Kenneth F. Belva

CISSP-squared: Passing the Exam a Decade Later

Fast forward quite a few years. For various reasons professional and personal reasons that I shall not go into here I was unable to keep up with the CPE requirements and I lost my certification. It was a disappointment and an unfortunate fact of life. My CISSP was a qualification I took for granted since I passed in 2003. As I began to network more frequently throughout 2012 I realized that it’s essential to have and that having had it once doesn’t count if it’s not current. It seemed to me I was passed over for a professional opportunity or two because I didn’t have it. Without it my professional life would not be complete. Even though my close, long-term colleagues know my qualifications, there is value in the brand. So, I set out to pass the exam for the second time almost a decade later.

If I didn’t take a class in 2003 due to money, in 2012 it was due to time (and, to be honest, a bit of pride). I took the exam Monday, December 7, 2012. From August 2012 through the time of the exam I was working on so many private information security projects and doing independent information security research that I didn’t have the time to take a week off and travel for a class. I did have the time to study on weekends and at odd hours. One does what one must!

I still love security with all my being but this time studying was not as pleasurable. Don’t get me wrong; I still enjoyed it but there was a cloud of failure hanging over my head that really wasn’t there the first time. Now I was an established professional. What if I didn’t pass this time? What if there was new material with which I was unfamiliar? How much time could I really devote to my studying with all of my other life concerns and responsibilities? Thankfully my studying was more like a refresher but I still felt the pressure of lack of time. Plus, who wants to spend another $599 on an exam if one doesn’t pass?


  1. Larry Timmins May 12, 2016 at 10:38 am | Permalink

    Hi Ken,
    I realize this is an old article, but I like how you positioned the CISSP certificate in the job market and how even well documented experience will not get your resume, etc. past job requirements that are often digitally verified by scrapping a online / submitted resume and going through a key word search.

    QUESTION. To your point, did you maintain your CISSP with adequate CPE this time? A useful article would be to show how you gathered enough CPE credits to maintain your 2nd CISSP past December 2015.

    All the best,

  2. Kenneth F. Belva Jan 29, 2018 at 8:07 am | Permalink

    Hi Larry,

    One way to maintain CPEs is to volunteer as a leader in cyber security organizations such as ISC2, OWASP, ISSA, etc. The time spent volunteering may be used towards CPEs.

    There is currently a protected page on ISC2 that addresses this under the Member Section:

    Hope that helps.


Post a Comment

Your email is never published nor shared. Required fields are marked *