If you had asked me 3 months ago if I could see myself with an industry-recognised certification I may have chuckled and shook my head – far too expensive to obtain. This morning however I became a certified CISSP.
The ISC2™ CISSP® is the most globally recognised certification for cybersecurity, with it’s practitioners recognised for their deep technical and managerial knowledge and experience to design, engineer and manage an organisations security program.
In terms of passing requirements, I had to receive a computer adaptive test from Pearson-VUE which had a minimum of 100 questions, and ranging up to 150 questions if needed. I also needed to demonstrate at least 5 years experience in two of the education domains for the CISSP®.
So how did this all happen?
I’m not one for collecting certifications, and have always held the cynical belief that exams are rarely a test of skills, but more a test of having a good memory for the content – in a modern world you just tend to look up online what you are unsure of. Also feeding the cynicism was that through my career the places I have worked have had specific qualification requirement, nor (in the ICT space) had a particular appetite to encourage career development and to reward those gaining new skills or qualifications.
The story of what changed my views in the space of a year is one for another blog post, but when an opportunity to attend a CISSP® bootcamp at no cost was offered in May 2024, it would have been foolish to decline
The bootcamp ran over a period of 5 days, and to say it was mind-numbing was an understatement. Eight-hour days with content being remotely delivered in a death by powerpoint way and minimal interaction with learners as there were no practical components or workshop elements to the course. It took me 4 days to realise I could stream the content to my AppleTV, which at least made the whole thing more comfortable for the remaining days.
With the $800 USD for the exam being completely out of my personal financial reach, and with an already negative view of exams and definite fear of failure, I figured this was going to be where the story ended.
And then my employer offered to pay for the exam. Now instead of worrying about blowing $800USD of my own money, I can worry about blowing $800USD of my employer’s money instead. Yay.
With the exam date booked in mid-July, I began seriously preparing around 2.5 weeks out. My preparation was based on:
- Mike Chapple (CertMike)’s CISSP Cert Prep on LinkedIn Learning
- LinkedIn Learning CISSP Practice Exams
- The LearnzApp CISSP Exam Prep App
I was regularly studying and testing for about 3-4 hours a day in 2 weeks before exam day.
Sitting the exam, quickly became aware that despite all my preparation, the questions being asked were different to the questions I had drilled on.
After 1 tense hour, and clicking submit on the 100th question, the exam abruptly finished and to leave the room and speak to the proctor. Knowing it was a computer adaptive test and being question 100, I was convinced the exam had decided I had failed badly enough that we did not need 150 questions. I expressed my self-disappointment to the proctor as he was printing out the results letter. He handed it to me print-side down. I turned it over.
“Dear TribesmanJohn
Congratulations! We are pleased to inform you that you have provisionally passed the CISSP® Exam….”
I stood there for a moment in shock. I think I might have babbled incoherently. I left the exam centre – it was bucketing with rain. But I really wanted to make sure that letter stayed dry.
I had passed.
The application to be certified was pretty easy, with my colleague sitting next to me being a CISSP® already who could endorse me along with 14 years of experience managing core platforms like Active Directory, VMware, PKI and more, I easily met the work experience component. The hardest part I discovered was trying to get a history of employment statement from my employer, as the HR department refused to provide anything more than a statement of employment in my current position. In the end I had to prepare a letter confirming my employment history and have a manager sign it.
All the paperwork was submitted around a month ago now. In the small hours of the morning I received my email advising my application had been accepted, to pay the annual maintenance fee and I would be a CISSP®. One of the fastest financial transactions I have completed!