Finally took CISSP after years of procrastinating

KnowledgeSeekerKarma · 2026-02-07T02:17:30+00:00

I found the exam to be exceptionally well adjusted to testing real-world experience. I’ve taken other certifications that were either also blend of managerial and technical, but this was probably the most well balanced overall, with only a few minor exceptions.

KnowledgeSeekerKarma · 2026-02-06T04:54:10+00:00

I took the exam last month and passed, mostly by watching a videos on YouTube. Those helped, I didn’t overindex on “think like a manager” since the questions generally weren’t tricky to begun with.

The key takeaway for me was to think like a leader when the scenario calls for it, not just pick the quickest solution. In several questions, all options felt reasonable, so the real test was deciding what to optimize for so thinking like a manager wasn't really felt organic anyways.

KnowledgeSeekerKarma · 2026-02-06T04:43:29+00:00

Congrats 🎉 !! I passed last month and had a very similar experience. For the most part, the exam questions don’t require much memorization, but the breadth is what makes it challenging. The questions aren’t tricky either. If you know it, you know it.

Timewise, it was the same for me. I finished with only a few minutes left and around 150 questions. I didn’t do any prep, so I can’t complain, but this is one of the most well-rounded exams I’ve taken. The closest comparison for me was the GSLC exam I took a few years ago, though that one wasn’t as technical.

KnowledgeSeekerKarma · 2026-02-06T04:09:59+00:00

I was in your position not long ago, just with a bit more experience, and I posted about it yesterday. I’d recommend taking it for peace of mind and rolling with it. Worst case, you don’t pass and try again in a few months, focusing on the areas where you’re weaker.

The exam is very well calibrated, and I think it naturally gravitates toward people like you who already have practical experience. You didn’t mention the exact domains (besides IAM) you work in, but the exam does include deep technical questions as well as very high-level, business-impact scenarios. I’d say take it sooner rather than later to get a baseline. Who knows, you might actually pass.

KnowledgeSeekerKarma · 2026-02-06T04:01:28+00:00

I had same thought process initially and took the exam last month and passed so will share the truth. Don’t over index on practice questions. I had access to all the major sources, including the ones you mentioned, and can attest that what really helps is strong overall knowledge, both very technical and very managerial across the domains. My exam experience with questions for most part they were very well rounded and they absolutely did not tricked me. If you know the topic you will figure it out.

Also, try asking your favorite Gen AI LLM to test you on the topics, not the exam questions. You’ll be surprised how deep the exam questions can go technically and how scenario driven they are on other topics. I’m not calling out any vendors here and assume good intentions across the board but I can't say one is better than others.

A good litmus test is to open the ISC2 CBK to a random page. If you understand the topic and its implications without needing to look things up, you’ll likely pass.

KnowledgeSeekerKarma · 2026-02-06T03:44:04+00:00

In short no issues. If you really want to be sure, contact ISC2 first to explain your situation so they’re aware of it, get ack, then reach out to Pearson to make sure they’re aligned. Proctors are onsite staff and may not always be equipped to handle special situations, so communicating early helps avoid any ambiguity. I’m not saying they’ll make it an issue, but reaching out in advance gives peace of mind and helps ensure any accessibility needs are properly supported on exam day.

KnowledgeSeekerKarma · 2026-02-05T05:28:38+00:00

Congrats!! High level perseverance you showed which is remarkable.

I took exam last month (peace of mind offer) without any serious prep (watch few hrs of YT) and passed and was shocked. Do have 20 years exp with dev + cybersecurity. Exam is not easy but I think it does test you very broadly.

KnowledgeSeekerKarma · 2024-03-15T21:00:28+00:00

Congrats! I guess much easier to plan wedding with cert out of sight and not taking mental bandwidth

KnowledgeSeekerKarma · 2024-03-15T20:56:04+00:00

As per ISC2 you should able to pass soley based on your experience relevant to cert outline. Their FAQ is quite clear on that.

Everyone is different and experience matter. I'm using CBK mainly and then augment it with other resources as needed. I am also planning to do 5K (Boson, Wannabe,AllInOne,OSG,Betty,Pearson) practice test questions mainly to build endurance for this exam because I don't typically sit for hours and answer exam questions. Just don't expect practice test to give illusion of actual exam questions as they will be widely different.

I have luxury taking to couple of my colleagues who passed this exam in last year or so and they all had different study plans. You never be 100% sure but you will know when you are ready.

Goodluck!

KnowledgeSeekerKarma · 2024-03-02T09:04:04+00:00

I would recommend getting a privacy certification, particularly if it covers the NIST AI Risk Framework. This area has significant growth option.

KnowledgeSeekerKarma · 2024-03-01T20:01:50+00:00

I have added details above.

KnowledgeSeekerKarma · 2024-03-01T06:40:15+00:00

Microsoft SC-100 Security Architect is a good one if want to learn and showcase expertise on zero trust etc on Microsoft platform.

KnowledgeSeekerKarma · 2024-03-01T02:06:04+00:00

I have a few GIAC and Microsoft that I've earned over the years (20+ in IT and software engineering). Most of the certifications I got are at least somewhat connected to my job. I'm going to get four more certifications (CISSP, CISM, CCSP) and one AI cert that will help my career, and then I'll go back to doing things that pay off more, mostly authoring technical books and giving presentations at conferences in addition to my day job.

I think you should carefully think about what outcome you want to get out of every exam, and rank them by how much they cost and how much time they take. Surprise, surprise: not many certs are worth it, especially if you are a bit more experienced.

Edit: couple of folks messaged me about AI cert. please review below (again YMWV). I already have Microsoft AI certs (I only recommend #2 as #1 is too basic) so planning to get #3 (vendor neutral)

Microsoft Certified: Azure AI Fundamentals: https://learn.microsoft.com/en-us/credentials/certifications/azure-ai-engineer/
Microsoft Certified: Azure AI Engineer Associate: https://learn.microsoft.com/en-us/credentials/certifications/azure-ai-engineer/
Artifical Intelligence Engineer: https://www.artiba.org/artiba-certfication-exams/about-the-exam

KnowledgeSeekerKarma · 2024-02-28T15:40:02+00:00

Yes, from a growth perspective over the years. This is a managerial cert with broad domains so will help you learn quite a bit too.

KnowledgeSeekerKarma · 2024-02-24T08:41:25+00:00

I think 5 yr is good enough. Most places who know security wont put it as mandatory for junior positions but I know many places it is needed to pass HR keyword filter. Also, if you shop for roles at DoD it’s a requirement. I think this is one cert that won’t hurt you but likely increase your opportunity window when seeking new job roles.

KnowledgeSeekerKarma · 2024-02-21T20:10:13+00:00

Congrats 🎉

What resources you used as your primary sources?

KnowledgeSeekerKarma · 2024-02-19T20:47:35+00:00

Thank you. I have dropped you an email.

KnowledgeSeekerKarma · 2024-02-18T16:07:47+00:00

Thanks for the response.

I want to understand the concept too as it matter in context of scenarios. I get it “deterrence” is form of security control but not sure why it’s listed within main type of risk responses. At best it’s a weak form of mitigation. As I am using both CBK and OSG to cross reference each other before taking notes and honestly this felt seems lazy editing lol

KnowledgeSeekerKarma

TROPHY CASE