How I Studied And Passed The CISSP Exam in 2020

Share this

Everyone has heard the stories of how tough the Certified Information Systems Security Professional (CISSP) examination is.  It’s been described as taxing, mind-blowing and hard to pass.  In fact, in many tech circles, it is known as the exam where 50% of the applicants do not pass it on the first try. It is for this reason that this test strikes fear in the hearts of future security professionals looking to climb this mountain.  I will confess, it took me more than 8 years to get over my anxiety and attempt this feat, but 2020 was going to be my year.

I can’t tell you how many times this certification was on my New Years Resolution and each year it would be transferred to the next.  So what changed?  Honestly, I can’t pinpoint the single event but if I had to put my thumb on the pulse, I think the current pandemic put things into perspective for me.  

With the economy in shambles in early March and the amount of job losses in a single quarter, I knew I needed to figure out what I was passionate about and probably more importantly, a contingency plan in the event things get worse.  No one likes to think that their job may be at risk, but the reality is no matter how stable a company is, there is always a chance you could be promoted to customer.  I’m of firm belief that there is no greater conqueror to anxiety than a sense of purpose and the CISSP was mine.

Now, I will be the first to admit that there is no one panacea on studying for this test.  Hoping this is not a shocker to you; it is the honest truth.  Effectively studying for this test requires an approach of understanding the security principles and not just memorization of acronyms, ports and 800-series frameworks. As I stated on my previous blog post, 5 Steps to Pass The Comptia Security+ Exam, you have to be honest with yourself and determine where you are weak in your knowledge base and constantly focus on ways to improve.

So how did I study for the CISSP?  I used a layer approach that primarily focused on Video Lectures, Forums and Practice Tests.  Below I will list the resources and tactics I used up until the day of the exam.

Resources to Study for the CISSP:


YouTube Video Lectures

Practice Exams

Schedule The Exam

Graph Your Scores

The Aftermath


My First Stop was and taking Kelly Handerhan’s class entitled Certified Information Systems Security Professional (CISSP).  The course itself is a little over 19 hours and includes a lab to go over the Business Continuity Planning objectives.  If you are a paid subscriber to Cybrary, it will also come with access to a practice exam through one of their vendors as well as access to their Slacker channel.  The latter I cannot express how invaluable this was for me.

The Slacker channel gives you access to other CISSP professionals appropriately titled, mentors.  They are very responsive and helpful in answering any questions you may have even if you get the information from an outside vendor.

Once I finished her course and uploaded the CEU credits towards my Sec+, I did my first practice test to help measure my strengths and weaknesses.  I learned that Cryptography and Software Defined Life Cycles were not my strongest areas.   Afterwards, I supplemented her lectures with a few Youtube ones.


YouTube Video Lectures

I think people take for granted how useful YouTube really is.  For my next study approach, I watched Sagar Bansal’s free CISSP Master Class.  The video itself is nearly 10 hours long, so I broke these into 2-hour blocks at a video speed of x1.50.  

The one thing that I appreciate most about the way Sagar approaches the CISSP explanations, is that he gives great analogies and tips on how to remember things.  For instance, Fire Extinguisher classes are important to know especially in a Data Center environment.  He stated the easiest way to remember is Class A stands for Ashes (i.e. paper, wood products), B – Liquids, C – for Computers (i.e. Electrical equipment) and D – for gases.  It was simple and effective.

After each 2-hour block, I would do a quick 60 question practice exam on Cybrary.  It is always important to gauge your understanding and progress.

Another great resource I found on Youtube was the CISSP Practice Question of the Day by IT Dojo.  Colin Weaver gives 2 questions per video on the various domain topics with some solid explanations on why the answer is correct or incorrect.


Practice Exams

As I stated before, I used one of Cybrary’s vendors to take my initial practice exams but I wasn’t satisfied with the way the information was presented.  There would often be questions that had 8 answer choices which almost never a single answer option as correct with some questionable phraseology. I realized I wasn’t learning with this approach and often would get frustrated.

It was at this point that I needed to pivot.  I picked up the Official ISC2 CISSP Practice Tests (Second Edition) on Amazon.  I’m going to put this in bold because I cannot stress this enough, THIS BOOK IS NOT OPTIONAL;IT SHOULD BE CONSIDERED MANDATORY FOR YOUR STUDIES.  The secret to this book is not the material within it, but the online practice exam that you have access to.  Once you register and gain access, you can shelve this book.

This practice exam was everything for me.  It gave the option to test by domains or simulate an actual exam.  You could also set the amount of questions and it measures collectively the amount of questions you got correct in the total test bank.  It also allowed you to focus on the domains that you were weak on.  

As I would get the answers wrong, the test would give you a detailed explanation of why it was wrong as well as the correct answer.  Immediately, I documented this and used it as part of my studying. I improved tremendously my knowledge on Cryptography and SDLC with this approach.  I tested myself 3 times a day for 5 days a week.  Once I achieved a consistent 70% overall, it was time to schedule my exam.  


Schedule Your Exam

Originally, I planned on taking this test in May 2020 but with everything going on with the Pandemic, it was clear that August would be a more appropriate timeframe for me.  I also knew that if I didn’t schedule my exam on the date that I wanted to, I would continuously push back the date as I had been the last 8 years.  As I stated in a previous blog post on scheduling exams, “Procrastination is the killer of all progress.”

My best advice: don’t delay.  Once you have a consistent passing score, it is time to schedule the exam with the ISC2 website. I am of the firm belief that when you are bumped against a timeline that has consequences, you tend to do better and retain more.  It’s not about getting 95% or more.  It’s just about understanding and passing.


Graph Your Practice Scores

Once I scheduled my exam, I started to keep track of my scores on a spreadsheet.  My scores are a combination of the Cybrary Practice Exam and the ISC2 Official Practice Exam.  I would keep track of the highest daily score.  I feel that having a visual representation of your progress is a good measurement for your overall progress.  

Here is what mine looked like. It was obvious that I had struggles especially when it came to the Cybrary exams, but when I switched over to the Official Practice Exam, I tended to rank higher.  I also did better on 150 questions vs. 60 question sets.

CISSP Practice Exam Scores

Many have asked for a copy of this spreadsheet, so I will make it available free to all community members of this blog.  Use the banner to the right to gain access if you are not a member.  Speaking of blog….


Blog Your Progress

Truth be told, I set this blog up for the sole purpose of helping others and myself while I was studying for this exam.  I felt that if I can blogged (and in many cases vlogged) about what I have learned, it would help me retain the information and at the same time provide insight to those aspiring.  I truly believe that knowledge should be shared and collaboration should be had without an altier motive.  Call me old school.

In the end, I feel like blogging has helped keep me honest.  At times I wanted to skip blogging because I felt like I had nothing to share but as I have posted, people have consumed the content which has helped keep me motivated.  I’m hoping that it has the same impact for you.


Did I Pass The CISSP Exam?

On August 15, 2020, I successfully passed my CISSP exam.  This was my first attempt and words could not describe how happy I felt in that moment.  All of the anxiety and pressure went away immediately after reading my letter of confirmation.  Although I cannot disclose details on the test itself, I will say that I probably would not have passed this test had I not used this approach for studying.

I’m eternally grateful to those who have provided their time and efforts like Kelly Handerhan, Sagar Bansal, Collin Weaver, Mike Chapple and more.  Being a fellow content creator myself, I know that it is not easy to put that material together and know whether it has an impact on others lives.  Well I’m a testament that it has.

Later in the week, I will post a second set of resources to include contact information.  I hope you found this information useful and please let me know when you passed the exam and if any of this information was useful for you.

Good Luck!!

To support this blog, this post may contain affiliate links. Please read our Privacy Policy for more information.

Drawing on over two decades of experience in the Information Technology industry, I have acquired a diverse range of roles that have shaped my distinctive outlook. Through this journey, I have developed into an accomplished authority in risk management, catering to Fortune 500 companies and small businesses on a global scale. Over the past 12 years, my primary focus has centered on empowering small business owners and insurance professionals to comprehend the ramifications of cyber incidents and effectively mitigate the risks associated with potential data breaches. My passion for cybersecurity has inspired me to create the Sage Knows IT blog. Through this platform, I aim to help small business owners and aspiring IT professionals understand the roadmap of the IT industry based on my experiences. Information Technology and Information Security are crucial for our future, and I hope my blog will motivate those who are interested in joining this ever-evolving field.

Related Posts

Maximizing Email Security: Understanding the Importance of DKIM, SPF, and DMARC

Email is a crucial part of our daily lives, but unfortunately, it’s also a popular target for cybercriminals who use various tactics like spam, phishing, and spoofing to scam people. The FTC recently issued a warning to users of MetaMask and PayPal about phishing scams that are currently circulating through fake emails. The scam claims that the user’s cryptocurrency wallet has been blocked and encourages them to click a link and update their wallet to prevent the loss of their crypto. To protect email users from these threats, authentication protocols like DKIM, SPF, and DMARC are strongly recommended.

Top 10 Cybersecurity Job Sites

Top 10 Job Sites for Cybersecurity Professionals

As the world continues to rely heavily on technology, the demand for cybersecurity professionals continues to grow. Cybersecurity jobs offer high salaries, job security, and a wide range of career options. However, finding the right job can be challenging.

Investigating the FAA Outage: Separating Fact from Fiction

On January 11th, the Federal Aviation Administration (FAA) experienced a nationwide outage that caused widespread delays and cancellations for flights across the United States. The outage was caused by a problem with the FAA’s NOTAM (Notice To Air Mission) system.

NOTAMs are messages issued by the FAA to provide pilots with important information about flight restrictions, hazards, and other critical information. The NOTAM system is a critical component of the FAA’s air traffic control infrastructure, and the outage caused a ripple effect throughout the entire aviation system.

Failing Exams: How to Turn Failure into an Opportunity for Growth

One of the most valuable lessons I have learned is that failing an exam is not the end of the world. In fact, it can be a crucial step in the learning process. When we fail, it forces us to take a step back and assess what went wrong.

What Is Symmetric Encryption? [VIDEO]

Symmetric Encryption is an algorithm that uses the same secret key to both encrypt and decrypt plaintext into ciphertext….

CIA Triad 2022

Understanding the CIA Triad in 2022

A question I commonly see when individuals are trying to break into the Cybersecurity industry is: What do I need to understand to be successful and make…

This Post Has 2 Comments

Comments are closed.