CISSP-squared: Passing the Exam a Decade Later

In February 2003 I took and passed the CISSP exam. As much as the CISSP is the current industry gold standard (as a colleague of mine recently reminded me) it had even more prestige in 2003. Worldwide there were less that 45,000 certification holders in 2003 and it was the hallmark of excellence. According to Wikipedia, there were 84,596 certified holders as of November 2012

My only preparation in 2003 was self-study despite the fact that CISSP bootcamps were beginning to pop up at an alarming rate. For a few thousand dollars you could take a course and they would teach you everything you needed to know to pass the exam. Well, I was still only 5 years out of College and my employer at the time, despite being very good, only started to get into the information security education game in late 2004. So, I was on my own.

Studying for the CISSP was very enjoyable. Learning the nuisances of each domain was like finding new keys to unlock a kingdom shrouded in mystery. I could spend hours reading and researching the topics in the common body of knowledge. Studying was less work and more fun given my natural interest in the field. Most of all there wasn’t any pressure to pass the exam. It was more a right of passage than an industry requirement.

My scheduled exam was held in NYC. Since I lived on Long Island I traveled to the Big Apple the night before and stayed at a hotel in Midtown on the west-side. The items I brought to the testing location included bringing a fistful of number 2 pencils for the scantron, a sharpener, a wristwatch to keep track of the time and some healthy snacks for my break. (I remember I brought a banana but not sure what else.) The exam was 6 hours long as it is now. At about 3 hours I finished all of the questions. I decided to take my break to relax (as much as possible) and eat my snacks before I would review/take the exam a second time to check my answers. During the break the proctor took an interest in me. I was probably the youngest person taking the exam by at least a few (a-hem) solid years. He asked me if I took a bootcamp to which I replied that I did not. He asked me how I prepared to which I replied that I read the exam prep books. At this point he turned to me and said, “You will probably fail. I failed my first time and you’re probably going to fail if you didn’t take a class.” My read of the situation was that he meant it more to comfort me and brace me for the fact that the odds were against me. At the time it was a known statistic that most people took the exam at least twice before passing. He tried to prepare me for the disappoint he experienced. While it wasn’t malicious per se it’s not the kind of thing you want to hear in the middle of the exam. I took the exam again and handed in my scantron sheet 2.5 hours later. I don’t remember the exact length of time but it took a few weeks, maybe even a month or two, for ISC2 to send the results. Thankfully I passed on the first try. I was elated.


  1. Larry Timmins May 12, 2016 at 10:38 am | Permalink

    Hi Ken,
    I realize this is an old article, but I like how you positioned the CISSP certificate in the job market and how even well documented experience will not get your resume, etc. past job requirements that are often digitally verified by scrapping a online / submitted resume and going through a key word search.

    QUESTION. To your point, did you maintain your CISSP with adequate CPE this time? A useful article would be to show how you gathered enough CPE credits to maintain your 2nd CISSP past December 2015.

    All the best,

  2. Kenneth F. Belva Jan 29, 2018 at 8:07 am | Permalink

    Hi Larry,

    One way to maintain CPEs is to volunteer as a leader in cyber security organizations such as ISC2, OWASP, ISSA, etc. The time spent volunteering may be used towards CPEs.

    There is currently a protected page on ISC2 that addresses this under the Member Section:

    Hope that helps.


Post a Comment

Your email is never published nor shared. Required fields are marked *