Education

How I passed the CISSP in two months without formal infosec experience

Dylan Wolkins

6 min read

The goal of this article is to educate others on some of the resources that are available and how I was able to leverage them to successfully pass the Certified Information Systems Security Professional (CISSP) exam from ISC2.

My background

I started 2025 with no cybersecurity certifications. I did, however, have:

  • CompTIA A+
  • CompTIA Network+
  • CompTIA Server+
  • A basic homelab
  • Three and a half years of IT experience

I was going to school for my Masters in Business Administration (MBA) and had just started my Masters of Science in Cybersecurity Management (MSCM).

My Motivation

I knew that I would need to pick a certification for the capstone of the MSCM and I'd heard that most people did either the CompTIA Security+ or the CISSP. Someone had also mentioned that when they were working on their MSCM, they had a classmate get both the Security+ and the CISSP. They said that if you're able to do that, then you should.

In May, after completing one cybersecurity class, I felt ready to take the Security+. I did some basic studying with the help of ACI Learning as a refresher, then I took and subsequently passed the Security+ exam.

Having the Security+ opened up my capstone for the CISSP. During the first week of June, I talked to my program director and he agreed that I should pursue the CISSP to satisfy the capstone requirement for the MSCM. This gave me until the first week of December, six months, to complete the CISSP while still attending grad school and working a full time job.

Passing the Security+ waives a year of the experience requirement for the CISSP and I would easily be able to show four years of experience in the eight domains. Pretty much any IT experience will count in some way towards the CISSP. I was able to say that a desktop support role covered the Asset Security and Identity and Access Management (IAM) domains.

Studying

I was recommended the CISSP Study Guide from Syngress over the official ISC2 CISSP study guide, so I ordered the one from Syngress one instead. I also ordered the official ISC2 practice test book and a basic notebook.

I didn't end up using the study guide at all, so if you do use some of these other resources, you can probably skip buying the study guide.

I had access to ACI Learning's content, so I figured I'd start with their CISSP videos from 2024. The course was 39h 32m long, but I was able to watch most of that on 1.5x speed. I took notes as I went to make sure I was paying attention and able to learn some things. Note: it's possible to watch some of the sections at 2x speed and still keep up.

At first, I was going pretty slow through these videos, but I later realized that I was going too slow. I broke the episodes down into 45-minute study sessions, but they were only 45 minutes if the videos were playing at 1.5x speed. I set these up in an Excel spreadsheet with an example shown below.

Example of times for a CISSP study session

When I finally finished all of the videos through ACI Learning, I moved on to the practice tests from Sybex that are included with the Official ISC2 CISSP Practice Tests book. These are a fantastic online resource where you can target specific domains or practice full-length tests.

Practice Tests

For the practice tests, I did the following for each test:

  1. Took a practice test
  2. Read through the questions I got wrong
  3. Tried to understand why I got those questions wrong (there are explanations in the Sybex practice tests, but AI can also be helpful here)

Remember, you don't have to be perfect, just good enough to pass. These were my practice test scores:

Practice Test stats

The question of whether or not I passed a practice test is hard to say, because you need to pass in all eight domains in order to pass the exam. I based my assumption on ISC2's official passing grade of 700 out of 1000 points.

CISSP official exam information as of writing

Practice Questions

For the practice questions, I recommend the following:

  1. Run through some practice questions (I spent around 5-10 minutes per domain)
  2. See what domains you're struggling in
  3. Do additional targeted studying in those domains (I used this fantastic exam cram video from Pete Zerger)

I didn't complete all of the practice questions, but I did enough of them to know where I was struggling:

I built out a whole excel sheet for tracking what domains I needed to spend more time in:

Essentially, I was tracking my progress in each of the eight domains, making sure I was getting about 70% correct in each domain (I never actually made it there in all eight domains).

YouTube Videos

As mentioned in the Practice Questions section, Pete Zerger has an amazing video on YouTube that goes through all eight domains on the CISSP exam. Yes, like many other aspects of studying for the CISSP, I also tracked this in a spreadsheet:

Spreadsheet tracking of Pete Zerger's CISSP Exam Cram video

Also, throughout this entire two-month process, I would refer back to a video from a YouTuber who goes by the name, "Mad Hat." This video helped reassure me that this exam is a hard one and I'm doing great.

As I neared test day, I also found it super helpful to watch this video by Kelly Handerhan. It really helped calm my nerves and prepare me for the actual exam.

Test Day

Originally, I had my exam scheduled for three months after I started studying, but I decided to move it up a bit.

I did this for a few reasons:

  1. I felt ready
  2. I'd purchased the peace-of-mind bundle to have that extra attempt if I failed.
  3. This sooner date meant that I could take the exam between semesters and not worry about it while taking classes.

This was a very nerve-wracking testing experience. Everything seemed so much more serious than any other testing center that I've ever been to. They even did a palm scan.

After getting through all of the check-in procedures, I finally got to take the test.

At around question 30, I had a thought, "man, these questions are hard. I have no idea what the answers are." Most of the questions I'd been getting would be a paragraph long and each answer would be a full sentence or two. Sometimes multiple answers would sound correct. That is on purpose. ISC2 is trying to get you to answer questions incorrectly.

At 100 questions, my test stopped. I'd only been in the testing center for around an hour and 20 minutes. I was hopeful.

After being escorted out of the testing area and having my palm scanned again, they gave me my results. I had passed exactly two months to the day from when I started studying.

Now, of course you need to know what a lot of things are for this test, but in the end, the test is really testing how you think about the problems. It will through you questions where you don't know the answer. Take a deep breath and think it through.

Fun Stats

  • I took 139 pages of notes in a 6"x8" notebook.
  • It took ISC2 the full waiting period to get back to me, even though I had an endorsement.
  • ISC2 did not accept experience from a time when I was working a full time job and a part time job at the same time (you can only count up to 40 hours a week towards the experience requirement).

The ugly side of things

Passing the CISSP in two months while going to grad school, working full time, and having some major life events going on is not good for your health. I had doctors appointments during those two months where my blood pressure measured over 140/100 (very high and not good for you). I was in my mid-20's. That's not normal.

If you are able to learn things quickly and don't have a lot going on outside of work, passing the CISSP in two months is doable. But there are too many of us in this industry who are either on the verge of burnout or who are already burnt out to put your health aside for a certification. Your health comes first, the certifications can take a little extra time to complete. Slow progression > burnout.

I hope you found something useful in this article. Thank you for reading :)

Read more