Post

How I Passed the CISSP Exam

Posted Updated
By Dario Trevino 4 min read

I Passed the CISSP Exam!

After months of studying, countless practice questions, and a lot of mental preparation, I’m excited to share that I’ve officially passed the Certified Information Systems Security Professional (CISSP) exam!

Why I Pursued the CISSP

The CISSP has long been regarded as one of the most respected certifications in cybersecurity. As someone who is serious about growing my career in information security, I saw it not just as a credential, but as a way to solidify and expand my knowledge across all eight domains of the (ISC)² Common Body of Knowledge.

My Study Journey

Study Duration: I studied for about 2 months of light studying and 4 weeks of putting in 10–20 hours per week. The final week was intense, I took the week off work before my Saturday exam to focus entirely on studying (basically 8 AM to midnight every day). It was the hardest I’ve ever studied for anything, but cramming everything into 4 weeks worked better for me than spreading it out over months. I’m glad I went all-in and crammed everything into a couple of weeks. It saved me from a lot of wasted time.

Preparing for the CISSP was no small feat. Here’s a breakdown of how I approached it along with my thoughts on each:

  • Thor Pedersen’s Udemy Course (10/10): This video series was fantastic. His voice felt a bit robotic at first, but you get used to it. I leaned heavily on the PDF study guides he provides and watched videos for topics I struggled with. I didn’t even have to take notes because everything was broken down in his PDFs. Highly recommend.

  • Quantum Exams (10/10): These were the closest to the actual exam format. They tested my patience and confidence but were invaluable. If you take enough assessments, you’ll start to get repeat questions, but that isn’t necessarily bad, just make sure you completely understand why the answer is what it is. There were some fancy words thrown in that I felt excessive, not sure why it would be designed that way. I took a ton of quizzes because I would take them after getting bored of studying. I’m proof that QE is harder than the exam, here are my scores:

    • Practice Exam: 50

    • CAT: 502.52, 659.86

    • Quizzes: (7, 5, 6, 3, 7, 7, 6, 6, 7, 7, 5, 4, 6, 3, 7, 6, 6, 6)

  • YouTube (9/10): I created a playlist of helpful videos. Pete Zerger’s Exam Cram + the 2024 addendum is a must-watch. I also recommend listening to Kelly Handerhan’s video on the drive to the testing center to get into the CISO mindset.

  • Grok/ChatGPT (10/10): I used AI to dive deeper into complex topics and create mnemonics for memorization. For example, it helped me break down security models in a way that stuck.

  • Pocket Prep App (10/10): This app was great for on-the-go studying. The questions are written similarly to Quantum Exams, and after a few quizzes, it highlights your weakest domains. I used it during breaks, bathroom trips, or when I needed a change from my usual study routine. I averaged 7/10 or 8/10 on most quizzes.

Your goal should truly be understand the concepts, not just memorize answers.

Exam Day Experience

I was nervous going in, especially after most posts saying they were scoring 800+ on their CAT exams. I purchased the peace-of-mind voucher, so I figured even if I failed, I’d gain valuable experience for my next attempt. The exam was intense and felt similar to Quantum Exams, with a few easier questions sprinkled in that boosted my confidence. I wasn’t sure if it would stop at 100 questions, so I paced myself to leave at least 50 minutes (1 min/question) in case I had to go all the way to 150. When I saw “Congratulations” on the results paper, I could’ve kissed the testing center staff. The hard work paid off.

Reflections and Advice

The CISSP is not just about technical knowledge. It really emphasizes thinking like a security leader, balancing business needs with security, and applying risk-based thinking. If you’re preparing for the exam:

  • Focus on understanding, not memorization
  • Think like a manager, not just an engineer
  • Practice reading questions carefully – many are designed to test nuance
  • Schedule your exam when you’re about 50% ready. This gives you a deadline to create and execute a study plan so you won’t waste time getting distracted while you’re supposed to be “studying”.

What’s Next?

Earning the CISSP is a milestone, but not the end of the journey. I plan to:

  • Pursue other certifications (OSCP, CISM)
  • After passing the OSCP I plan on enrolling in a graduate program
    • Either a MS in Cybersecurity from my Alma Mater UTSA, or an online MS in Cybersecurity like Georgia Tech.
  • Continue developing hands-on skills
  • Keep learning and giving back to the InfoSec community

Final Thoughts

I’m proud of this accomplishment and grateful for the support I received along the way. If you’re thinking about taking the CISSP—go for it. It’s a challenge worth tackling and a very rewarding accomplishment. Your future self will thank you for the hard work you’ll put into this exam.

Cybersecurity, Blog
Tech Cybersecurity
This post is licensed under CC BY 4.0 by the author.