CISSP Exam Tips. PHOTO: Cybercrime Magazine.

How To Pass The CISSP Exam: Top 10 Tips From A Chief Risk Officer

Treat it as a marathon, not a sprint

Paul Caulfield, CISSP

Northport, N.Y. – Sep. 15, 2019

First, I didn’t need to get the CISSP (Certified Information Systems Security Professional) certification. CISM (Certified Information Systems Management) or something of its kind may have been more appropriate.

So, why CISSP?

As someone who heads enterprise risk for Israel’s largest foreign financial institution and broker dealer (IDB Bank and IDB Capital) throughout the U.S. and Latin America, I felt it imperative to deepen my understanding of the information technology and cybersecurity risks and controls.

We have a trusted CISO (chief information security officer), but these are some of the biggest risks facing not just financial institutions but also society today.

In order to “sleep at night” (as they ask at conferences), I want to know the “guts” of risk. It allows me to work effectively in the field with IT and cybersecurity personnel and with management. It provides further comfort to the boards of directors and also given our regulators in the U.S. and Israel additional evidence that our bank “walks the walk” when it comes to ownership.

Studying for and ultimately passing the CISSP is like most difficult tasks. It took time and effort.

Top 10 Tips To Pass The CISSP Exam:

1. Treat it as a marathon not a sprint. The study materials are massive, the guide itself running roughly 1,400 pages. Tackle it in sections and don’t move to the next until you’re comfortable with the domain you’re on. 

2. Give yourself a challenging but accomplishable deadline by when you will sit for the exam. I had significant on the job training before I started. I gave myself five months. The time also gave me room for my day job. (And family!)

3. The test is not necessarily “real life.” In many cases, more than one answer is right. But the question is typically phrased looking for the best answer. Take as many practice tests as you can. Quizlet is a good app. (ISC)2 also provides plenty of resources.

4. Study using your most successful learning style, but add a few others. I learn best by writing, which I did while reading, watching and listening to the materials. By the end, my exam manual was torn into sections, packed with my underlines, circles, diagrams and notes. I also have a stack of well-worn flash cards.

5. Lean into the domains where you are weakest. Security Architecture and Engineering and Communication and Network Security were my “weakest links.”  While I made sure I knew all eight domains, I spent a lot of time reinforcing these two.

6. Take a boot camp near your test date. There’s nothing like a concentrated, final push to get you ready and build your confidence.  When you take the boot camp, get your mind set. Focus as best you can on the days leading up to the exam and cut out as many distractions as you can. I stayed in a hotel the last two nights to really make sure.

7. Get sleep and be rested during the days leading up to the exam. Eat right as well.

8. If studying is a marathon so is the exam itself. Pace yourself. You have three hours. Don’t rush it.

9. This was passed on to me, and I found it very helpful. Read the Answers first. (It helps isolate the better answers from the red herrings.) Then, read the Question. Then, read the Answers, again. The process tends to isolate the two better choices. By then, it’s 50-50.

10. Be in the moment for each question. Your confidence will be tested. Some questions will appear from nowhere. Some don’t even count as they are being tested for future exams. You won’t know which is which. Do your best on a question, answer it and then forget it. The only question that matters is the one you’re on.

Good luck!

Paul Caulfield, CISSP, is chief risk officer at IDB Bank, Israel’s largest foreign financial institution, adjunct professor at Fordham Law School, and former Manhattan prosecutor and chief compliance officer.