Others

First Step Towards CISSP Certification: A Practical Starter's Guide

Anil K··5 min read
#cissp#certifications#isc2#information-security#career#study-guide#exam-prep#cybersecurity
Stacks of cybersecurity study books next to a laptop, suggesting CISSP exam preparation

Note: The information below reflects my experience sitting the exam around 2020–21. Exam mechanics (CAT, question counts, endorsement) are broadly the same, but always verify the current details on the official (ISC)² CISSP page before you book.

CISSP introduction

CISSP — Certified Information Systems Security Professional — is considered the gold standard when it comes to IT security certifications. The certificate is offered by (ISC)², an international non-profit organisation. CISSP is consistently regarded as one of the most valuable certificates to hold across industries, especially in finance, banking, and healthcare.

The primary objective of CISSP is to evaluate the candidate's knowledge and competence against a standard accepted by most industries. It's one of the globally accepted certificates, and holding it builds higher confidence while interacting with customers. The certification also meets ISO/IEC 17024 standards.

While studying you will discover and touch almost all fields of the IT security business — networks, PKI, assets, risks, physical security, and many more. The certificate is best suited for candidates at mid to senior job profiles.

Prerequisites for CISSP

There are very limited prerequisites for this certification, unlike others:

  • At least 5 years of full-time IT experience
  • Experience in 2 or more of the CISSP domains
  • A 4-year graduate degree or equivalent education

If a candidate doesn't have the required experience, they can opt for the Associate of (ISC)² path and earn the full CISSP once they meet the experience bar.

CISSP core domains

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

Study and reference materials

During my early preparation time, it was quite cumbersome to find the right materials to refer to — everyone had a different opinion on study material. After struggling for a while, I found the following set was more than sufficient if you already hold some experience in IT:

  • CISSP Official (ISC)² Study Guide — the canonical reference, dense but complete.
  • Eleventh Hour CISSP — excellent for the last two weeks before the exam.
  • Sunflower Document (community summary circulated widely online) — great for quick revision.
  • PocketPrep CISSP Mobile App (paid) — the best question-bank I used for commute-sized practice.
  • Kelly Handerhan's CISSP course on Cybrary — free, and arguably the single most useful resource for shifting from "technical" thinking to "manager" thinking.

Candidates often underestimate topics like physical security, building structure, and locks. Be thorough with those areas as well — they show up more than you'd expect.

Exam details

  • Exam time: 180 minutes
  • Passing mark: 700 out of 1000 points
  • Total questions: 100 to 150 under the current adaptive format. Target is roughly 100 questions in around 2 hours.

Alpha strategy for exam day — a must-read

  • Read every question twice and remove the clearly incorrect answers first.
  • Simple, direct, fact-only questions are rare. Most will test judgement, not recall.
  • When answering, think like a manager, not like a technical engineer. The "best" answer is usually the one that aligns with risk, policy, and due diligence — not the most technically clever one.
  • The exam is delivered as a Computerised Adaptive Test (CAT). The next question is chosen based on how well you answered previous ones. Don't second-guess the algorithm — just answer each question on its own merit.
  • Read each question thoroughly and watch for qualifiers like best, most, least, and worst. A single word changes the whole context.
  • Expect scenario-based questions — typically 3–4 questions built on the same scenario.
  • It helps to know penetration-testing tool names and what each is used for (nmap, Nessus, Burp Suite, Metasploit, etc.).
  • Questions can be single- or multiple-choice. Be prepared for a few drag-and-drop items too.
  • Abbreviations are expanded in the interface if you're unsure — no need to memorise every acronym.
  • Arrive at the centre at least 15 minutes before the exam time. You already know that.

Procedure to acquire the certificate

  1. Prepare for the CISSP exam using the materials above.
  2. Register for the exam and pay the fees via Pearson VUE.
  3. Pass your exam. You'll receive a provisional pass result on the day.
  4. Fill in the endorsement form.
  5. Ask a colleague or friend who is an (ISC)² member to endorse you.
  6. Pay the Annual Maintenance Fee (AMF) on the (ISC)² portal.
  7. Keep the certificate active by earning 120 CPE credits every 3 years (roughly 40 CPE per year).

If you can't find anyone in your network for endorsement, contact (ISC)² directly — they will help accordingly.

Hope this gives you some insight into CISSP, along with the facts around the exam and clearer guidance on where to start. So — get set, go.

How did you find the article? Let me know in the comments. If you're mid-preparation and have a specific domain giving you grief, drop a note and I'll try to share what worked for me on that one.

Found this useful? Give it a like.

Stay in the loop

New articles on AI, Cybersecurity, and PKI — delivered to your inbox.

← Back to Others