Is Passing CISSP Difficult? We Ask Cybersecurity Professionals with the CISSP Certification

For All Things IT Security Conference Related

Join Our Newsletter [Over 50K Subscribers]

Let us send you information on ticket discounts, speaking opportunities and a ton more!

Home / Blog / Is Passing CISSP Difficult? We Ask Cybersecurity Professionals with the CISSP Certification

Is Passing CISSP Difficult? We Ask Cybersecurity Professionals with the CISSP Certification

Tagged Under:

What is this post about?

Time to read: 10 mins

We’ve been covering Cybersecurity training for many years now; but one certification that has been there from day one is CISSP. Love it or loath it let’s just agree that HR and Recruiters tend to love this Cybersecurity Certification. We get asked a lot “Is CISSP Difficult”, or “Is CISSP Easy”, and the answer is obviously not as simple as the question! So, we thought we’d contact Cybersecurity Professionals that have taken and passed CISSP what for their thoughts and experience on how they studied for and passed CISSP, and, whether having the designation has helped their career.


If you’ve passed CISSP and would like to share your study experience please share your thoughts


Take Part In The Interview!

Anthony Leece

A dedicated and motivated security professional with a strong background in technical information security and business development; known for providing effective project coordination, attention to detail, and maintaining client relationships.

How many years experience do you have within InfoSec?
7 years.

Did you find the CISSP difficult, and did you pass first time?
I found the test prep questions to be more difficult than the actual test questions. I did pass my exam the first time, in roughly 2.5 hours.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
I found the study guides to be the most helpful. They distilled the main information points to a more digestible form than the ISC2 CBK book. Practice tests are also helpful, but they can create a situation where not all information is covered, so be sure to read the material that goes along with it.

What would be your #1 bit of advice for someone attempting to pass CISSP?
Don’t try to cram it in. Some things you can read, and some things just come with enough time in the business. If you set an exam date for yourself, it creates a sense of urgency and you’ll be more encouraged to read and retain the information. Give yourself enough time to compensate for work and personal responsibilities, since life happens while you’re getting your CISSP.


Leighton Johnson

Leighton Johnson, the CTO and Founder of ISFMT (Information Security Forensics Management Team), a provider of computer security, forensics consulting & certification training, has presented computer security, cyber security and forensics classes and seminars all across the United States and Europe. He has over 35 years experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, software system development life cycle focused on modeling & simulation systems, systems engineering and integration activities, database administration, business process & data modeling. He holds CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CIFI (Certified Information Forensics Investigator), CSSLP (Certified Secure Software Lifecycle Professional), CAP (Certified Authorization Professional), CRISC (Certified in Risk & Information Systems Control), CMAS (Certified Master Antiterrorism Specialist), ATOL2 (DOD Anti-Terrorism Officer Level 2), C|CISO (Certified Chief Information Security Officer) and MBCI (Certified Member Business Continuity Institute) credentials. He has taught CISSP, CISA, CRISC, CISM, Security +, CAP, DIACAP, Anti-Terrorism, Digital and Network Forensics, Security Engineering, Security Architecture and Risk Management courses around the US over the past 10 years.

How many years experience do you have within InfoSec?
30+ years.

Did you find the CISSP difficult, and did you pass first time?
Yes and Yes.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
On line resources.

What would be your #1 bit of advice for someone attempting to pass CISSP?
Study the areas you don’t know first, but review all domains.


David Schwartzberg

David Schwartzberg is a Senior Security Engineer at MobileIron, a security company where he specializes in mobile management and security. David is a regular speaker at cybersecurity conferences such as, GrrCON, he has also presented at THOTCON, OWASP AppSec, BSides, Black Hat Arsenal, DerbyCON, (ISC)2 Congress and SC Congress.

As a writer, David wrote the original CramSession study guide for the Network+ certification in 1999, a self published book (Computers for Kids: Something In, Something Out), blogger for Dark Reading, Barracuda Labs, and as a guest blogger for the award winning Naked Security blog. After David graduated from Queens College with a B.S. in Accounting and Information Systems, he has earned several certifications in the field of Information Technology including, CNE, MCP, Network+, Security+ and CISSP. Utilizing his 6 years accounting experience and 17 years Information Technology experience, he speaks regularly with technology executives and professionals to help protect their corporate secrets and stay compliant.

How many years experience do you have within InfoSec?
22 years.

Did you find the CISSP difficult, and did you pass first time?
Moderatly. Long exam, some questions were challenging.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
ISSA primer one week course (good), CISSP prep book by Shon Harris and practice book by Mike Meyers.

What would be your #1 bit of advice for someone attempting to pass CISSP?
Study for at least 3 months prior to sitting. 1 month prior to sitting for the exam answer practice questions daily.


Danny Ha, PhD

Danny is a FCPCM ISO 22300, Fellow of the Certified Professional Crisis Manager for ISO 22300 at Academy of Professional Certification (APC), CB, Charitable NGO in Hong Kong.

How many years experience do you have within InfoSec?
18 years.

Did you find the CISSP difficult, and did you pass first time?
It is a difficult exam I never have before. Yes, I pass it in one go.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
I studied CISSP in 2000. There were not much good textbook that year. I studied all the domains according to the given syllabus from ISC2 and tried very hard to find the related material in internet including the below text book. I passed the CISSP in 2000. After starting to conduct CISSP training in 2001, I wrote a praise on the endpaper to recommend the book CISSP All-in-One Exam Guide by Shon Harris in 2002. After all these years of teaching until now, I still recommend this textbook. The book could explain security management concepts from basic, linking up other topics well, and easy to understand. It is the 7th Edition now. I do not have this book, but I think it is fine as well.

What would be your #1 bit of advice for someone attempting to pass CISSP?
The most important key is to do all the multiple choice questions from the book or websites, or as much as you feel good, to test your understanding and analytic mind of information security management, not technical management. It is important to fully understand the explanation of the answer to each question, no matter you did it right or wrong.


Dirk Groben

Dirk is an Inhaber of Groben IT Solutions.

How many years experience do you have within InfoSec?
6 years.

Did you find the CISSP difficult, and did you pass first time?
The exam was very difficult, because its widely ranging and does not just include technical information security. It’s a matter of understanding the whole picture for security and not just looking at parts. This new vision increased my professional experience with IT-Security cases. I did pass the first time but really took the full exam time of 6 hours.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
I’ve read books for CISSP examinations. But forget the braindumping stuff. The exam is about thinkining different. And you need to learn gaining your thoughts straight and understandining all vectors includeded in the process.

What would be your #1 bit of advice for someone attempting to pass CISSP?
English reading, writing and speaking is a must. Then start with technical security. Move to physical security. Then move to the administrative parts of IT-Security. Get the whole picture. This allows you to see through things which others wouldn’t see. And thats about it in IT security – thinking different.


Kevin Tighe

Kevin is a Systems Engineer at Bugcrowd.

How many years experience do you have within InfoSec?
Over 20 years.

Did you find the CISSP difficult, and did you pass first time?
Not difficult and passed 1st try.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
Shon Harris book, several sample tests from online searches.

What would be your #1 bit of advice for someone attempting to pass CISSP?
Don’t rely on what you know, follow the book and answer the way the test writer wants, even if it is not necessarily best practice in real life.


Roberto Contreras

Roberto is a Global Information Security Director at XIT Global Corp

How many years experience do you have within InfoSec?
10 years.

Did you find the CISSP difficult, and did you pass first time?
No. Yes.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
Cissp all in One and practice exams on internet.

What would be your #1 bit of advice for someone attempting to pass CISSP?
A lot reading and practice.


Xerxes Kiok Kan

Results-oriented, high-energy Information Security Professional with 10+ year’s hands-on experience. Provide IT Governance, System Management, Audit, Implementation and Consulting. Open-minded individual with a proven track record in implementing Information security and business continuity. Identify values, opportunities, and develop strategies for business. Develop individual employment plans, and goal setting strategy. Strong technical skills as well as excellent interpersonal skills. Hands-on experience implementing Management System (ISO27001 & ISO22301). Applies strong Information Security governance skills and guidance to inform senior management to manage enterprise risk. Operates with a strong sense of urgency and thrive in a fast-paced setting. Eager to be challenged in order to grow and improve. Competent IT Professional through consistent updating of skills and to contribute significantly to the organization. Fluent in English, Hokkien & Basic in Mandarin Language. Obtained IT & Security certifications, Core competencies Includes: Information Security (ISO27001), Business Continuity (ISO22301), Crisis Management, Penetration Test, Vulnerability Assessment, Risk Management, Project Management, Metrics / KPI, Security Incident Management, Consulting, Pursuit / Solution, SIEM, Internal / External Audit

How many years experience do you have within InfoSec?
12 years.

Did you find the CISSP difficult, and did you pass first time?
You should attain a certain level, this is not similar to basic Security certification. I failed my first time.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
CISSP All in one By S. Harris

What would be your #1 bit of advice for someone attempting to pass CISSP?
This exam will test your knowledge in Information Security Field, it is a Kilometer wide topic and inch deep. Understand the domain how it will be implement it real situation rather theories only or memorization.


Richard Starnes

A results-driven, business focused, information security professional with twenty plus years of experience implementing information security programs from a risk based perspective. I have served in executive and senior management positions, in the US and the UK with responsibilities including policy development, governance, risk and compliance. Specifically, the development and implementation of global security policy, standards, guidelines and procedures through effective risk management. Identification of protection goals, objectives and metrics consistent with the corporate strategic plan in a business friendly manner. The measurement of risk and developing strategies to manage it. Served as Chairperson of the Communications and Public Relations Project Group of Interpol’s European Working Party on Information Technology Crime, as well as advising their Wireless Applications Security Project Group. I am the former, the President of the United Kingdom and Bluegrass chapters of the Information Systems Security Association (ISSA), also editorial advisory board of the ISSA Journal.

How many years experience do you have within InfoSec?
20+ years.

Did you find the CISSP difficult, and did you pass first time?
Yes and yes.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
Flash cards, The Offical ISC2 book and a lot of study time.

What would be your #1 bit of advice for someone attempting to pass CISSP?
Go through the CBK and honestly evaluate your strengths and weakness. Study the weaknesses first. Study, Study some more. Take practice exams. Take the ISC2 course if you can. Get a good nights sleep and pack a lunch for the test. Take a break half way through the exam. Don’t fight the question. Pick the right answer even if you don’t agree with it. Don’t change your answer once you have made it.


Michalis Papachristoforou

Michalis is a Project Manager, Group Project Management Office (PMO) Transformation Office at Hellenic Bank Public Company Ltd.

How many years experience do you have within InfoSec?
9 years.

Did you find the CISSP difficult, and did you pass first time?
Yes it was difficult however managed to pass first time.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
Shon Harris book

What would be your #1 bit of advice for someone attempting to pass CISSP?
Study hard and obtain hands on experience on the CISSP domains.


Andreia Goncalves Pinheiro Santos

I have 14 year of experience with IT, in projects related to security, networking and web applications. In the last 5 years I’m working with Information Security Governance (SoD, IDM Management, compliance and hardening). I have two Security Certifications: CISSP (Certified Information Systems Security Professional) and CEH (Ec-Concil Certified Ethical Hacker), and, I’m teaching CISSP class in ISSA Brasil.

How many years experience do you have within InfoSec?
6 years.

Did you find the CISSP difficult, and did you pass first time?
Yes.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
All of these.

What would be your #1 bit of advice for someone attempting to pass CISSP?
Study and study… Make the concepts simple in the mind.


Saad Moten

IT Professioanl, having 15+ years experience in IT Infrastructure, IT Audit, IT Security and IT Service Delivery. Have a proven expertise in integrating, configuring and supporting all components of a data communication and systems. Ability to provide technical leadership at a cross-functional level. Managed, Installed and configured complex networks.

How many years experience do you have within InfoSec?
5 years.

Did you find the CISSP difficult, and did you pass first time?
No, it’s too difficult; I passed the exam in 2nd attempt.

What did you use to study? Flash cards, practice exams? Any books you can recommend?
I used offical CBK, All in One Shon Harris and eleventh hour.

What would be your #1 bit of advice for someone attempting to pass CISSP?
Passion towards the study and take as a challange.

Leave a comment or reply below...thanks!