction from the FRSecure team, it got me up to date on what to do for the CISSP exam. The course took two months to finish, by June I was on my own.

Bridging the Gap.

After the end of the course, I spent the next month studying and taking practice tests to see how well the material stuck in my head. For this, I used the CISSP Official App and CCCure and started taking practice exams 25 questions at a time. By mid-June I had felt confident enough to take the exam. My original date was July 29th but due to a work commitment, I pushed it to August 5th. To help me study and not be stressed, I took Monday though Thursday (along with test day) off from work. From there I kept studying the following material

• Rereading sections of the CBK
• Reading the summaries for each chapter from the Official Study Guide (I had a copy of the 8th edition and made good use of it)
• Using the notes I have posted in my Readme file for my CISSP Notes Repository

I teamed up with a study buddy who was also studying some items (not the CISSP) to hold me accountable. So I spent quite a few hours on Saturdays roaming coffee shops and libraries in the Greater Ann Arbor area (love the city, great school, don’t ask me about football) just studying. I would watch videos, read my notes, read the books I had, read other notes I pulled off the Slack Channel for FRSecure, took small quick practice exams (10 to 25 questions mostly, never over 50 questions), and just absorbed the data. After a while, I could tell it was sticking.

Leading up to exam day, with no work on the schedule, I spent my time going over it again, retyping and updating notes (you will see I was updating my Github till 0 hour), I just wanted to document and commit to memory everything I could. I did take time to relax as well so that on test day, I would not be stressed out.

Test Day

I didn’t sleep well the night before. It was due to just nerves and excitement to take this darn thing. I had a good breakfast in the morning and left my house at 8 am (the test is at Noon). I wanted to make sure I would not be hurried or if I ran into issues, I would still have enough time to park and take the exam (back at MSU). On the way there, I listened to Why you will pass the CISSP by Kelly Handerhan and Top 5 Reasons You will Fail the CISSP Cyber Security Certification Exam. I think these helped me get into the right mindset for the exam. When I arrived in the general area, I camped out at a McDonald’s and went over my notes one final time.

It was finally time to got the test center. I can’t talk about what was on the exam other than, study everything. I stayed calm and honestly, it was kinda fun taking the exam. I felt like I was finally at the point to take it and for me, that was a joy. I was not pressed for time and was doing well as I approached 125 questions. As I got a few questions nearer I said to myself “Ok, if this thing stops, I failed, if it continues, then I am still in it”. After answering the 125th question, it stopped. I didn’t get mad, I didn’t feel defeated, I accepted what was to come.

When the person working the test center handed me the results, I read the results, then I asked the person at the counter to read it, “Congratulations, you passed”. I had passed in about 90 minutes. I walked out of the testing center still in disbelief that this exam I have wanted to get for the last 3 years, spent 6 months studying for (and threw in an extra exam to boot) was finally over.

What’s Next and Lessons Learned

I have no clue what certification exam I want to tackle next. I am looking at both PenTest+ and Project+ to tighten up my Vulnerability Assessment skills and my Project Management Skills. I also want to learn a new language (Korean). Of course, things are not 100% done as ISC2 has to certify my credentials and make everything official. With 15 years of doing this professionally under my belt, I think I will be ok.

Some things I learned:

• Do not use just one study source, have videos, couple books, and a study group.
• Practice, Practice, Practice. If I had failed today, I would have blamed it on my lack of taking practice exams
• Study Everything.
• Think Like a Manager.
• Don’t assume something is your strong point. I thought I was strong in technical and weak in software development. I think I evened that out by the end of my studies.

Another thing, having the job experience helps. There were times I had to rely on my work experience and integrate it into what I learned from the CBK.

For those reading this, definitely fork/download/favorite my Github repository. Those notes helped me out despite being kind of a jumbled mess. But honestly, it is all fair game.

73’s and take care, I have some celebrating to do.