I passed my CISSP certification exam this week and submitted my supporting documentation to my endorser and the (isc)2 to complete the process.
Many people study diligently to pass it and this exam very effectively tested my comprehension of all domains of the Common Body of Knowledge (CBK) and the resultant implications of information security.
I used the Sybex book, CISSP Official Study Guide, and the accompanying online testing suite. I also used the (isc)2 official study/test app and PocketPrep’s CISSP testing app (among others I’ll not share). I’ve studied the Shon Harris All-in-One Exam Guide (an older version as this one is pre-production) and even the (isc)2 Official Guide to the CISSP Common Body Of Knowledge.
Overall I couldn’t tell how many hours I invested in studying specifically for the test but in the last week I took 3 days off work and spent all them plus nights and all the weekend in taking practice tests and re-reading sections where I either answered incorrectly or where I wasn’t satisfied with how easily the answer came to mind.
There are infosec professionals who decry the CISSP because so many people seem to pay their money for a bootcamp and then breeze through the certification. My story is vastly different from that. It’s taken me two decades plus to amass organic knowledge from experience related to dropping wire, setting up and administrating systems, writing software, working as an analyst and consultant, working with business continuity/disaster recovery, SDLC and red/blue team security.
Passing this is a badge of honor to me, validating that I’ve learned from the mistakes I made; that my understanding and views are accurate and effective regardless of the other viewpoints.
I am satisfied that I can use the principles I know to resourcefully find innovative ways to be successful in achieving levels of security appropriate to businesses and to lead companies in securing their people, processes and technologies, and offering demonstrable assurance to their customers, partners, stakeholders and auditors.