CISSP thoughts & notes
Intro
The Certified Information Systems Security Professional (CISSP) certification is a well-known credential for info security professionals. For me, getting this certification was a long-term goal. I wanted to formalize my skills and gain some recognition in the cybersecurity world – what better way to prove myself was there?
I originally planned to study for CISSP before starting my PhD, hoping to finish it while I was studying. But balancing both was tough, even impossible at times. After I graduated, I finally had time to regain my focus and double down on the certification prep.
I scheduled regular study sessions for about three months, putting in 2-3 hours during the week and 4-5 hours on weekends. On September 9, 2024, I passed the CISSP exam after answering just 100 questions!
Is it worth it?
Before committing to any certification, I always ask if it’s really worth the time and money. Will it truly help my career, or is it just another title to add to the wall? To make a good choice, I talked to friends and colleagues and researched a lot of industry articles and forums. Opinions were mixed, but most agreed the certification can boost career prospects, even if it doesn’t necessarily make you a better cybersecurity professional. I agree with that, but I also keep in mind that the CISSP exam isn’t meant to test hands-on skills. It assumes candidates are already experienced cybersecurity professionals, and (ISC)² verifies this after passing the exam. Having said all that, here are my top 4 reasons for pursuing the CISSP certification.
Non-technical aspects of cybersecurity
The CISSP exam is particularly interesting because it bridges the gap between the technical and non-technical aspects of cybersecurity. With a complex background as a software developer and researcher, and having delved deeply into the technical workings of security mechanisms, I realized I had been missing key defense layers that are essential to securing organizations, but are not purely technical.
Topics such as data ownership, policies, procedures, risk management, business continuity and legal considerations were relatively new to me. Although I had an intuitive understanding of their importance while working in cybersecurity environments, they were always handled by other stakeholders. Studying for CISSP helped me see how these elements fit into the broader security picture, giving me a more comprehensive understanding of how they all interconnect.
Systematization of knowledge
When studying for the CISSP exam, you’ll notice that it covers a wide range of topics. The official study guide alone is over 1,000 pages, so there’s a lot to take in. But the exam isn’t about memorizing every protocol or system—it’s more about understanding key concepts, how they’re applied in the real world, and how different aspects of security work together to achieve the best security posture.
What I found intriguing during my preparation was learning the backstory behind some technologies—why certain choices were made and how things evolved over time. While that kind of historical insight might not be something you use day-to-day, it’s definitely valuable knowledge.
CISSP gives you a big-picture view of cybersecurity, and that was definitely the most useful part for me. As someone with a Linux background, I also appreciated getting to learn about other proprietary security solutions. Overall, the study material offers a really solid overview of cybersecurity, which makes the whole certification process worth it.
Language
In the industry, every team has its own way of communicating. Managers focus on deliverables and risks, engineers talk about features and deadlines, while security teams discuss vulnerabilities and threats. Studying for the CISSP exam helps you gain a deep understanding of how each group perceives and talks about security.
Since communication is a crucial aspect of cybersecurity, CISSP equips you with the language needed to effectively engage with stakeholders, managers, engineers and security professionals alike. The next step is putting this knowledge into practice in real-world situations.
Formal Requirement
The CISSP exam primarily validates that you’ve got a solid grasp of non-technical security knowledge, but adding it to your CV can still give you a boost during your next technical job search. Some job listings mention CISSP as a “nice-to-have,” which can help you get through that first HR screen.
Final thought: I think certifications like CISSP are best treated as a bonus rather than the main objective. Having a strong GitHub presence, a blog or a good portfolio of projects often goes further in showcasing what you can actually do.
Study materials
There are a ton of books and question banks out there for your CISSP prep–just make sure you’re using most recent ones. I’m a fan of digital materials, but I also enjoy writing notes by hand. I mainly used the Sybex Study Guide and the All-in-One Exam Guide, focusing on the parts I needed. Then I went through hundreds (if not thousands!) of practice questions to find my weak spots and went back to review those areas. Below are the resources that helped me the most:
Oreilly library
If you can learn from digital materials instead of paper books, Oreilly library is definitely worth considering. It costs about $50 a month (as of October 2024) and gives you access to countless books and videos, including the Sybex Official Study Guide and some exam practice books. As this option is more cost-effective and environmentally friendly than buying physical books, it’s my default preference.
Link: https://www.oreilly.com/search/?q=cissp&rows=100
Learnzapp
Learnzapp is a great resource for practicing questions once you’ve read the books and tackled the questions they include. It offers both a mobile app and a web version, and you can even practice in a simulated exam mode to get a taste of the real attempt. I found it really helpful to see just how mentally draining it can be to answer over 100 questions in one sitting.
Link: https://isc2-learnzapp.web.app/home
Study Notes and Theory
Another solid resource is the study materials and questions from Luke Ahmed. His question set is intentionally quite challenging, so I recommend using it after you’ve gone through all the other materials. Just avoid doing these questions right before the exam. Since they can be harder and trickier than the actual test, you might end up a bit discouraged or even completely lose confidence if you can’t hit that passing score!
Link: https://www.studynotesandtheory.com/
Destination Certification Videos
Rob Witcher’s CISSP MindMaps are great for reviewing and pinpointing the areas you need to focus on more. The videos cover all the domains and summarize the key topics effectively.
Link:https://www.youtube.com/watch?v=hf5NwUSEkwA&list=PLZKdGEfEyJhLd-pJhAD7dNbJyUgpqI4pu
Technical Institute of America
I found Andrew Ramdayal’s videos just before the exam, and they really helped me feel confident about the topics. After tackling his 50 CISSP Practice Questions, I knew I was ready to take the exam.
Link: https://www.youtube.com/watch?v=qbVY0Cg8Ntw
Summary
Passing the CISSP exam was a fantastic journey. I learned a ton, and I’m really glad I decided to give it a go. Even before the exam, I wasn’t sure if I was ready, but I tend to second-guess myself (and after all–who is ever fully ready?). I totally recommend CISSP for anyone who’s been in cybersecurity for a few years and wants a good overview of the field. The certification gained is just the cherry on top.
Next on my list - looking at you, OSCP!