How difficult is CISSP?

The post analyze the difficulties while preparing for CISSP and how to counter the challenges in the most effective manner.

How Difficult is CISSP?

The Certified Information Systems Security Professional (CISSP) is the gold certification in Cybersecurity. CISSP Certification is a big achievement in any security professional’s career. Every second security professional intends to pass CISSP. However, many professionals are not able to pass CISSP and many do not register for the exam due to the fear of failure and the exam is costly (749 USD).

CISSP Certification Course

Based on my experience, after teaching CISSP for the last 6 years and helping over 1000 CISSP Professionals get certified under the Cybernous Mission CISSP 100 Days program, here is a thorough analysis of CISSP difficulties and my recommendations on each one of them. If you consider these 5 pointers while preparing for CISSP, you will certainly be passing CISSP on the first attempt.

The course content is huge:

Generally, we as security professionals are engaged in a particular domain for years and indeed, we gain expertise. However, CISSP is all about understanding the big picture and being able to run the entire Information Security Program in a company. As Infosec is a big domain the CISSP Syllabus has been designed in a way to cover all different domains of security. This becomes the first reason for discomfort for the participant to step out of their comfort zone and read something out of the domain of expertise.

    I have observed that a CISSP Candidate starts the journey with full enthusiasm, however, that fades away as the journey progresses.

    This happens due to the following reasons:

    A. Getting too deep into the subject:

    • Take it easy policy: I see many people taking CISSP too hard and I understand, that is natural when there is so much hype around this certification on the internet. At times you may be stuck with a few concepts or topics. You should not get stuck with the same, make a note, keep your journey on and you will see, when you cover other domains, you are automatically able to grasp the topic where you were stuck because all domains are interconnected.
    • Many candidates get stuck in the technology part and slip on the overall objective of the CISSP Exam. I recommend taking this easy and deciding how much to read for a particular topic. Expectation from (ISC)2 is not to have SMEs but to have leaders who are able to understand the given scenario, given solutions, and the risk associated with the different options and take a risk-based decision while considering the Cost: Benefit for a given technology. This issue can be better resolved if you work with an experienced mentor and join a course like Mission CISSP 100 Days
    • 2. Lack of a plan:

      Many participants jump into CISSP preparation without a set plan. It makes all the sense to spend some time and plan your journey to CISSP. Without having a roadmap and a perfect plan, you are bound to get derailed. Don’t let that happen to you as time is precious, Plan it better. And if you don’t have an idea how to plan, follow the Mission CISSP 100-day Plan. The plan is designed to provide you small bytes each day for you to easily consume and prepare you end-to-end for your CISSP Journey. But what if your work and personal commitment derail your plan? The answer is to bounce back with double force and realign the plan. There are few passionate professionals in Cybersecurity who understand this challenge and Manoj has made sure if you get derailed in the overall journey, you are still supported by free enrolment in the next 100 days.

        3. Lack of a common book to prepare for CISSP:

         Hey, that’s true. Though (ISC)2 recommends reading the Official CBK, it may be hard to comprehend. That is where students refer to other officially accredited books by (ISC)2, like Shon Harris or Sybex version 9. With us moving into a media-oriented world, reading books can be a boring proposition. More importantly, if you cannot comprehend a topic correctly, you make a wrong thumb rule for yourself. Moreover, you will find many topics missing while inter-comparing these books and that also becomes a big factor in failures. The best solution to the issue is to hear the videos first from an experienced CISSP mentor like Manoj and then go through very concise notes already embedded into the bundled end-to-end preparation program by Cybernous. Yes, it's true! This course has inbuilt notes for each day which has the best of CBK, Shon Harris, and Sybex in a very concise manner and to the point.

        4. Failure to comprehend CISSP Questions:

        While we may call these tricky questions, the questions from (ISC)2 are very much focused on validating your understanding and decision-making while explaining you a scenario. You know what - I often hear back from successful candidates that the questions are based on Security sense and common sense. And I am a huge advocate of this statement. (ISC)2 don’t validate your knowledge, they test your analytical and balanced mindset while making security decisions and this requires common sense and security sense. While you are on your journey, you should also practice CISSP questions in parallel. This will help you validate and strengthen your understanding. Read the question twice before answering.

        5. Not Having the Right Mindset:

          I have seen candidates failing CISSP after reading 3 different books 3 times and practicing over 6000 questions while many candidates pass CISSP after just reading 1 book and practicing only 500 questions. It’s all about setting up the right mindset. Now, will a boot camp help if you need to change your perception? Of course not! Your mindset should align with the requirements of (the ISC)2 CISSP Exam. Always take some time to prepare for CISSP and set up your mindset to align with a CISO mindset. You need to have a balanced mindset between business and security. Also, the intent should always be to eradicate a challenge forever and not jump in to fix it at that moment.


            To make a successful journey to CISSP you should consider working with passionate mentors. Feel free to reach out on Linkedin. Mentors will help you keep motivated and targeted to your aim. Also, it makes all the sense to join a holistic end-to-end CISSP preparation plan like Cybernous Mission CISSP to make the best investment in terms of time and effort. This CISSP training plan has been built over 3 years and provides you with everything you need to pass your CISSP on the first attempt, including notes, quizzes, mock tests, and case studies. The best part is that this program is Cohort-based, which means that apart from the online self-study, you get over 60 hours of live training by Manoj Sharma on weekends.

            Categories: : CISSP