If you work in the cybersecurity field, then you know that there are only four types of people:
- People who passed the CISSP exam
- People who are studying for the CISSP exam
- People who failed the CISSP exam
- People who are too fearful of taking the exam
Having the CISSP certification is a must if you want to work in particular high paying and highly rewarding environments. The CISSP exam is a gate. Those that have made it through that gate are often considered the elite in the cybersecurity field.
Even if you passed the CISSP exam, likely, you did not do it on your first try. While the statistics are not released publicly, it is widely recognized that just about 50% of candidates pass the first try. I work with people who have passed on their 3rd and 4th try.
Given this, there are many thousands of people who have failed the exam.
The purpose of this article is to examine the reasons that you may have failed the exam. Also, this article is designed to help you to address the issues that caused you to fail and give you the confidence to try again and pass!
#1. You studied hard but did not pass the exam because of your mindset.
I know dozens of highly technical cybersecurity professionals who failed the exam only because of their mindset. These folks are or have been system admins, penetration testers, policy writers, coders, and other very technical experts in their field. Many of these folks are cyber experts that are among the top in the industry. But they can’t seem to pass the CISSP exam.
One of the main reasons that these folks have trouble with the test is that they rely on their technical expertise but have difficulty transcending to the management mindset.
To be very clear: You can be a tech wizard and get a perfect score on every technical question on the test. But you still won’t pass unless you have an understanding of the management of security processes and personnel.
The reason for this is because many questions test your understanding of how to manage people, processes, and incidents.
So, what should you do?
Don’t be discouraged! Your technical expertise gives you a tremendous advantage on the CISSP exam. You need to adjust your mindset to look at technology from the point of a manager, CIO, or CSO. This shift is not as hard as you think!
You already know what is wrong and how to fix it. Or you know the best way to resolve an issue. You have to think a little deeper to understand the best practice from a business’ point of view. More specifically, you need to understand the point of view that ISC2 considers correct.
The best way to get this understanding without going to business school is to do more practice tests that focus on management issues. You can find my recommendation related to practice tests here: How to pass the CISSP exam without any books.
#2. You relied on a CISSP boot camp
I am not a fan of boot camps for the CISSP exam, but they are helpful for many people. I believe that these boot camp classes are often misused as a method to try to pass the test without possessing the in-depth knowledge that is required to pass the test successfully.
Boot camp providers often include the cost of the test in their tuition, and they promise to pay for your test the 2nd time if you don’t pass on your first try.
This promise can give you a false sense of being prepared. It encourages you to take the test even though you might not yet be ready. Since you get a free “re-do” you might as well give it a shot.
Nobody can expect to pass the CISSP exam after a week-long cram session. Even multiple weeks of cram studying likely won’t do the trick for most people.
So, what should you do?
First, you should recognize that a boot camp is a tool and not a solution to passing the exam. A boot camp can be incorporated into your study plan, but you should not rely on it as the only or even the primary study tool.
I studied for the CISSP exam for almost three months. Others I know have studied for six months or longer. There is no quick path to becoming CISSP certified. There are no shortcuts.
Your best plan of action is to create a daily study plan and stick with it. Don’t deviate from your plan even one day. The more committed you are to your study plan, the more likely you will pass the CISSP exam on the next try.
Schedule the test for 30, 60, or 90 days out. Then use the scheduled test date as the motivation to stick to your plan. If you study just 2 hours a day for 90 days, then you have 180 hours of studying under your belt! You will be far more prepared then cramming in an instructor-led boot camp for a week.
#3. You got tricked too many times
The test questions on the CISSP exam are devilishly tricky. You only get one shot at each question. Once you answer the question and move to the next, you will not get the opportunity to go back and double-check your answers.
It is very easy to get tricked by the wording or the content of the test questions on the CISSP exam. If you get caught up in these tricks too many times, then you will be on the path to failure.
So what should you do?
You need to have a good handle on the types of questions and the typical wording of the questions. Once you understand these things, then you will know what to look out for, and you will be able to identify the correct answers easier.
The only real way to prepare for the questions is to take practice questions from a reliable source. I took thousands of practice questions. I studied the questions, and I explored the answers. I took so many practice test questions that it was almost ridiculous. You can do this too. I believe that you should do this.
Practice questions will make you a better test taker and ensure that you don’t get fooled by the tricks that you will find on the CISSP exam.
An excellent source of CISSP practice questions can be found here: CCCURE.com.
#4. You got burnt out
The CISSP exam is no longer a 6 hour 250 question exam. With the adaptive format, you can expect the test to be between 100 to 150 questions.
But there is a point where you may have hit a wall and gave up. Not because of the length of the exam, but because of the mind-bending questions.
The questions are often very challenging; they can bring you to the point of mental exhaustion quickly. Some hit that point just 15 questions into the exam. Others may start to lose it later on in the test.
If you succumbed to mental exhaustion during the test, then you are not alone.
So, What should you do?
If you already failed the test, then you know what to expect the next time. You have a tremendous advantage now!
The best way to mentally prepare so that you do not burn out during the test is to work through actual test simulations at home. Close the door and get rid of all distractions. Then take a practice test as if it is the real test. Keep the timer going. Focus, and don’t stop until your practice test is complete.
After you do this a few times, you will have the confidence and mental stamina needed to keep from hitting a wall during the real CISSP exam.
In preparation for your next attempt, you should stop studying entirely for 24 hours before the exam. Be sure to get some exercise – go for a walk or a jog. Listen to some soothing music and be sure to get a good night’s sleep.
If you have failed the CISSP exam, then don’t fret. You are in great company! Many accredited CISSPs had failed the exam one or more times before they were able to pass it.
While the test is challenging, it is not impossible. If earning the CISSP credential is important to you, then you certainly can do it. Dedication, study, and the right mindset will be the key.
Don’t give up! It will all be worth it when the test administrator prints out your report and it says you passed!
Donald Korinchak is a Cybersecurity Program Director serving customer in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in leadership and cybersecurity issues.