CISSP EXAM AND CERTIFICATION

EXPLORING THE CISSP CERTIFICATION: HOW TO PASS THE EXAM

1. Overview

The Certified Information Systems Security Professional (CISSP) is the “gold standard” certification for advancing a career in Cybersecurity, which arguably is one of the most lucrative niches in IT. It easily ranks higher than other Cybersecurity certifications such as the Ethical Hacker (CEH), CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+), etc. However, it is not an easy exam to pass. This blog post will explore the CISSP Certification, opportunities, career advancement, demands, what you need to pass the exam, exam resources, etc.

It is important to note that the CISSP exam is not a beginner’s exam and will generally be more demanding than the other Cybersecurity certifications. Let’s begin with what the CISSP is all about.

1.1 What Is The CISSP?

The CISSP is short for Certified Information Systems Security Professional and is a certification that attests to your skill of designing, implementing, and managing the best-in-class security program. Much of it is also non-technical and is designed for experienced IT security practitioners.

The certification covers various security topics ranging from asset security to operations, governance, and many more. It is a vendor-neutral cert. developed by the  (ISC)² Consortium.

The CISSP is one of the most prestigious IT security certifications globally and ranks higher than other certifications in terms of demand by Hiring Managers. This certification will give you a huge advantage in your Cybersecurity job search.

1.2 Who Is The CISSP For?

The CISSP is not for everyone, it is a high-level exam, for Security Professionals at the leadership or managerial/executive level. It requires candidates to have 5 years of industry experience across at least 2 of its eight domains. It will prepare you for roles such as;

  • Chief Information Security Officer
  • IT Director/Manager
  • Security Manager/Auditor
  • Security Consultant
  • Security Architect

1.3 Demand and Salary for the CISSP

Data from LinkedIn, Indeed.com, and similar job listing platforms suggests the CISSP is the most-in-demand Cybersecurity certification(mid to top-level). (Security+ is usually for entry-level jobs, not necessarily Cybersecurity jobs, accounting for the relatively high number of listings) See tables below;

S/NSecurity CertificationsLinkedin Job ListingIndeed.com Job Listing
1.CISSP33,150 6,165
2.Certified Ethical Hacker CEH8,050 354
3Certified Information Systems Auditor (CISA)9,162532
4.CompTIA Cybersecurity Analyst (CySA+)4570
5.Offensive Security Cert. Professional (OSCP)1104
6.CompTIA PenTest+9940
7.CompTIA Security+59,2524,842
Data from LinkedIn, and Indeed.com job listing/demand for various Cybersecurity Certification, March 2024 (For the United States)

The average salary estimate for the CISSP (according to various job platforms like Glassdoors, and ZipRecruiter) is $140,000/ year and can be significantly higher depending on various factors.

1.4 Requirements for the CISSP Certification

The International Information Systems Security Certification Consortium (ISC)² – the professional body for the CISSP – requires candidates to have at least 5 years of relevant job experience to be awarded a full-fledged CISSP.

Candidates without such experience can go through the Associate Route, where you take the exam, and then gather industry experience in the various domains to be fully certified.

1.5 Cost of the CISSP Certification

The exam fee for the CISSP exam is $749 (GBP 585, or Eur 665). There is also an additional membership fee of $125 yearly for those who pass the exam.

2. About the Exam

The CISSP is different from most other IT exams, it is a difficult exam with a success rate of only about 20 percent for first-timers. You need to be aware of the details highlighted below to have a chance of passing the exam in your first trial.

2.1 CISSP Eight Domains And Exam Syllabus

The CISSP exam questions are based on eight “sections” called domains, each covering a broad area in cybersecurity. The different domains carry a specific weight (shown in the diagram below). A candidate must score above a certain threshold in each domain to pass the overall exam – at least 70 percent.

The Eight Domains of the CISSP

The eight domains and their weighted percentages for the exam are as follows :

  • Domain 1. Security and Risk Management 15 percentdownload pdf
  • Domain 2. Asset Security 10 percent Download PDF
  • Domain 3. Security Architecture and Engineering 13 percent download pdf
  • Domain 4. Communication and Network Security 13 percent download pdf
  • Domain 5. Identity and Access Management (IAM) 13 percent download pdf
  • Domain 6. Security Assessment and Testing 12 percent download pdf
  • Domain 7. Security Operations 13 percent
  • Domain 8. Software Development Security 11 percent

The full exam syllabus is available here

2.2 Computerised Adaptive Testing (CAT Testing)

The CISSP uses the CAT Testing system, which serves exam questions, it starts with the simpler ones to the progressively more difficult ones. The more you get it right at the initial stage, the higher your chances of passing the exam. Based on the algorithm, the CAT testing considers the ratio of the questions you got right vs those you got wrong.

There are currently 125-175 questions in the exam (before April 15th, 2024) for 4 hours. If you can pass the exam before the 125th questions, the exam ends, otherwise, it continues until you get to 175. Based on the CAT algorithm, you can also fail or pass the exam before you hit the 100th question. You also cannot go back to a question you skipped.

From April 15th, 2024, the CISSP exam will be 100-150 questions for 3 hours.

2.3 50 Pre-Test Questions

The Exam also comes with 50 pre-test questions included in the 125 mentioned earlier. These are questions that do not count towards your final score in the exam. (You also don’t get penalized for failing them). There is no way for you to tell which questions are pre-test and which are not. It is therefore important to pay equal attention to all questions and practice good time management.

2.4 Is The CISSP Difficult To Pass?

One of the reasons that make the CISSP one of the hardest exams to pass (20 percent success rate) is that the CAT testing systems find the areas (domains) you struggle with, and keep testing you on those areas.

It is important to be very knowledgeable in all the eight domains as weakness in one will potentially cause you to fail the overall exam.

2.5 Passing Score

The passing score for the exam is 700/1000. It demands that you are proficient in all eight domains of the exam. Although not explicitly stated, it will be difficult to pass the exam if you fail to meet certain minimum “passing standards” in any of the domains.

The exam ends when you score the minimum 700, this can happen even before you attempt the 100th question. Conversely, you fail the exam if the CAT algorithm determines early on that you are unlikely to score the minimum. Sadly, this can occur when you get the first series of questions wrong.

3. Essential Study Materials

For the best results in the exams, the following are useful resources and materials;

3.1 Recommended textbooks and reference materials

Some of the most recommended books for the CISSP exam are as follows;

  1. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 9th Edition – It is available in major bookstores. Author(s): Mike Chapple, James Michael Stewart, Darril Gibson. There are questions at the end of each chapter to prepare you for the exam. However, such questions are definition-focused, rather than testing your understanding of core concepts. You will need an additional question bank to make up for this.
  2. The Official (ISC)2 CISSP CBK Reference (Certified Information Systems Security Professional) 6th Edition (The latest edition as of 2024). By Arthur J. Deane, Aaron Kraus.
  3. Eleventh Hour CISSP®: Study Guide by Eric Conrad
  4. How To Think Like A Manager for the CISSP Exam by Luke Ahmed

3.2 Online courses and training programs

  1. One of the best Online courses for CISSP is available through Cybrary, Instruction by Kelly Handerhans. It is about the most recommended online video course. You can sign up for a free demo for details.
  2. Pete Zerger CISSP Exam Cram – A YouTube channel with much useful documentation in its description.
  3. Destination Certification CISSP Mindmaps playlist

3.3 Practice exams and mock tests (Question Bank)

Practice exam packages and software simulate the real exam. They help you prepare for various aspects of the exams; including knowledge of the exam topics, time management, emotions, etc. These are ethically-rated questions and are legal to use – unlike exam dumps.

  1. BOSON Exam Practice For the CISSP – This is one of the most reliable practice or Mock Exam. It simulates the style and difficulty of the real exam. Each answer they provide to a question comes with a detailed explanation and some reference material for further studies.
  2. CISSP Official Practice Tests 3rd Edition by Mike Chapel
  3. LearnzApp CISSP Exam Prep. – This is an app that comes with the CISSP Official Study Guide. It has over 5000 practice questions and 2000 flashcards

4 The CISSP Mindset – Think Like CISO

CISSP Mindset – Think like a CISO
CISSP Mindset – Think like a CISO

Passing the CISSP exam is not only about knowledge of the study materials but, more importantly about having the mindset of a manager. This demands that you understand the priorities, directions, actions, and steps you should take as an information security professional. Think like the Chief Security Officer. Remove your mind from too much of the technical items like how you configure appliances.

You cannot pass the exam without having the mindset of thinking like a manager – not like the technical guy. The exam questions will test your ability to think as a manager -not as a hacker or similar security roles.

Some of the aspects of this mindset include the following;

  1. Human life has the highest priority. Physical safety is non-negotiable, it is paramount.
  2. Your Role is a risk advisor – not to fix problems; you do not do hands-on, but you need to know enough about hands-on to give better advice.
  3. Think “end game”. what is the ultimate goal of any procedure? This should be reflected in your choice of answers during the exam.
  4. 100 percent security is impossible, strive for what security is adequate for the business. The cost of protecting an asset should be less than the potential for loss. Know the value of your asset- wholistically. Risk management will reveal the true value of an asset.
  5. Implement only Security should be legally defensive in a court of law.
  6. “Security transcends technology”, you should focus more on the principle of security, rather than technology, because technology may change, but the mindset does not change. Do not look for purely technical solutions.
  7. Senior management is responsible for the security of the business
  8. Security is not an afterthought, it should be an integral part of every process. It should not be something you add to your design later.
  9. Cost is an important consideration in any security, your security should align with the business
  10. Security should protect business processes and aid in the overall growth of the business.
  11. The approach to security should be a layered defense. Separate your trusted resources from untrusted entities.

5. Tips To Pass The CISSP Exam

Study tips for the CISSP exam
Be dedicated to a study plan

Some helpful tips for passing the CISSP exam are as follows;

  1. You must have a study plan that suits your schedule and stick to it. The CISSP is very demanding in the scope and volume of material you need to cover.
  2. Use the official Certification Guide (physical copy or digital versions) or good books for the CISSP. Most people who pass the exam use books as a part of their study resources. Books are helpful because they help you reference the various domains in the exam.
  3. Explore video courses such as those from Cybrary(see list above), notable YouTube exam channels (see recommendations above), and other online courses to give you a better understanding of the concepts
  4. Make ample use of Practice exam simulations and learn good time management. You have about 70 seconds per question
  5. Understand the CISSP exam mindset and always read the answers to a question multiple times before choosing the answer.
  6. Join an active CISSP Community – either on Reddit or Discord to learn from others
  7. It is normal to feel some level of anxiety when taking the exam, so take some mental breaks and try to be in a relaxed state, it increases your chances of success.

6. Conclusions

The CISSP is one of the best Cybersecurity certifications that should help advance your career in security-related roles. The certification has an outstanding reputation among recruiters, it can lead to a huge bump in salary.

To pass the exam, you should study adequately with a combination of study materials (a book, a video course, and a practice exam simulation). You also need to understand the “CISSP Mindset”- thinking like a manager- to pick the correct option in the exam.

READ: WHAT’S NEW WITH CYBERSECURITY IN 2024? TRENDS AND THREATS

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Verified by MonsterInsights