If you work in the cyber security field then you know that there are only 4 types of people:
- People who passed the CISSP exam
- People who are studying for the CISSP exam
- People who failed the CISSP exam
- People who are too fearful to take the exam
Having the CISSP certification is a must if you want to work in certain high paying and highly rewarding environments. The CISSP exam is a gate. Those that have made it through that gate are often considered the elite in the cybersecurity field.
Even if you passed the CISSP exam it is likely that you did not do it on your first try. While the statistics are not released publicly, it is widely recognized that just about 50% of candidates pass the first try. I work with people who have passed on their 3rd and 4th try.
Given this, there are many thousands of people who have failed the exam.
The purpose of this article is to examine the reasons that you may have failed the exam. In addition, this article is designed to help you to address the issues that caused you to fail and give you confidence to try again and pass!
#1. You studied hard but did not pass the exam because of your mindset.
I know dozens of highly technical cyber security professionals who failed the exam simply because of their mindset. These folks are or have been system admins, penetration testers, policy writers, coders, and other very technical experts in their field. Many of these folks are cyber experts that are among the top in the industry. But they can’t seem to pass the CISSP exam.
One of the main reasons that these folks have trouble on the test is that they rely on their technical expertise but have trouble transcending to the management mindset.
To be very clear: You can be a tech wizard and get a perfect score on every technical question on the test. But you still won’t pass unless you have an understanding of the management of security processes and personnel.
The reason for this is because there are many questions that test your understanding of how to manage people, processes, and incidents.
So, what should you do?
Don’t be discouraged! Your technical expertise gives you a tremendous advantage on the CISSP exam. You just need to adjust your mindset to look at technology from the point of a manager, CIO, or CSO. This shift is not as hard as you think!
You already know what is wrong and how to fix it. Or you know the best way to resolve an issue. You just have to think a little deeper to understand the best practice from a business’ point of view. More specifically, you need to understand the point of view that ISC2 considers correct.
The best way to get this understanding without going to business school is to just do more practice tests that focus on the management issues. You can find my recommendation related to practice tests here: How to pass the CISSP exam without any books.
#2. You relied on a CISSP boot camp
I am not a fan of boot camps for the CISSP exam, but they are helpful for many people. I believe that these boot camp classes are often misused as a method to try to pass the test without possessing the deep knowledge that is required to pass the test successfully.
Boot camp providers often include the cost of the test in their tuition, and they promise to pay for your test the 2nd time if you don’t pass on your first try.
This promise can give you a false sense of being prepared. It encourages you to take the test even though you might not yet be ready. Since you get a free re-do you might as well give it a shot.
Nobody can expect to pass the CISSP exam after a week long cram session. Even multiple weeks of cram studying likely won’t do the trick for most people.
So, what should you do?
First, you should recognize that the boot camp is a tool and not a solution to passing the exam. A boot camp can be incorporated into your study plan but you should not rely on it as the only or even the primary study tool.
I studied for the CISSP exam for almost 3 months. Others I know have studied for 6 months or longer. There is no quick path to becoming CISSP certified. There are no shortcuts.
You best plan of action is to create a daily study plan and stick with it. Don’t deviate from your plan even one day. The more committed you are to your study plan the more likely you will pass the CISSP exam on the next try.
Schedule the test for 30, 60, or 90 days out. Then use the scheduled test date as the motivation to stick to your plan. If you study just 2 hours a day for 90 days, then you have 180 hours of studying under your belt! You will be far more prepared then cramming in an instructor led boot camp for a week.
#3. You got tricked too many times
The test questions on the CISSP exam are devilishly tricky. You only get one shot at each question. Once you answer the question and move to the next, you will not get the opportunity to go back and double check your answers.
It is very easy to get tricked by the wording or the content of the test questions on the CISSP exam. If you get caught up in these tricks too many times then you will be on the path to failure.
So what should you do?
You need to have a good handle on the types of questions and the common wording of the questions. Once you understand these things then you will know what to look out for and you will be able to identify the correct answers easier.
The only real way to prepare for the questions is to take practice questions from a reliable source. I took thousands of practice questions. I studied the questions and I studied the answers. I took so many practice test questions that it was almost ridiculous. You can do this too. I believe that you should do this.
Practice questions will make you a better test taker and ensure that you don’t get fooled by the tricks that you will find on the CISSP exam.
A very good source of CISSP practice questions can be found here: CCCURE.com
#4. You got burnt out
The CISSP exam is no longer a 6 hour 250 question exam. With the adaptive format you can expect the test to be between 100 to 150 questions.
But there is a point where you may have hit a wall and gave up. Not because of the length of the exam, but because of the mind bending questions.
The questions are often very challenging they can bring you to a point of mental exhaustion quickly. Some hit that point just 15 questions into the exam. Others may start to lose it later on in the test.
If you succumbed to mental exhaustion during the test then you are not alone.
So, What should you do?
If you already failed the test then you know what to expect the next time. You have a tremendous advantage now!
The best way to mentally prepare so that you do not burn out during the test is to work through actual test simulations at home. Close the door and get rid of all distractions. Then take a practice test as if it is the real test. Keep the timer going. Focus and don’t stop until your practice test is complete.
After you do this a few times you will have the confidence and mental stamina needed to keep from hitting a wall during the real CISSP exam.
In preparation for your next attempt you should stop studying completely for 24 hours prior to the exam. Be sure to get some exercise – go for a walk or a jog. Listen to some soothing music and be sure to get a good night sleep.
If you have failed the CISSP exam then don’t fret. You are in great company! Many accredited CISSPs have failed the exam one or more times before they were able to pass it.
While the test is challenging, it is not impossible. If earning the CISSP credential is important to you then you certainly can do it. Dedication, study, and the right mindset will be the key.
Don’t give up! It will all be worth it when the test administrator prints out your report and it says you passed!