I passed my CISSP exam this morning and just wanted to share my experience in case it helps someone. Nothing fancy — just my honest story.
My Background
I have a background in Computer Systems Engineering and a Master's in IT Management. I started as a system admin and gradually moved into cybersecurity over time. Throughout my career, I've worn many hats:
- SOC Analyst
- Penetration Tester
- Incident Responder
- Malware Reverse Engineer
- Security Product Owner (DevSecOps)
- People Manager (last 3 years)
I also hold 3 SANS certifications related to penetration testing and an ISACA CISA. So I wasn't starting from zero — but the CISSP is still a beast of its own.
The Hardest Part: Finding Time
My job is very demanding, and finding time to study was honestly the hardest part of the entire process. My company paid for the certification attempt and enrolled me in the official ISC2 CISSP course prep. I'll be blunt — that course was not that helpful. I just left it running on the side while working.
Since they paid for the course and the exam, I decided to spend some of my own money on practice tests from three different sources:
My Practice Test Sources
My Study Plan: 4 Months, On and Off
I prepared on and off for about 4 months total. Here's roughly how it broke down:
| Phase | Duration | What I Did |
|---|---|---|
| Reading | ~3 months | Read the official CISSP book cover to cover — during office commutes, evenings, and weekend hours |
| Practice | ~1 month | Practice questions only — from all three vendors. Focused heavily on learning from wrong answers |
The key in that last month was not just doing the questions — it was analyzing why I got things wrong, understanding the reasoning, and filling knowledge gaps as they surfaced.
Exam Day: The Real Experience
The actual exam had a mix of questions similar to all three practice test vendors. Here's my honest breakdown:
- Around 20% of questions were long, scenario-based — similar to Quantum CISSP style
- Most questions were more like Boson or Pocket Prep in length and format
- I even had a question I swear I saw in one of the practice tests
Time Management Was My Biggest Risk
I'm a slow reader. It takes me time to read the question properly, analyze all the options, and answer with confidence. Here's how my time broke down:
My Pace on Exam Day
If the exam had gone to 150 questions, I honestly think I would have run out of time. Luckily, it ended at 100.
The Moment of Truth
To be honest, I didn't feel great after finishing. It was a weird mix. I didn't feel like I nailed it, but it didn't feel like a disaster either. When it ended at 100 questions, my heart dropped for a second — I thought I had failed.
But then the result came: Pass.
That feeling is hard to describe. Relief, disbelief, excitement — all at once.
What Worked for Me
Looking back, I think these were the things that actually made the difference:
Key Takeaways
A Warning About Pace
If you're a slow reader like me, pace is a real risk on the CISSP CAT exam. The exam can go anywhere from 100 to 150 questions, and you get 3 hours total. If you're burning 1.5 minutes per question like I was, you're in danger if the exam doesn't end early. Practice under timed conditions and be conscious of your speed.
Final Thoughts
That's it. Nothing fancy. Just my story. All three practice sources helped in different ways, so using multiple was absolutely worth it. The official book is essential — read it fully. And the last month of practice-question-only mode is where the real exam readiness develops.
If this helps even one person preparing for their CISSP, I'm glad I shared it.
Preparing for CISSP?
At Nocturne Information Security, we offer expert-led CISSP preparation courses with on-demand, small-class instruction and personalized coaching. Learn from people who've been through it.