My CISSP story part 2

CISSP part 2

So last time I spoke to my experiences with studying for the CISSP.  This post will cover the weeks leading up to the exam.  After all of the studying for months prior to the exam, I began taking full practice tests.

Slap in the face

My first full test practice exam I failed.  I got a 50% on it.  I was scared, I didn’t know what to do, and I might have freaked out a little.  After all, I took it after doing all this hard work to get ready for the exam.  I started reading a little bit more about it, and that’s when I started to change my mindset.  As I mentioned in the previous post, you have to be able to think from the top-level down in order to pass this exam.  I struggled a lot with this at first.

Boot-camp classes

My employer said they would give me a budget for training, but I had to choose where to go.  ISC2 has CISSP training partners and approved CISSP training programs that you can choose from on their website, and if you do a google search, there’s thousands of different places to train with.  I chose Training Camp for several reasons.  They were one of the only ones where the price was all-inclusive: training, books, meals, exam voucher.  The class structure was meet Monday through Friday morning and afternoon, with a special session at night covering the material from a different angle.  There was a last minute cram on Saturday morning, and the exam around noon.  They also have a convenient hotel package for add-on but I decided to make my own arrangements.  They were highly recommended from within my company, several of my co-workers had used them for training in the past.

How I did it

I chose a class in the DC area because my plan was that I would celebrate passing the exam by visiting the U.S. capital.  It was within the budget for travel, it was far away from distractions, and isolated enough that I could focus.  I chose a hotel about a mile away so I could walk in to class everyday and let the cold air wake me up.  This is obviously a personal preference, but I found the walk helped relax me before class.  I never had to deal with traffic and was early everyday.  I also never used my work laptop in class, I brought it with me for Op Sec though.

Great Instructor

When I got to class, i found out that our instructor was an ex-military older man with tons of experience at high-level information security decision making.  Just the perfect person to help me with the major issues I was having: my experience has always been doing grunt work/administrative work.  He was able to touch upon the major differences of the points of view that managers have versus the rest of us.

Most important lessons

Finally, he told us that if we weren’t sure of an answer, to go with our best guess but do not change it from that guess unless we were absolutely sure it was wrong.  No points deducted for wrong answers, answer every question.  The final tidbit of information was extremely valuable: They put in 25 test questions to see how viable new questions are.  These questions can sometimes be completely off the wall hard, and sometimes are too easy.  If you get one question that just seems ridiculous, it is probably a test question and don’t freak out.

Score went down, but then up

The first night of the training program, we took a practice test.  I had scored in the high 50’s just prior to getting there, but that night I dropped back down to a 52%.  I was appalled, felt that I had gotten worse, but the instructor said that their test’s are more like the real ones and harder.  He went over how most people can get 50-60% of the material on their own, and training classes give them that 15-20% boost to pass the exam.  By the end of the week I had gotten a 70% on the final practice exam.  The entire week I’d go grab dinner, go back to my hotel room and unwind for an hour or two, and then go back to studying.

Slaying the actual monster

What worked for me, might not work for you so you need to find the best way for you.  I decided going in that I would get through every single question without taking a break.  I marked all the questions I struggled with but still wrote down an answer.  It took me about 3 hours to get through them, and I took a break for about 10 minutes.  I went to the restroom, had a caffeinated drink, and lunch.  I went back over each flagged question, taking the flag off once I was sure or mostly sure of the answer.  Another 1.5 hrs had past.  I took another break for 5 minutes and went back in.  1.5 hrs left, i took another 45 minutes to go through the difficult ones a 3rd time, and than the last I believe 5-10 questions a 4th time.  After wracking my brain, I realized I had lost it and should give up on trying to be perfect.  The tidbit of ‘don’t freak out about test questions’ came back to me.  I was punched in the face by a really tough question and it was probably a test one.

I’m done, right?

Feeling like I had just completed a marathon, I raised my hand one last time to be exited out of the system and escorted to the printer room.  Nothing printed.  The lady told me that if it didn’t print, I’d have to come back and take the test again.  She promised me she would wave any fees.  I was beginning to worry, but she laughed and told me she’d go make sure my computer was properly exited.  It wasn’t.  The results printed and she came back to give me a hug, I had passed.  I then had to fill out an online form to apply for a ‘P’ portion of the CISSP.  I had to prove how my experience matched up with the domains.  They also ask fr contact information from my previous bosses to corroborate the experience.  Your experience throughout your entire career must equal 5 years from within any of the domains.  The experience doesn’t have to be security related to be included either.


This test is a beast and it is hard to pass.  I’m told many don’t pass it their first time.  Three people in my training class alone didn’t pass, but they didn’t come to the class properly prepared.  Study before the boot camp, most aren’t designed to get you there by themselves.  They are changing the test to a 75-125 question format instead of the old 250 question format.  This test might be easier, because there are less questions to answer.  This test might be harder because you can’t go back and double check an answer.  It might also be harder because each question holds more weight.

CISSP Story Part 1

Post Author: InfoSecJon

Info Sec Professional, Pen-Testing noob

Leave a comment or suggestion!