How to Pass the CISSP Exam Without Cyber Security Experience

As of August 28, 2020, I provisionally passed the CISSP exam on my first attempt. In this post, I am going to detail tips and tricks to study and pass the CISSP exam without any cyber experience.

Up until recently, I had been working as a software developer at a young Brooklyn startup. I had wanted to switch over to cybersecurity; Coronavirus was my chance.

I enrolled in SecureSet, a cybersecurity boot camp, hoping to transition to an info security career. In addition to education, certifications are often a necessary prereq for info-security roles. Sec+ is an entry certification, while CISSP is more advanced, covering all eight domains of cybersecurity on a managerial level. The topic scope is an inch deep and a mile wide. In other words, you need to know a little about a lot.

The CISSP requires five years of professional experience in at least two of the eight topic domains of the exam, or four years if you have a bachelor’s degree or already have other particular certifications like the Cisco CCNP.

At the time of taking the CISSP, I did not have a bachelor’s degree nor five years of experience in the field. If you don’t have the qualifications required, you can instead become an associate of (ISC)². That means that you can take the CISSP certification exam without the required work experience. When you pass, you become an Associate of (ISC)² as you work to gain the requirements to achieve full certification.

I decided to study for the CISSP exam for a few reasons. Being that I was a cyber newbie, I wanted the opportunity to get a broad introduction to the infosec field; even if I didn’t pass, I would learn a lot. Additionally, when I read reviews of people taking the CISSP, I saw the exam was extremely challenging for people who had the necessary experience. CISSP covers all five domains of security, while most people only have experience in one or two areas. I reasoned that it is hard to take the exam even with five years of experience. I might as well put in the effort now.

Studying and Learning for the CISSP

1. I created a study schedule and booked the exam. I figured that I would need about 90 hours of study for the exam; it took me roughly two and a half months to prepare. I find it easier to study consistently in the morning, so I woke up at 5 am every morning to get the studying out of the way. The hardest part of studying is waking up. If you create a consistent process to wake up on time, you are paving the road to success.
2. I read through the Sybex 8th Edition and took notes. After every chapter, there is a quiz. I would not let myself go forward if I didn’t get a score of over 80%. Some people take notes using flashcards or drawing visual diagrams. I found it to be the most helpful highlight and take notes directly on the side of the book.
3. After reading the book once, I read it a second time, determining which areas I needed to hone in.
4. The Sybex book comes with an official book of exam questions. I started doing 75 exam questions a day. When I ran out, I went online and completed practice problems on the online portal. I tried not to reuse any questions. I spent 50% of my time studying CISSP materials and 50% of my time doing practice questions.
5. IT DOJO has over 100 great videos on the CISSP exam. I watched every single one of his videos and did the questions along with him.
6. I joined the CISSP discord chat.
7. I blocked off my study time on Sundays to simulate practice tests.
8. I encountered the CISSP sunflower document that helped me see the scope of the exam. I didn’t refer to it so much.

The day of the test

A day before the test, I stopped studying; I wanted to leave my mind open to taking the exam. At this point, cramming cannot help anymore. I went to sleep on time and woke up for the first time late. I ate a nutritious breakfast and arrived at the exam center 45 minutes early. It is important to come early to the testing center because the intake process at the PPC is highly rigorous, including multiple palm print scans.

Studying for the exam and the actual exam experience is very different. Many of the practice tests are technical. However, on the exam, it is common for a few of the answers to be correct, but one solution encompasses the others. Good reading comprehension, and not just pure technical knowledge, are critical to passing this exam.

I am grateful that I spent the time to take this exam. I feel like I’ve gained something valuable. Besides obtaining the certificate, I learned an incredible amount, and I got to see cybersecurity from a variety of lenses.

Relevant Materials I used to Pass

• Sybex Official Study Guide, 8th Edition
• Sybex Official Practice Tests, 2nd Edition
• “Sunflower” Guide
• Kelly Handerhan: Why you WILL pass the CISSP
• ISC² CNN Discord Group
• IT Dojo Questions on Youtube
• Adams Gordon free Mini Class

Good luck, CISSP Wannabe!

Let me know how I can help further!