How to Pass the Most Ridiculous Information Security Exam without Money in under a Year

Recently ranked #6 highest paying IT certification

Photo by Siora Photography on Unsplash

If you’re in the network security game, also known as the cyber security industry, there’s a very good chance you’ve heard of the CISSP certification. The flagship ISC knighthood so many desire yet few attain.

Here’s what I can share;

1. Why the CISSP Certification is stupid.
2. Why the CISSP Certification is Not stupid.
3. The Unexpected upside.
4. How to pass on a shoe-string-budget, first time.

If like me you’ve dabbled with ‘typical’ technology exams from the likes of Cisco, Juniper, Checkpoint, Bluecoat etcetera, you’ll be familiar with the IT certification process. If you’re not familiar this is how it goes: One week away from the office, only to be seated in an overly air conditioned office-like conference room, mediocre coffee on-tap and a stack of training centre branded notepads you’ll never use again.

It’s in this environment you deep dive the next four and half days on a given technology course.

The exam? you book and sit this after the training at your local Pearson exam centre, for me, this was my local Nigerian video rental store basement (I’m serious, I loved it), rows of computers packed in cubicles with seven or more webcams pointed at you throughout your 90 minute exam.

When you do pass (we’re still talking about the the typical IT exam here), you return back to your work desk a more ‘valued employee’, a hero draped in a cloak of expertise, your colleagues tease you for at least a month and your boss creates a subject-matter-expert email alias, with you as the only member.

If you’re new to the IT profession (I’m talking to the students who might be reading) welcome to a career in information technology.

SO, let’s talk CISSP and why it’s so stupid.

I found myself amongst a small group of hardcore security professionals (people way smarter than me), who viewed the CISSP as pointless, expensive, excessive and far too ‘rounded’ to actually mean anything. Naturally I shared this view, nodded and shared a forced laugh.

I took it one step further by secretly embarking on a journey to validate my grievances at ISC by actually reading the first few pages of the study material.

Sure enough, I was right, this was a real bore, painful and worse than I imagined — that was until something changed.

I found the source of my self-made-disgruntlement, in plain sight.

Photo by Patrick Tomasso on Unsplash

Simply put — it was the order in which I was reading the book! For heavens sakes do not read the study material chronologically! here’s why;

If you’re an IT professional, network engineer or a recent graduate looking for a reason to study again, you’ll find the first few chapters of the CISSP to be, well, a scientific leap in curing insomnia.

Reading passages on law, US regulation, compliance and governance for anyone in an IT role is beyond painful, of course this fed perfectly into my self-prescribed disdain for the CISSP, (unless those things float your boat).

However, once I got through the pain of the first chapters, parked my ego and rolled up my sleeves, things started to fall in place.

If you decide to self study like I did, which I absolutely believe you can. I encourage you to not start at the start. It’s better you find a chapter or a topic you can relate to and start there. Rather than waking to the sound of a heavy book falling from your lap re-reading every page on civil law. This eventually cost me 2–3 months in my self-study journey.

Photo by Chris Benson on Unsplash

Naturally I got into the flow of the study guide and you too will. On the very odd occasion you may even experience a fleeting moment of joy witnessing the authors discuss and present a ‘technology-abstracted-view’ on subjects you may already be accustomed to.

As I approached the end of the study material it became glaring obvious the CISSP certification was indeed not stupid, here are some of the unexpected upsides from both the study process and the end certification;

1. You’ll harness a new ability to quietly reverse engineer management buying decisions, without too much fist-waving-at-a-screen (most decisions I should say, some will forever remain a mystery)
2. You’ll gain an insight into technology stacks, what goes where and why, without necessarily being a ninja or knowing the bits and bytes of each component.
3. You’ll gain a much better understanding of risk and risk measurement — as cliché as that reads, this is the language of the board and executive management.
4. Whether you plan to engage more with C level or not, the study will oddly enable and arm you with the confidence to do so.
5. You’ll find a new voice on technologies and functions you may have been accustomed to for years, ‘the suits will get you’. This is a real mindset shift from possibly being a technology expert only.
6. Naturally, you’ll be less precious about the underlying technologies delivering a certain function (although, this might just apply to me).

What I can unreservedly tell all those reading; is that gaining a deeper understanding on information security at this level will sky rocket both your professional and personal development — something I plan to write more on in the future.

SO, if you’ve considered taking the certification, thought the certification was stupid or simply couldn’t find the time, energy or budget for formal training.

This is how you can self-study the exam and pass first time;

Photo by Cathryn Lavery on Unsplash

• Get yourself these books and nothing more. You must read the study guide entirely.
• Only get THIS book when you’ve completed both the Study Guide and the Practice Test book mentioned above, this is still an optional extra.
• Commit to an exam date early, don’t treat this as an option. If you’re putting in the effort to get through the material you owe it yourself to commit to an exam date, for me it took 11 months, but don’t let that put you off, had I started right, maybe 6 months would have sufficed.
• Block out 30–45 minutes at least three to four days a week to read the study guide, whatever works for you, the paperback books worked best for me and kept the distractions at bay.
• Lastly, write your name somewhere, add ‘CISSP’ at the end. Don’t ask why, just do it. Put this label somewhere you’ll see it whenever you start studying, this is something I learned years ago from the Cisco CBT training legend Jeremy.

As for the CISSP exam, well it was difficult, really difficult, to the point where I had talked myself into a watertight excuse as to why I didn’t pass first time and what I needed to do better next time. I did this all before I stood up and collected the results!

Don’t panic, this feeling especially for the CISSP exam appears to be the norm,The ISC exam writers are clearly lunatics. Head over to the reddit pages to read similar experiences.

Lastly, read the question, read the answers and re-read the question, this is not a typical IT/ networking exam — I tried to get clever through an ‘answer-elimination-process’, this will only frustrate you. Take your time, clear your head, read the questions in a relaxed manner.

Look, If I can meet the exam prerequisites, study for and pass this exam with nothing more than two maybe three books, so can you.

Hear that sound? That’s your future-self already thanking you!

Want to read more on career development, personal progression, cyber security and similar stuff? Consider joining the four others in my mailing list here :)

Small print(s):
Bootcamps, I have no idea about them, I’ve never used them, some friends have suggested they are terrible and designed to get you to pass an exam only, without retaining any actual knowledge. Some others have said the opposite — this post is about passing on a shoe-string budget, I really have no experience with bootcamps.
Additional study material, I searched high and low for shortcut material, honestly there are none, I came across some good videos and audio content but found the subject coverage to be too shallow, in the end, I accepted the study guide had to be read, entirely.
Affiliate links, if I’ve used an affiliate link and you click&buy using that link, and if the stars align, I may get thrown some pocket change in return.
Views and Opinions expressed are my own and not that of my employer.