This story started almost a year ago when one of my friends left the company we were working for. It left us open to needing someone to handle the day to day security items in a management level role. While I wanted to take on the role myself, I just didn’t quite have the experience or requirements they were looking for at the time. After talking with my boss, we determined the path I wanted to take my career and he pointed me towards getting the CISSP. After all, I already have many years of experience working in DevOps and as a Systems Administrator, why not move into security?
This test is much harder than I ever expected it to be. Even after reading the entire official study guide and the official practice test book, which are way too big in my mind, the CISSP was a huge undertaking. For those who don’t know, the CISSP (at the time I took the exam) is a minimum of 125 questions and up to 175. It is an adaptive test, so there is no going back to questions later. This means you have to get the question right the first time, and each question will have multiple correct answers, but which one is the MOST correct? The test is broken up into 8 different domains, each of which you must have a passing score of 70% in each domain to pass. You have to pass each domain, even if you finish the entire test with 80%, if one domain is below 70%, you fail. Plus it is very expensive to take the exam and you don’t get a refund if you fail. Talk about a stressful 4 hours!
In the beginning I studied for a couple hours a night and about 3 times per week, but when I started getting to October I realized if I wanted to take the exam before the Holiday’s I would need to pick up the pace. I started to study every day, even on the weekend for hours each day. Taking practice exams, watching videos (YouTube has lots of good videos that cover the CISSP and other exams as well), and doing additional training exercises on a class I picked up on Udemy. It all came down to the wire. Here I was, test scheduled, only hours to go. I was still studying into the night trying to get as much information crammed into my head as possible. Trying over and over again to remember things I knew would be on the exam.
Finally, the day came. I got up early to get my body going and all woken up, kissed my wife and child goodbye and drove off to the testing center. After a lengthy check in process (they really want to make sure you are who you say you are and that you’re not trying in any way to cheat), I was finally sat down at the computer to begin my exam. Now I won’t be talking about details of the test, I won’t even say what types of questions I got, but lets say it was very encompassing of all 8 domains. When I finished all 175 questions I thought for sure there was no way I was going to pass. After all, I’ve heard that less than 20% pass the exam their first time. I just love how they don’t tell you and you have to checkout at the front desk to get your pass/fail report. What a shock to my system when I read the first word on the paper “Congratulations!” I almost fell to the floor I was so shocked. Sure I had prepared well for the exam, but others I’ve taken and passed historically I’ve had to take more than once.
So here I am, with a pass, I’ve received my CISSP certification, it is done. Now I’m going to try to return to a normal life of not studying all the time and lets see where my career can take me now.