# BLUF: I studied for the CISSP for ~2 months, including over 1300 practice Qs. Passed at Q# 100 with 90 minutes remaining. # Background: I have a full time job as a patent attorney with a toddler. So my study time is limited to ~1.5 hours on weekday evenings after my kid goes to sleep and ~1.5 hr per weekend day while the kid is napping. I have experience in private practice representing big tech clients that span e-commerce, memory controllers, RF front-end modules, computer vision, computer networking, AI/ML, and more. Over the years, I have had to become adept at absorbing new technologies out of professional necessity, which helps a lot for tests like this. # Study Materials: - Pete Zerger’s Exam Cram YT Video + 2025 addendum and drill-down videos - Sybex Official Study Guide (OSG) 10th edition - Sybex Practice Tests book - Destination CISSP - Handwritten note cards - Quantum Exams # Study Methodology: My typical exam strategy is repetitive multi-modal learning with a blitz of practice tests leading up to exam day in order to peak at the right time. I started with Pete Zerger's exam cram plus the addendum. Next, read 1 to 2 chapters of the OSG a day until complete. Then, worked my way through 20 Qs per chapter from the OSG to identify my weak spots while referring to Destination CISSP and hand writing notecards. I circled back to Pete Zerger's drill-down videos on cryptography, frameworks, etc. Finally, I scheduled my exam for 3 weeks out and set a practice test schedule. I took three days off from work with two weeks remaining to devote to practice tests where I would take a QE test in the morning and a Sybex practice test in the afternoon. In the end. I took 3 timed QE exams and 8 Sybex practice tests. The most important part here was to identify remaining gaps and determine why I was getting Qs wrong. I forwent any studying the day prior to the exam but did some light studying the day of the exam to review memory mnemonics and frameworks. # What Worked and What Didn't: - Carrying momentum forward from previous certs helped the most. I sat for and passed the Network+, Security+, and CIPP/US certs (in that order) within the past 12 months. There was tremendous overlap between these certs and the CISSP. - I'm probably in the minority, but I much preferred the OSG to Destination CISSP. The OSG is detailed and provides both context and perspective, whereas I found Destination CISSP too high level for my liking. - My main gripe with the OSG is its index. - I found many terms (even italicized ones) missing from the index such as split-response attacks, TLS offloading, and Graham-Denning. - Sybex practice tests are better written but easier than the actual exam. - However, these were great for comprehensive coverage of the material. - QE practice tests were a better analogue to the actual test. - When answering Qs, QE repeatedly places you in what I'll call the "gray zone" where you have to select the BEST answer from 2/3 right answers. - And, the QE questions can be poorly written at times; like the actual exam. - Finally, a quick plug for Technical Institute of America's 50 hard questions. - The mindset espoused in this video was great for framing how to select between answers while in the "gray zone." - NOTE: If you pick one answer, you are forsaking the others, so pick the broadest, most encompassing answer. ![[images/Pasted image 20250808153849.png]] # Endorsement Process - Passed in May 2025. Fully certified in late June 2025. - I went through the self-endorsement route without a referral from a current member. - It took about a month from submission of my employment and educations docs to become a fully fledged CISSP member. This included one reach out from ISC2 via email for additional docs with clarifying questions.