Post

My Journey to CISSP Certification: A Consultant’s Guide to Getting Certified

Posted Updated
By Matt Anderson
6 min read

So, I recently got my CISSP certification, and let me tell you, it was a wild ride. For those who don’t know, CISSP (Certified Information Systems Security Professional) is like the golden ticket in cybersecurity. It’s globally recognised, highly respected, and opens a lot of doors if you’re looking to work in cybersecurity or, like me, you’re in tech consulting and need to show you know your stuff when it comes to security.

If you’re reading this and considering the CISSP journey, I’m here to give you a glimpse of what it’s like, what worked for me, and how I managed to pass the exam without losing my sanity.

Why I Decided to Get CISSP

Working in consulting and tech project management, I’ve had a good amount of exposure to security practices. But I realised that while I knew the basics (password management, firewalls, yada yada), my knowledge was surface-level. In meetings, I was hearing a lot of talk about encryption standards, risk management, and security policies that flew right over my head. And let’s be honest, security is not just a tech buzzword anymore – it’s a necessity.

I also wanted to expand my skillset. A CISSP cert gives you credibility in security and demonstrates that you can think about cybersecurity from a strategic and tactical perspective. This isn’t just about the techie stuff, it’s about aligning security with business goals.

What the CISSP is All About

CISSP isn’t for the faint-hearted. The exam covers eight domains, ranging from security risk management to network security, cryptography, and even software development security. It’s a mile wide and an inch deep, so you don’t need to be a super-specialist, but you do need to know a little about a lot.

The domains are:

  1. Security and Risk Management
  2. Asset Security
  3. Security Architecture and Engineering
  4. Communication and Network Security
  5. Identity and Access Management (IAM)
  6. Security Assessment and Testing
  7. Security Operations
  8. Software Development Security

To pass, you’ve got to be across all of these, and it’s important to think about security not just as a technical task, but as a part of overall business strategy. That’s what makes CISSP valuable for managers, analysts, and consultants like me.

Step 1: Meeting the Experience Requirement

Before you even think about the exam, you need at least five years of cumulative, paid work experience in two or more of the domains. Luckily, as a consultant with a few years in the bag working on various tech projects, I was able to meet this. If you don’t, there’s a workaround where you can become an “Associate of (ISC)²” and get the certification once you have the experience.

Step 2: The Study Plan

I’m not going to lie – CISSP is a beast. I knew I couldn’t cram for it like a uni exam, so I set up a solid study plan. Here’s what worked for me:

  1. Official Study Guide – The (ISC)² CISSP Study Guide was my bible. It covers everything you need to know and is written in a way that’s pretty digestible. That being said, it’s dense, so I wouldn’t recommend trying to read it cover to cover all at once.

  2. Video Courses – If you’re a visual learner like me, video courses are a godsend. I used the Cybrary and Udemy CISSP courses. Cybrary’s course, by Kelly Handerhan, is probably the most well-known in the CISSP prep world. She does a fantastic job of simplifying complex topics without dumbing them down. Udemy also has a bunch of practice exams, which are great for testing yourself under time pressure.

  3. Practice Tests – Speaking of tests, do them. Do a lot of them. I went through about 1,000 practice questions before I felt confident enough to take the exam. There are some excellent test banks out there like Boson, which mirrors the real exam experience. Practice tests help you understand the tricky phrasing CISSP likes to use, plus it’s good to get used to managing your time (the exam gives you 6 hours, but it flies by!).

  4. Study Groups – I found a few Reddit and LinkedIn groups where people were also studying for CISSP. These were great for motivation and for clearing up things I didn’t understand. It’s a nice little community of people who get the struggle.

Step 3: The Exam Day

The CISSP exam is a CAT (Computer Adaptive Test), meaning the better you do, the harder the questions get. It’s 100-150 questions, and you can finish early if the algorithm is satisfied that you either know your stuff or… you don’t.

On exam day, I woke up early, tried to stay calm (coffee helps), and reminded myself that I had done the prep. It’s easy to overthink this exam because the questions aren’t straightforward – they’re designed to make you think about real-world situations. You need to apply the knowledge, not just memorise facts.

Some tips for exam day:

  • Read the questions carefully. The CISSP loves to throw in “best” or “most likely” type questions. Sometimes more than one answer seems correct, but you need to choose the one that’s most aligned with the business side of security.
  • Manage your time. Don’t get bogged down on any one question. If you’re not sure, flag it and come back later.

The Result

I’m happy to report that I passed (phew!). You don’t get your score right away because of the CAT system, but I walked out feeling cautiously optimistic. A few weeks later, I got the email confirming I’d passed. Cue celebratory beers!

What I Gained From the CISSP

For me, the biggest takeaway from earning my CISSP was the strategic thinking it requires. It’s not just about understanding the tech, it’s about being able to communicate security concepts to business stakeholders in a way that makes sense to them. Since passing, I’ve felt much more confident in my ability to advise clients on security policies, risk management, and security architecture.

From a career perspective, it’s a major plus on the CV. It’s globally recognised and has already opened up more opportunities for me, particularly in consulting on larger, more security-focused projects. Plus, it’s good for the pay cheque – according to PayScale, the average salary for a CISSP-certified professional is around $120,000 AUD a year.

Final Thoughts

The CISSP certification is a marathon, not a sprint. It requires serious dedication, but it’s absolutely worth it if you’re looking to advance in cybersecurity or tech consulting. My advice? Start early, plan your study, and stick with it. Use all the resources available (study guides, videos, test banks, and forums), and don’t be afraid to ask questions or join study groups.

For me, the CISSP was a challenge, but a rewarding one. It’s broadened my knowledge, given me a deeper understanding of how security fits into the bigger picture, and most importantly, made me more confident in tackling security issues head-on. If you’re considering it – go for it. You’ve got this!

cybersecurity certificates
This post is licensed under CC BY 4.0 by the author.