/r/cissp
This sub is for those that are pursuing the CISSP® and those that have taken the exam and wish to provide feedback on the study methodology and materials employed. This sub is not supported or managed by ISC2 or its affiliates. This is an unofficial CISSP® Reddit sub.
Information about experience requirements/endorsement/CPEs can be found at https://www.isc2.org/
A community dedicated solely to those studying for the CISSP and those that have taken the exam and wish to provide feedback on the materials and methodology used to prepare.
ABSOLUTELY NO EXAM DUMPS OR CHEATING RESOURCES. This will result in a permeant ban. This career, and especially the CISSP, is built on ethics.
Be professional. No personal attacks or name calling. This is a sub for professionals seeking professional certifications, and we should conduct ourselves as such.
All posts/topics should be relevant to the CISSP and (ISC)2. Off-topic posts will be removed.
Posts about study material sources should be about reputable, relevant, and legal study sources. Posts linking to sketchy or unauthorized sources for study material will be removed with a possible ban. Study material should come directly from publishers/authors, or from authorized resellers (tl;dr, no spam and pirating)
Low effort, spammy, or grossly incorrect and misleading posts/comments will be removed at moderator discretion Examples include: "CISSP is bad you guys should feel bad", "EXAM TIP #2 DON'T FORGET TO ANSWER A ON ALL QUESTIONS IF YOU DON'T KNOW IT", etc.
In general, you should conduct yourself as per the (ISC)2 Code of Ethics
The below resources have been vetted by the mods as being good resources for materials and study groups.
/r/cissp
Hi guys,
My exam's next Friday, and I took my first practice QE test yesterday—scored only 50%! Looking over it, I could've easily hit more than 60% if I could focus the whole time. I'm good for the first 45 questions, but after that, I totally tank (Reading a simple question 3 times). By question 80, I just want it to be over.
Given my limited time, could anyone please offer any advice or suggestions to help me improve my focus and concentration throughout the entire exam?
FYI I tried taking a break at Q 60 but I could not relax, all I could think of was getting back to the exam.
My previous roles were in Security Operations only, I was never part of a GRC team. Although I have gained knowledge about compliance from the materials I studied, Risk Management (RM) and Governance are still a mystery to me even after months of reading and studying CISSP materials.
Governance : The most basic definition I found is "the way rules, decisions, and actions are managed in an organization." However, how can we implement or achieve governance, and how can this be measured ? What documents should be created as proof that we have good governance ?
Risk Management : I'm aware of the steps, approaches, and framework names, and I can correctly answer all associated CISSP questions. However, I have no idea how RM is done in real life. Does the GRC team create a CSV file with every possible risk and guess the likelihood of occurrence for each? I also wonder what "following a framework" means in this context. I checked NIST SP 800-53 which is a 500-page document, and I can't understand what following it means.
Can you please explain to an implementation-focused technical person how Governance and RM are concretely done ?
Just wanted to thank this community for the resources, peace of mind and support along the way.
Background: around a decade in infosec across various domains. Have been putting this cert off for way too long.
Resources: Dest Cert Concise cover to cover 10/10
LearnZApp - used this for too long telling myself I was "studying" certainly not the only resource you can rely on, but decent for snack studying 7/10
Quantum Exams - bit the bullet last 2 weeks and grinded out practice test after practice test. Agree they are harder than the real thing, probably by design. Didnt agree with all the answers but its a fantastic resource. Note: I was consistently scoring in the high 50s, low 60s. Best result was 67. When I read average scores for QE that made me feel better, so dont worry too much if you feel you're scoring low. Resource will be even better with 1k questions and CAT - ty DarkHelmet - 10/10
50 questions on YT and Why You Will Pass - helpful in the lead up and free so recommend -8/10
Overall around 3 months of focused studying with a ramp up cram towards the end. It's a worthwhile process, felt there is a lot of knowledge I can apply to my day-to-day role. Good challenge to take an exam with my last being Sec+ almost a decade ago.
Exam stopped at 100, with 90 minutes left on the clock. Didn't feel comfortable during, as I felt CAT was feeding me a lot of questions from weak domains.
Thanks all, and good luck to all those scheduled soon!
I've figured out why the CISSP questions are so difficult. They are written with a double Rot13 cipher!
Hi everyone,
I’m planning out new content for my YouTube channel and would love to hear from this community. What topics from the CISSP exam did you find especially difficult to understand or felt you needed more resources for?
Whether it’s specific security models, cryptography concepts, or tricky exam strategies, I’d really appreciate your input. I want to be able to provides value to others preparing for the exam and so wanted to get some ideas from those of you that have been through it or are going through it.
Thanks in advance for sharing your thoughts!
Best,
Steve
I am using LearnZapp, 50 YouTube Questions, and Quantum Exams as my prep.
I studied intensely everything in LearnZapp to gain a baseline knowledge and I am at a 95% readiness, and I score consistently around 80% on all my practice exams.
The 50 YouTube questions I scored at 70% the first time taking it pausing the video.
Quantum Exams I am completely lost. Out of 50 questions, I only scored 10 correct. That would be a 20%.
With Quantum exams I am getting very confused, and I really need help. I feel like if I took the CISSP tomorrow I would 100% fail because of how I am interpreting the Quantum Exam questions.
I have ADHD, and studying and taking tests have never been easy for me. I was recently diagnosed and am now taking medication to assist with this.
I started this journey after spending 15 years in IT, where I've worked as a sysadmin, engineer, architect, and recently, a manager. Through these roles, I've touched on various aspects of each domain. While I thought I knew quite a bit, going through the CISSP domains made me realize I probably only knew about 50% of the material.
Knowing I struggle with reading-based studying, I needed to find a resource I could watch instead. I signed up for Dest Cert's master class and got started. Some topics along the way were tedious, and I really had to motivate myself to keep going, especially with subjects like cryptography.
At the start of the course, I booked my exam for December 20th, thinking "How hard can a multiple-choice exam really be?" As I progressed through the course, I realized this wasn't going to be easy, and reading Reddit stories made me nervous.
I struggled to finish the class, with motivation lacking through the tedious topics. Booking the exam turned out to be a pro tip – it forced me to reach the end because I had a hard deadline.
With a week to go and having just finished the course, I started reviewing, and my brain was overwhelmed. The day before the exam, I worked on mindmaps from Dest Cert, feeling even more overwhelmed – there were so many topics, and I wasn't retaining the process steps well. I attempted 30 Qantum Exam questions and scored 50%. I went to bed thinking "Oh well."
The morning of the exam, I walked my dog, then crammed a few mindmaps I hadn't reviewed while driving to the testing center. My brain felt empty, like a black void.
As I started the exam, I encountered some challenging questions, but nothing too difficult. Then it got harder, and I found myself reading questions three times. Although there was substantial text, it mostly focused on finding the BEST answer. With 120 minutes remaining and only being on question 33, I knew I needed to speed up.
Around question 40, something changed – I felt more relaxed, and the questions seemed easier. With 36 minutes left, I reached question 99. I completed questions 100 and it kept going, 101... I started wondering if they were actually easy or if I was getting them wrong. At question 103, the exam ended with 33 minutes remaining.
Yay I passed!
Surprisingly, there weren't many questions about defense-in-depth layers, VPN types, or the OSI model levels, cryptographic stuff. I had feared having to recite orders and model steps, but it was more about selecting the best answer.
I sort of feel disappointed - the questions were really not like Quantum exams (QE was much harder) and felt all that studying trying cram different orders and methods of different things didn't really matter. Also "think like a CEO" advice didn't really come into play as much as expected.
Or maybe because I did cram and did go through everything and that is what allowed me to pass, but I feel the questions on the exam were not as comprehensive of all the subjects as they should of been.
My main tip is to read each question three times before looking at the answers. Determine what the question is actually asking by identify the key words.
However, the CISSP certification has made me a better security professional. I now understand more concepts than I did before and I'm certified member of the community.
Thanks all!
Tldr: passed at 103 with 33 minutes remaining - felt the exam wasn't as comprehensive of all the domains as it should have been.
Does the ISC2 accept the CPEs earned through completion of free Cybrary courses? Has anyone ever reported Cybrary CPEs?
I bought the Destination CISSP book back in April, but with work commitments piling up, I kept pushing off my study plans. It wasn’t until November that I decided to get serious and purchased Peace of Mind (POM) to hold myself accountable.
Here’s a breakdown of the resources I used and my approach:
Study Materials:
Destination CISSP - Read this book three times. Honestly, it’s concise and gets straight to the point, which really worked for me.
Learnzapp - Didn’t find much value in this one, personally.
Quantum Exams (QE) - This was the game-changer for me. QE trained my mind to focus on keywords in the questions and helped me narrow down the right answers efficiently.
Key Takeaway: When it comes to the exam, don’t overthink it. Just answer the question. Focus on what the question is actually asking and use logical reasoning to eliminate distractors.
For those prepping for CISSP, trust your study process and don’t second-guess yourself too much during the exam. You’ve got this!
Obligatory passed at a 100 post, but I did want to give a big shoutout to John, Rob and Lou from the DestCert team!!
Out of all the materials used, their program was hands down the best. Videos are engaging and detailed without being dry. Not cheap, and my company did pickup the tab, but if you have the means (or a corporate training budget) I can’t recommend them enough.
Happy Holiday to everyone still studying, you’ve got this!
I'm reading the OSG and studying the practice test questions. For those of you who have passed do you think these practice questions are good? tvm ia. DG
I passed at 100 Q and had over 100 minutes remaining.
Now, I’m surprised I passed - and why was I so fast?
I started studying in August 2024 (study materials listed below). My plan was to go hardcore on my studies one week before the exam, cram as much as I could, and focus on my weak areas. However, life had other plans. Without going into too much detail, about two weeks before my exam date, a life event completely disrupted my routine and severely affected my mental health—it basically went out the window. As a result, I didn’t touch the study material at all during the two weeks leading up to the exam.
On exam day, I had to travel about two hours to reach the test center.
All I wanted was to finish the exam and get back home as soon as possible. I arrived early at the testing facility but wasn’t allowed to start until 30 minutes before my scheduled time. After what felt like waiting an eternity, I finally got to sit the exam. My anxiety was through the roof—caused more by the life event than the exam itself—and all I hoped for was that the exam would stop at 100 questions. Whether I passed or failed, I just wanted it to be over.
When answering the questions, I selected what I believed to be correct. If I had doubts, I might have read the question one more time at most, but then I moved on, remember, I wanted nothing more than out of there and to go back home.
The exam did stop at 100 questions, and my first thought was, "I couldn’t have done that badly, right?" I got the printout and... Congratulations!
Passed at a 100 qs with 90+ minutes remaining. For background, I've been in cybersecurity for 5 years (mostly SOC and some compliance work). Also have an MS in cybersecurity and 8 other certs (CompTIA and SANS).
As others have said, the CISSP is not nearly as technical, as say, the CASP, which I passed earlier this year. But I also don't think it's "managerial" either IMO. I think it's in a murky gray area. None of the "think like a manager" things really helped me.
What it came down to was reading and re-reading the questions over the over again to figure out which answer applied the best.
I'm happy I passed (obviously), but I think it's kind of a crappy test and totally see why people fail.
Resources I used:
Official Study Guide: as dull as it can be, it was still super useful in helping me shore up areas I didn't have direct experience with.
PocketPrep: got through all 1000 questions, and then reattacked weak areas over and over until I had a 90%.
"Inside Cloud and Security" videos on YouTube: Great as summaries and for convenient review.
To be fair still don’t understand how I passed. Didn’t feel good about any of my answers and was not surprised when it stopped at the 101, but very surprised that I got the provisional pass.
Best resources for me: Pete’s CISSP exam cram -YouTube Mike’s CISSP bootcamp - perceptio Mind map videos - YouTube
Exam prep questions -quantum exam by faaaar Pocket prep in the beginning
Good luck all
Background: Over 10 years experience in IT and security. Passed the CCSP back in August and decided to go for the CISSP.
Materials: Mike Chaple LinkedIn Course, LearnZapp ( 77% readiness), destination certificatation mind maps,, 50 hard questions and Peter Zerger exam cram. I have also looked at Adam Gordon's question of the day.
For me the must useful tools were the Miike Chappel course and the LeanZapp. It helps that I am used to many of the concepts.
I don't like reading so I subscribed to Audible and got the OSG audio book that I listened to while commuting.
Exam Experience: It was brutal and at no point did I think that I will pass. From my experience, think like a manager is overrated and I found the exams to be more technical that I expected. For example several questions asking for technical details of protocols. Therefore, for those preparing please know the details and how protocols work.
All credit goes to u/neon___cactus for their original AMAZING post (Here's my collection of the memorization techniques and assistants I am using for the CISSP. Please share your techniques! : r/cissp). I used this to help prepare for and pass my own exam two days ago, and it was incredibly helpful. (My experience linked here: Passed at 100Q in 2 hours—my story (long post warning) : r/cissp)
So, I'm adding a few additional ones I modified/came up with that helped as well.
Hopefully this is helpful!
--
Quick, Cliff's Notes-version in concise form. The version from u/neon__cactus is great, but I used these to make sure I remembered everything.
Using visual storytelling helped me immensely for remembering all of these details. Give it a try!
Use a visual story for this one, too!
Another visual story: imagine you're building a pillar ("PILAR") to hold up your organization, with each step relating to a critical action:
--
As u/neon___cactus said in their post, please add your own methods in the comments.
Thanks so much for reading and contributing, everyone!
Hello Everyone!
I just wanted to share that I provisionally passed CISSP this week on my first attempt.
100 questions and 40 minutes remaining (not a native English speaker and slow test taker). I studied for 5 months (2 months intensively).
Background about me: I have a degree in Electronics Engineering and a total of 10 years of experience in IT, a combination of Networking, Security, and Cloud (mostly Operations). I decided to push for CISSP way back in 2019, but COVID happened, and lockdowns and all meant I wasn’t able to focus on studying. Fast forward to August 2024, I decided to push and become CISSP-certified.
my old post 6 years ago:
https://www.reddit.com/r/cissp/comments/azivbl/is_it_possible_to_pass_the_cissp_exam_in_2_months/
Prep and journey
Hardest part of me is the switch of mindset from a technical person to CISSP. I used up my first 2 months in prep learning the scope, topics on each domains and mindset. I thought, changing mindset is one of the most difficult part for me.
3rd month, I focused on each domains deep dive, i identified which domain is my weakest and most comfortable (my weakest was 1 and 8 and comfortable were 4 and 7 others are on par). One thing for sure while learning/studying CISSP is that most of my company's management team has started to make sense on their decisions, how they run things, bcp, audit etc. before, i didn't understood it, just blindly follow what is instructed to me. Gaining these knowledge from studying alone is super beneficial.
Here are some of my resources:
Quantum Exam - This is a game changer. If I had to choose between Peace of Mind and QE, definitely QE (but I ended up buying both, lol, though I bought POM first).
LearnApp - Bought a 3-month subscription; exam readiness was 55%, but I didn’t complete this since I used it mostly for flashcards. I focused on QE.
Mike Chapple’s OSG and LinkedIn Learning materials.
Thor’s Udemy and Practice Questions.
Luke Ahmed’s book and study notes.
Kelly’s “Why You Will Pass the CISSP Exam.”
Pete’s Exam Cram + Addendum (I was lucky enough to join his last live 100 Questions) + Last Mile.
Prabh’s coffee shots and snacks.
Prashant Mohan’s Memory Palace.
Destination Cert - MindMaps (printed these) and Concise Guide Book.
50 CISSP Hard Questions.
Exam Experience:
IT WAS BRUTAL! CAT WAS BRUTAL, but yeah, it’s doable. Early on in the exam, I felt exhausted, mentally and physically drained. At question 25, I felt like I just wanted to end this exam and move on. I already thought about which topics I was weak in and needed to study because CAT was a mofo that can smell your weakness. Please hydrate, make sure you're on your best shape.
Exam questions were vague and crazy. QE is the closest practice question I did in terms of wording. I did thousands of practice questions, and none of them—nada, null, zero—was repeated. Also, try not to JUST memorize the process/steps. Understand and learn it by heart and JUST ANSWER THE QUESTION!
Lastly, you will never know when you’re ready. There’s no indicator of exam readiness. Go back to your notes and mind maps and see if things are making sense. If you’re able to explain the RMF, Incident Response, DRP, and BCP (and many more), you’re on the right track. Be open minded The exam is not just about knowing how things work; it’s about how you apply them in a scenario, testing if you really understand it.
You can do it!!
edit: added my reddit post 6years ago
Has anyone used Percipio to study for CISSP? Was it enough to pass or do they fall short? I have free access to Percipio modules through my work. They have a channel for CISSP. I just started watching the videos. I've used Percipio to study for Pentest+, Cloud+, and Security+; their modules were all I needed to pass those. I also have Linux+ and A+ certs.
I posted this in here because it seems to be where Quantum Exams is discussed the most. Does anyone know if there are plans to add other exams to QE? I already hold CISSP, but have not yet got to CCSP, which I anticipate. Would be curious to know if there are plans to develop material for other exams, even if only ISC2.
After all comments received yesterday, when i posted my failed 3rd attempt, someone messaged to offer to write the exam for me....I told them no of course but be careful out here.
I appreciate all your word of encouragement and everything and I hope I can do better next time.
For anyone taking this exam, please do review the materials from different sources as I can tell you some of the exam questions I saw are almost not in OSG, Concise destination guide or any practice exam I did thousands of but figured these words are in CBK.
If you've only used video to prepare please reconsider going through different sources and this advice align with Luke ; how to think like a manager " I watched his video 2 days to my exam. If you have not look at different Preparation guides and your exam is close I will suggest to reschedule - I should have done this myself.
Knowing the material is different from the wording of the exam. Exam is worded in a way that you would questions yourself.
I'm convinced that isc2 use algorithm to pick questions from different sources there is as per my exam there are way too many questions that seems new to me.
Please take this advice and thank me later. Bye for now.
As I check my gmail I seem to have created an account in 2021 to attend a ransomware training. I have credentials saved in my password manager and obviously those does not work now and prompts me to:
I attempted to "Forgot Password" multiple times, yet I do not get any email from ISC2 (checked spam and everywhere). I also see that there are two different login panels, Login and Login | SSO. The former throws above error and later errors out with the message Your access is disabled. Contact your site administrator.
I see that were was SSO/Login related changed happened in 2022 which I did not follow most likely.
I presume the only way to get hold of my account is contact and seek help ISC2 admin. But how do I do that when I am not getting any emails email to my email which was used for ISC2.
What has happened to my account and what's the process to get it back? Help me out here.
P.S. Dont have any filter email rules with isc2.org
Hi friends,
I was wondering if we have to get into the technical details for numerous topics :
Kerberos working and architecture (how tickets are generated)
SQL queries?
ACL?
IP headers?
IP addressing and subnets?
Passed my CISSP three years ago and wanted to reach out for any insight or what to expect...
Had a boot camp about a month ago, but remember very little.
Thoughts?
Just passed the test! So glad I’m done with this. been studying since august and all the hard work payed off! Im going to be honest I thought I failed for sure plus my time management was horrible lol. It stopped me with about 3min left and I was at 122 questions lol. God is good, I’m off to celebrate with the fam. Thank you all for your guidance and support I really appreciate it, below you’ll find my study resources.
Pete Zerger 10/10
Dest Cert 9/10
OSG 8/10
Quantum 9/10
Boson 8/10
Cybrary Kelly henderhan 8/10
Pocket prep 7/10
Anyone have any opinions regarding CompTIA's CASP exam vs the ISC2 CISSP? Thank you in advance.
My preparation for this was all over the place. I had to hurry and schedule a date because my voucher would have expired at the end of this month. They had either last week or today so I chose today and just powered through Boson test questions, Destination Certification’s CISSP mind maps, and Pete Zerger’s videos. So glad to have accomplished this. I currently work as a SOC Manager so this is a huge win for me. Good luck to everyone who is going to be testing soon or down the road!
I passed at 110 questions. I honestly thought I was doing horrible. So I was VERY happy to see the pass.
I need help please....my 2nd attempt was in August and study my heart out this time...used all recommended resources QE, concise destination guide and everything on YouTube but I found myself guessing throughout the exam as I was throw off with the wording of the questions.
Please help me with any resources you could help with....
My background: 16 years in IT (network and security architecture/engineering) and 3 years in vendor-side cyber security presales engineering. My undergrad degree was a Bachelor’s in filmmaking and visual effects, so all my experience has been self-taught, certification-driven, and continuing education through various resources. No prior cyber security certs.
My preparation was very similar to others here (ratings at end of each line):
—
“Everyone has a plan until they get punched in the face.”
I stared at question 1 as Mike Tyson’s words echoed through the room. My entire body had sunk into a puddle on the floor. All my preparation, all my practice, all my memorization, all those long hours of study—had they somehow given me the wrong exam here?
How could I have prepared so hard and still feel like I’m staring at material I’ve never seen before? It didn’t make any sense. I stared at that first question for what must’ve been 3 minutes until Andrew Ramdayal’s words kickstarted my reasoning processes to pick the best answer. Worse than the shock and dismay over the stunned reality of question 1 was the prospect that I had 99 more questions like this, at a bare minimum. That was the worst feeling of all.
But, like many of us have done, I swallowed hard, tried to steady my shaking hands, and leaned forward to hone in on keywords, remembering to make no assumptions, and picking the best answer.
As I went, I used the on-screen calculator to assess how I was doing for time. 1.5 mins per question. 1.3 mins per question. 1.7 mins per question. This was nerve-wracking, but necessary to make sure I was keeping up with the clock.
Some questions—maybe 5 total—triggered an immediate response: “it’s definitely that answer, but let me re-read to confirm.” The other 95 might as well have been questions I’d never seen before.
I spent 18 months preparing off and on, and then got serious in the last 3 months after booking my exam date. The material on its own was difficult. But the exam was, by far, the hardest I’ve ever taken.
“Why does this feel so impossible?” I thought as I stared at the endless march of ruthless assaults on my knowledge. Reflecting 12 hours later, I realized it was because this exam doesn’t test your knowledge of the domains in a direct recall sense. It tests your ability to apply that knowledge to scenarios that you cannot possibly prepare for ahead of time.
At the end of the day, here’s what I learned—because taking this exam was a brutal “learning experience” in (1) how to master concepts far beyond most certification requirements, and (2) how to critically deconstruct concepts with the clock ticking down well beyond the material. And that, my friends, is why this certification is so prestigious: you cannot memorize your way through, you cannot brain dump your way through, and you cannot just “wing it.”
So what do you do, if you’re preparing and haven’t yet sat for the exam? Don’t let my experience get you down. In the days before my exam date, I scoured Reddit searching for exam experiences—good and bad—and I wish I hadn’t done that, in retrospect. It psyched me out, making me second guess how prepared I was.
The truth is that you will never be 100% prepared. There’s no possible way—unless you’re a biological LLM or Lt. Cmdr. Data—to store and then apply every concept in the OSG. But you can take this exam, and you can pass. If I can do it, you can do it too.
My advice is:
Finally, my sincere and heartfelt thanks to:
Thank you again, everyone. Happy Holidays, Merry Christmas, Happy Hanukkah, and any others I’m forgetting.
Wishing you the very best success as you study for and ace the exam!
--
EDIT: Thank you so much for the support and feedback, everyone. I so appreciate it. I'm adding links to the resources I used at the very top, in case they're useful for future CISSP candidates.
EDIT 2: Wow, my first ever awards! Thank you so much, kind friends! 🙏😁
EDIT 3: I posted some additional memorization and study techniques alongside the ones from u/neon___cactus: Additional memorization techniques for studying : r/cissp
Though I passed my first try, CISSP was very hard for me. With that in mind, what do you think I would probably think of the preparation and actual exam for CCSP (I have minimal direct cloud experience, but would qualify to sit the exam) or for CISA (no direct auditing experience but more interested in it than cloud)? I'd do a bootcamp for either one but want to minimize my outside prep (which was massive for CISSP). Any polite thoughts welcome :-)