My CISSP journey began in July 2024 when I started online training with an online training company. I have always aspired to hold a managerial position in IT security, such as a CISO. In order to reach that position, I realized that the CISSP certification provides essential knowledge.
In May 2024, I was contacted by a sales representative on LinkedIn offering the CISSP certification. I was initially cautious and wondered whether the company was legitimate or just a scam attempt. After conducting some basic checks, I decided to enroll in the online class, which began in July 2024 and ended the following month. The course consisted of 8 sessions, each lasting about 3 hours, and was held only on weekends, which was suitable for me due to my professional commitments.
After completing the online sessions, I downloaded The Sunflower CISSP Summary book, which helped me review the 8 domains covered in the course. I also kept a notebook to take important notes. I highly recommend this book, as it contains the key topics for each domain of CISSP.
Once I finished reviewing the summary, I began preparing for the exam. My first resource was certpreps.com, but I didn’t find it very useful. A close friend of mine then recommended the DestCert app (a free mobile application) and LearnZapp, which is the ISC2 official CISSP app that requires a paid subscription. I started with DestCert, which contained just under 700 questions. I learned a lot from this app. Then, I subscribed to LearnZapp for 2 months. The app offered more than 2,000 questions spread across the 8 domains. I first tried to read all the questions, then I completed the 8 practice tests (each with 125 questions), and used the “Create Custom Test” feature to generate more practice tests for review. Reading everyday multiple-choice questions was quite challenging for me, as I’m more inclined toward hands-on exercises in a lab environment, as I’ve done for most of my other certifications.
After 2 months of preparation, I purchased the “CISSP Peace Of Mind Protection” voucher (currently no longer available), a promotion from ISC2 that allowed a second exam attempt if the first one failed, with an additional $100 charge on the regular exam voucher price.
I scheduled my exam for November 21st 2024, as I was feeling fatigued from daily studying and unsure of how the exam questions would appear. I was thinking to take advantage of the second-chance attempt in case I failed. However, it’s worth mentioning that I was growing more comfortable with the practice tests on LearnZapp, where I was achieving good results. According to the app, I was 89% ready for the exam.
On the day of the exam, I was extremely stressed and nervous. I had no idea what the exam would be like and wasn’t confident that I would pass, despite all my preparation. During my prep, I read that the exam could have up to 150 questions, so I expected something close to that. To my surprise, I had just over 100 questions (I don’t remember the exact number). The exam window suddenly closed without warning, and I exited the exam room. The woman at the desk already had the printed result, and with a smile, she was congratulating me to have passed the exam. My first reaction was “Really?” I couldn’t believe I had passed. I hugged her to express my joy — it was an unexpected outcome. After taking a moment to process, I realized I had indeed passed the exam on my first attempt. I felt gratitude and shared the good news with those close to me.
The next step was endorsement. After passing the exam, ISC2 required me to be endorsed by an ISC2 member or another qualified individual. My cybersecurity mentor endorsed me. Six weeks later (the maximum allowed by ISC2 to review the application), I emailed ISC2 regarding the delay. They apologized, explaining that the issue was internal, and sent the endorsement approval email on January 8, 2025. The final step to becoming a CISSP was to pay the annual membership fee, which I did on January 11.
What’s next?
My goal of becoming a manager in a cybersecurity team hasn’t changed. I believe that in addition to having a broad understanding of IT, I must continue improving my skills in management, governance, risk management, and technical areas.
Online Resources:
