By Dwayne Natwick, CISSP, CCSP, CGRC, CC, ISC2 Authorized Trainer, author, and product manager with 30+ years of experience in the IT industry
You want to take the CISSP exam with the hopes of getting ISC2 Certified Information Systems Security Professional (CISSP). So, what are the best ways to prepare for this exam? People prepare and learn differently. You may prefer a study guidebook, you may test your skills through on-demand courses and quizzes, or maybe you prefer preparation through a full instructor-led training course. Whatever your preference, this article will provide you with some of the tools and materials that you can use for your exam preparation.
Who should take the CISSP exam?
The CISSP exam is ISC2’s flagship certification and is recognized throughout the world as one of the top, if not the top, vendor independent certifications for Cybersecurity professionals. It has a strong basis on National Institute of Standards and Technology (NIST) documents, but you need to also understand various International Standards Organization (ISO) and other local security and privacy standards when preparing for the exam.
Though this exam references U.S. government frameworks and methodology for cybersecurity, the knowledge gained through preparing for this exam is transferable to other country governments and within private industry. The basis of this exam is to have the exam candidate begin to go through the thought process that is required from a C-level position within an organization.
The requirement for obtaining the certification is five years of experience working within two or more of the CISSP domains. If you do not have this experience, you will be named an ISC2 Associate for the credential until you can attest to the required experience.
Even if you do not have the required experience, the CISSP exam is worth taking for anyone that is involved in cybersecurity design, implementation, and operations. If you are involved in security and privacy controls, the knowledge gained through preparing for this exam is transferable to your profession.
How do you prepare for the CISSP?
There are options that you can consider when preparing for the CISSP exam. Since ISC2 exam success does carry a considerable amount of respect within the industry, you want to do your best to ensure success. You should take your preparation seriously and utilize the resources that are available. All relevant documentation is available online at no cost and is a great place to start your preparation. Lists to these free resources are listed at the end of this article. While preparing for your exam, you can connect with others in the ISC2 Study Group on Community. ISC2 has provided some great tools that are fiscally responsible for you as the candidate. These are outlined below.
CISSP Skill Builders
Skill Builders are a new method for accelerating your skills. ISC2 has the Cybersecurity Leadership Skill Builders to build CISO skills for the CISSP exam. Anyone can access the Skill Builder courses and ISC2 Members can complete these courses at no charge. The Skill Builder courses are new and are continuing to be added to the ISC2 training catalog.
The Skill Builder courses provide a helpful start to your exam preparation. They are a great path to begin and then move to the certificate path of Risk Management Practitioner.
Certificate course for CISO
ISC2 launched the professional certificate programs in early 2023. These courses provide CPE credits for completion and are an on-demand method for preparing for exams. The CISO Leadership certificate program covers information that will help you to think like a CISO as you prepare for the CISSP exam. The interactive nature of this certificate path is very well done and creates an interactive experience.
Existing credential holders will receive CPE credit for completing these courses, and everyone that completes the courses and passes the final quiz with a 70% or higher will receive a Credly badge for each course.
The CISO Leadership courses provide NIST documentation and interactive scenarios that can be applied to your CISSP preparation. Finishing the CISO Leadership certificate path helps you prepare for the CISSP exam while also allowing you to earn badges and certificates to increase your credibility.
ISC2 authorized instructor-led and on-demand training
You may be someone that prefers to hear an instructor’s perspective on the material with their real-world examples and experience. Interaction that is part of an instructor-led course is an invaluable way to prepare for an exam and to learn the application of the concepts. ISC2 has developed an in-depth course for the CISSP exam with exercises, flashcards, and a helpful student guide. ISC2 Authorized Instructors deliver the material with a focus on what is needed to pass the exam, while also preparing you for the use of the framework and guides. The assessment questions at the end of each domain and the final assessment provide a simulated test scenario that prepares you for what to expect when taking the exam.
You may not have the time or ability to attend a live or virtual training. ISC2 has an on-demand course that is delivered by ISC2 Authorized Instructors. This on-demand course is the same material that you would receive with a live course, but you can take it at your own pace. The same student guide, exercises, flashcards, and assessments are included in the on-demand course.
Attending a training course of any kind with an Authorized Instructor will help you with your preparation and understanding for the exam. Do not get too focused on the practice assessments. Take them to test your knowledge and identify areas that you need to improve your level of understanding. Be cautious that taking a practice assessment multiple times may lead to you memorizing the responses rather than learning the concepts. The CISSP exam requires an expert level of understanding for various standards and regulations, and how to manage the security of information systems from design, implementation, and disposal. The relationship between steps, tasks, and roles are necessary to pass the exam.
Taking the exam and what you do after you pass
ISC2 has not adopted at-home proctoring of your exams. You are still required to go to a testing facility for these exams. You should choose an exam location that is comfortable for you to travel to and leave early enough to find parking and get checked in. Follow the directions that are provided by the testing facility, take the exam, and then find out your results. After you pass the exam, you will need to have an ISC2 credential holder to endorse your experience. If you do not have an endorser, you can request that ISC2 assigns an endorser. After your experience has been endorsed, your application will be reviewed by ISC2. It is exciting to pass the exam but understand that it may take 4-6 weeks for the application to be approved and you receive the official certification.
Now that I have the CISSP, where do I go now?
As stated at the beginning of this article, the CISSP is ISC2’s flagship certification. Over the years, they have expanded this certification to include concentration paths. These include the Information Systems Security Architecture Professional (ISSAP), Information Systems Security Engineering Professional (ISSEP), and Information Systems Security Management Professional (ISSMP) that can be added to your CISSP credential. There is also the Certified Cloud Security Professional (CCSP). Having the CISSP and passing these exams allow you to simply verify your CISSP when completing your certification application.
Use these tips and you should be successful in your CISSP exam. Good luck! Once you pass the exam and become fully certified after the endorsement period, you can join your fellow certification holders in the CISSP Certification Group on the ISC2 Community.