Preparing for the CISSP Exam

Get ready for one of the toughest exams you'll ever take

Student studying at a table
Hero Images/Getty Images

The CISSP certification is considered to be the gold standard of professional individual certifications in the field of information security. A quick search of or Careerbuilder with the keyword "CISSP" will likely reveal several hundred jobs posted by employers looking to hire people with this certification.

The exam itself is a 6 hour, 250 question mental endurance challenge. It covers a mountain of knowledge divided into 10 security topic domains.

Is the CISSP an excellent gauge of how smart a security professional is? No, but it does show that whoever passes it took the initiative to learn a very broad base of security knowledge and learned the material well enough to earn a passing score on a fairly intense, lengthy, and expensive exam.

Unlike some professional IT certifications, the CISSP does not focus on a particular product or technology that might become outdated. The CISSP test bank is also constantly updated to remain relevant. Some government and commercial employers even require that prospective hires obtain the certification as a prerequisite for certain jobs.

If you've made the decision to pursue this certification, you need to make a substantial commitment to studying for it unless you want to throw your money out the window. I've taken and passed this exam and I can tell you that, while it is difficult, it is definitely achievable.

Everyone learns differently. What works for one person might not work for someone else. There are many excellent "boot camps" taught by many different vendors for people who have the time and resources to attend such things. If you are like me and opt for the self-study route, here is my recommended approach to preparing for the CISSP:

Set a Test Date and Pay for the Exam.

Until you fork over actual money to pay for the test, you will not likely mentally commit yourself to preparing for the exam. I put off taking the exam for over a year. I would always make up some excuse until I finally decided I would never be serious about it until actual money was at stake. Once you pay for the exam and have a test date you have a vested interest in achieving the goal.

Setup a Preparation Schedule.

Set a time each day devoted to test preparation whether it be for reading or taking practice quizzes. Focus on studying a different domain each week if possible.

Obtain More than One Preparation Book.

There are tons of different books on preparing for the CISSP exam. You should definitely purchase the Official Guide to the CISSP CBK as it is ISC2's authoritative source on all test material. Some other highly rated resources include the Shon Harris CISSP All-in-One Exam Guide and the CISSP Prep Guide from Krutz and Vines. These guides are usually updated regularly so make sure you check that you are buying the latest version of the book so that you don't study outdated material.

Take Practice Quizzes

One of the best sites for CISSP study related material is hosts the CCCure Quizzer which allows you to take practice tests on the CISSP material. You can choose the length of the practice test you want to take as well as which topic domain or domains you want the questions to come from.

Access to the site is free, however, members using the free option are limited to a 25 question test length, only have access to 25% of the quiz bank's questions, and don't have the ability to save their progress. If you opt to pay for the non-free option, you can enjoy the entire quiz bank as well as progress tracking and full-length quizzes.

The CCCure quiz bank is well maintained to ensure that the material is accurate. Most all of the questions provide direct references to where the material is located in many of the more common prep guides. They also provide definitions to terms related to the questions. I have never seen a more thorough quiz site. Try the free questions and you will likely end up purchasing the full experience.

When you are getting 85-90% correct in each domain in the "pro" mode, then you are almost ready for the real thing.

When you think you have mastered all the 10 CISSP domains required for the test, consider paying for ISC2's official Self Assessment (studISCope). The cost starts at $129 for a 100 question practice test. You can opt to purchase additional tests as well. The test will provide you with a pretty solid gauge of whether you are ready for the actual exam or not. The feedback will also provide you with the areas you need to focus your test prep on.

Prepare Your Body For the Test.

This is a six-hour exam with no scheduled breaks. You can go to the bathroom (one person at a time) and go to the back of the test area to have a snack, but that's it. You need to prepare your body to be sitting for an extended period of time. Your goal should be to make yourself as comfortable as possible while taking the test.

Eat a good breakfast on the day of the exam, but don't eat anything that is going to tear your stomach up.

Bring a coat (even if it is summer) in case the test area is very cold. You can't focus if you're freezing for six hours. Bring a bottle of water and a light snack. Bring earplugs in case the area near the test is noisy.

If you fail the test, don't give up. Many people fail this exam, sometimes 2 or 3 times before they end up passing it. Don't become discouraged. Focus on the weak areas identified in your score report and give it another shot.

One of the domains that people have the most trouble understanding is the encryption domain. Check out my Encryption 101 article for some advice on how to have fun learning about encryption.

To find out the full details on the CISSP exam you can visit ISC2's website and check out the candidate information bulletin.