We interviewed a bunch of people that can help you out if you’re interested in passing the CISSP first time.
Certifications we’ve asked for advice from professionals that passed them include:
- C|EH (Certified Ethical Hacker)
- CISSP (Certified Information Systems Security Professional)
- OSCP (Offensive Security Certified Professional)
What Will I Learn?
- We Asked InfoSec Professionals: Is CISSP Difficult?
- Dirk Groben | CISSP, CSIRT
- Roberto Contreras | CISSP, CISM, CEH, CISA, CPTE
- Xerxes Kiok Kan | CISSP, PIMS, CISM, CRISC, C|HFI
- David Schwartzberg | CISSP, GIAC GMOB
- Danny Ha | CISSP, PhD, FCRP, PMP, ITIL
- Anthony Leece | CISSP, GCIH
- Leighton Johnson | CISSP
- Kevin Tighe | CISSP, CEH, MCP
- Richard Starnes | CISSP, ISSA and BCS Fellow
- Michalis Papachristoforou | CISSP, PECB-CDPO, PRINCE 2
- Andreia Goncalves Pinheiro Santos | CISSP, CEH
- Saad Moten | CISSP, CISA, CISM, CDCS, CDCP, PMP, ITIL
We Asked InfoSec Professionals: Is CISSP Difficult?
70% of respondents so far answered that “Yes”, CISSP is a ‘difficult’ Certification.
Of course, the real answer to this question is: ‘it depends.’
Whether or not you find CISSP hard to pass the first time depends greatly on your experience and ability to learn.
CISSP is a senior IT Security Cert and it does require in-depth knowledge.
Love it or loathe it let’s just agree that HR and Recruiters tend to love this Cybersecurity Certification. Indeed, many recruiters consider CISSP as an essential part of the recruitment process.
To help you we thought we’d contact Cybersecurity Professionals that have taken and passed CISSP what for their thoughts and experience on how they studied for and passed CISSP, and, whether having the designation has helped their career.
Without stating the obvious, CISSP is certainly one of those InfoSec certs that is aimed squarely at Senior Cybersecurity Management.
Dirk Groben | CISSP, CSIRT
Senior Cyber Security Expert
I’ve read books for CISSP examinations. But forget the brain dumping stuff. The exam is about thinking differently. And you need to learn to gain your thoughts straight and understanding all vectors included in the process.
Roberto Contreras | CISSP, CISM, CEH, CISA, CPTE
A lot of reading and practice.
Xerxes Kiok Kan | CISSP, PIMS, CISM, CRISC, C|HFI
Head of Security & Controls at Anglo-Eastern
This exam will test your knowledge in Information Security Field, it is a Kilometer wide topic and an inch deep. Understand the domain and how it will be implementing real situations rather than theories only or memorization.
David Schwartzberg | CISSP, GIAC GMOB
Technical Solutions Architect at Cisco
Study for at least 3 months prior to sitting. 1 month prior to sitting for the exam answer practice questions daily.
Danny Ha | CISSP, PhD, FCRP, PMP, ITIL
AI Fintech ERM Advisor
I studied CISSP in 2000. There were not many good textbooks that year. I studied all the domains according to the given syllabus from ISC2 and tried very hard to find the related material on the internet including the below textbook. I passed the CISSP in 2000. After starting to conduct CISSP training in 2001, I wrote praise on the endpaper to recommend the book CISSP All-in-One Exam Guide by Shon Harris in 2002. After all these years of teaching until now, I still recommend this textbook. The book could explain security management concepts from basic, linking up to other topics well, and easy to understand. It is the 7th Edition now. I do not have this book, but I think it is fine as well.
Anthony Leece | CISSP, GCIH
Information Security Consultant
I found the study guides to be the most helpful. They distilled the main information points to a more digestible form than the ISC2 CBK book. Practice tests are also helpful, but they can create a situation where not all information is covered, so be sure to read the material that goes along with it.
Leighton Johnson | CISSP
Information Security Consultant
Study the areas you don’t know first, but review all domains.
Kevin Tighe | CISSP, CEH, MCP
Senior System Analyst at Steampunk
Don’t rely on what you know, follow the book and answer the way the test writer wants, even if it is not necessarily best practice in real life.
Richard Starnes | CISSP, ISSA and BCS Fellow
Chief Security Strategist, Capgemini
Go through the CBK and honestly evaluate your strengths and weakness. Study the weaknesses first. The study, Study some more. Take practice exams. Take the ISC2 course if you can. Get a good night’s sleep and pack lunch for the test. Take a break halfway through the exam. Don’t fight the question. Pick the right answer even if you don’t agree with it. Don’t change your answer once you have made it.
Michalis Papachristoforou | CISSP, PECB-CDPO, PRINCE 2
Data Risk Manager
Study hard and obtain hands-on experience on the CISSP domains.
Andreia Goncalves Pinheiro Santos | CISSP, CEH
Senior Cybersecurity Consultant at PwC
Study and study… Make the concepts simple in the mind.
Saad Moten | CISSP, CISA, CISM, CDCS, CDCP, PMP, ITIL
Senior Information Security Manager at Nokia
Passion for the study and take as a challenge.
BuiltWith, which I use via its' Chrome browser extension is a useful tool. Why? Because you can see what tech a website is using. The types of data you can find out about include: Their...
This is promoting a paid service (I'm not an affiliate for this product) but anyway - here it is! Just shy of a million individuals are available to advertise your brand for USD $75 each month if...