I passed the CISSP! — William J Clements

Another huge certification checked off the to-do list! On December 14th I sat and passed the Certified Information Systems Security Professional certification. I've had this on my radar for years, but made the decision to pursue the Project Management Professional certification first.

I started studying seriously back in October. I watched Kelly Handerhan's CISSP course on Cybrary. A great course even before you consider the price...free. I spend a fair bit of time on the road and try to walk during my lunch hour when I'm in the office. Simple CISSP by Phil Martin was a great audio book. This is the first audio book for a certification that I've ever felt comfortable recommending. A week prior to the exam I read 11th Hour CISSP by Eric Conrad from cover to cover. As with so many things, there is a wonderful and helpful community on Reddit dedicated to this exam. Seriously, that should be your first stop if you're thinking about embarking on the journey to becoming a CISSP.

I discovered that the exam was moving to an adaptive model on December 18th so I booked as late as possible before that date. I showed up to the testing center bright and early. Took a 10 minute break at question 175 and finished up. I'd flagged 43 questions for review, and only ended up changing my answer to two of them.

The CISSP is the first exam I've taken that doesn't tell you on screen whether or not you've passed. I've read on Reddit that if you pass, you only get a single page printout and if you fail you get several. I stood up and waited for the proctor and was lead out to the front desk. My heart jumped a bit when I saw the single sheet lying face down. When I was handed the page I saw the first line, "Congratulations..." and breathed a huge sigh of relief.

The biggest piece of advice I can give is to think like a manager and answer the question being asked. I saw several problems that had a technical solution as one of the answers. As IT nerds we jump at the chance to fix a problem, but that isn't always the correct answer. Think like a manager and always, ALWAYS follow the change control process.

Good luck!