Hello, everyone😊

2025 is here, and I hope this year brings you closer to achieving your personal and professional dreams. I’m thrilled to share some good news: I’m now officially a Certified Information Systems Security Professional (CISSP).

The CISSP journey has been one of the most challenging experiences in my career. While preparing for it, I realized it would be useful to share tips and insights to help others navigate this path. If you’re an aspiring CISSP, I hope these tips make your journey more manageable.

1. Understand why you want to become CISSP

Reflect on your reason for pursuing CISSP, and let it anchor you throughout the process. For me, the CISSP was more than just a credential—it was a commitment to deepening my expertise in information security, enhancing my career prospects, and (hopefully) contributing to a safer digital world. This "why" will help you be motivated through long study sessions, tough practice questions, and moments of self-doubt.

2. Use the right resources

It's essential to select effective and trustworthy study materials. Here's what worked for me:

a. CISSP Official Study Guide & Practice Tests by Mike Chapple et al.

This comprehensive guide helped me systematically cover the eight CISSP domains. The practice tests were instrumental in identifying my weak areas and honing my exam strategy. 

b. Pete Zerger's CISSP YouTube Videos

Pete’s concise explanations and practical examples made complex topics easier to grasp. Don't forget to also watch the 2024 addendum video.

c. Sunflower CISSP Summary

This resource was a hero for quick revisions. It distills key concepts into a compact, digestible format suitable for last-minute reviews.

d. Resources to shape the right mindset

Preparing for CISSP is not just about mastering the content—it’s about developing the mindset of a security leader. These videos helped me align my thinking with the exam’s expectations:

a. Why you will pass the CISSP by Kelly Handerhan

b. How To Think Like A Manager for the CISSP Exam - Director's Cut by Prabh Nair

c. How to "Think like a Manager" for the CISSP Exam by Pete Zerger

These resources taught me to approach scenarios with a big-picture perspective and to consider the organization’s risk appetite, compliance requirements, and operational goals.

3. Build a solid foundation with work experience

The CISSP isn’t just a theoretical exam—it’s designed for practitioners. The questions often test your ability to apply security principles in real-world scenarios. If you’re new to the field, don’t worry. You can still take the exam and earn the Associate of ISC2 designation, working toward your required experience later. But real-life exposure to security operations, risk management, and so on will give you an edge.

4. Domain by domain

The CISSP exam covers eight domains, each requiring a mix of technical knowledge and strategic thinking. My approach:

a. Domain-by-domain study: I focused on one domain at a time, using the official study guide and videos to understand key concepts deeply.

b. Conceptual clarity: Instead of memorizing materials, I aimed to understand the philosophy behind every concept.

5. Practice like it’s the real exam

Practicing exam questions is non-negotiable. Here’s how I practiced:

a. Allocating time to practice questions: I dedicated days to solving practice questions from the CISSP Official Practice Tests and other online resources (one of my favorites: www.examtopics.com).

b. Full-length simulations: Attempting mock exams under timed conditions helped me build endurance and refine my pacing strategy.

c. Focus on weak areas: Each incorrect answer was a learning opportunity. I reviewed explanations thoroughly to strengthen weak areas.

6. Develop the CISSP mindset

To pass the CISSP, one must think like a security leader. This means:

a. Always use the business perspective—therefore security efforts should align with business objectives.

b. Think security with a holistic approach

c.  Help the business manager make decisions based on the risk.

d.  Considering long-term implications over short-term fixes.

e.  Human safety is always the first priority

f.   Always consider the cost vs benefit of every effort

g.   Guide our organization to behave ethically

h.  Compliance and ethics are important

7. Time management during the exam

The CISSP exam is adaptive, with 100–150 questions to answer in 3 hours. My strategies:

a.  1 Minute per question: Stay around this limit to avoid running out of time.

b.   Stay calm: Trust your preparation and yourself.

c.  Don’t give up too early: When I reached the 100th question during my CISSP exam, I started doubting myself—thinking I might not be cut out for it since others had passed after 100 or 130 questions. But it doesn’t end until it ends so keep doing your best.

8. Take care of your well-being

CISSP preparation is a marathon, not a sprint. Here’s how I stayed balanced:

a.  Rest: Sleep is crucial, especially before the exam.

b.  Exercise: Staying active kept my stress levels in check.

c.   Breaks: I took short breaks during study sessions to maintain focus.

9. Read the CISSP’s holders’ stories

One of the most underrated preparation strategies is reading the experiences and stories of CISSP holders. Their journeys provide invaluable insights beyond study materials, offering practical tips and lessons learned from real-world attempts.

10. Pray, trust, and persevere

For me, prayer was a source of strength and calmness. Whether you pray, meditate, or practice mindfulness, find something that grounds you and keeps you focused on the journey ahead.

Final Thoughts

The CISSP journey isn’t just about passing an exam—it’s about becoming a better information security professional. While the process can be demanding, the growth you experience makes it worthwhile.

If you’re currently preparing for the CISSP or considering it, I’m rooting for you! Feel free to reach out if you have questions or need encouragement. Let’s build a more secure digital world together.

Good luck, everyone 😊