🔧 How I Passed CISSP in 3 Months as a Complete Security Beginner
Nachrichtenbereich: 🔧 Programmierung
🔗 Quelle: dev.to
📖 Introduction
I passed the CISSP exam on February 20, 2025!
This post summarizes how I, a fresh graduate with no security experience, studied for and passed the CISSP exam.
When I was preparing, I relied on many study experiences shared online. However, no one followed exactly the same method I used, so I hope my story will help someone out there.
Intended Audience
- Anyone preparing for the CISSP exam
- People thinking they need more work experience before attempting CISSP
⚠️ Disclaimer:
This article doesn’t guarantee passing the exam — it’s just my personal journey!
🔍 What is CISSP?
CISSP stands for Certified Information Systems Security Professional, a globally recognized cybersecurity certification offered by ISC2.
CISSP certifies professionals who deeply understand the "ISC2 CISSP CBK" (Common Body of Knowledge) — often called the "common language of security."
More official details: ISC2 Japan (Japanese site)
👤 About Me
| Item | Details |
|---|---|
| Occupation | 1st-year fresh graduate (Security Technical Pre-sales) |
| Academic Background | Mechanical Engineering major (researched human tongue movement in medical engineering) |
| Other Exams | Failed the Japanese Applied Information Technology Engineer Exam (IPA) in Fall 2024 (Score: 55%) |
📝 Note:
The "Applied Information Technology Engineer Exam" is a nationally recognized IT exam in Japan that tests intermediate to advanced knowledge across IT fields.
Failing it before taking CISSP was a major blow to my confidence!
⏰ Study Timeline & Materials
Timeline & Study Hours
| Item | Details |
|---|---|
| Study Period | 3 months |
| Total Study Time | ~157.5 hours (avg. ~1 hour 45 min per day) |
| Study Coverage | 3 rounds of official domain questions + 2 rounds of mock exams + reading two supplementary books |
📚 Materials Used
🛠️ 1. Official Practice Questions (Kindle Edition)
Main resource for familiarizing myself with CISSP question formats.
Almost every successful study story I found mentioned this book. (Essential!)
👉 Official Practice Book (Amazon)
🛠️ 2. CISSP Study Notes (Japanese Resource)
A comprehensive free blog that organizes CISSP knowledge.
First place I checked whenever reviewing unknown concepts.
📝 Note:
This site is in Japanese, but extremely valuable even if you translate it.
I treated it as: "If it's here and I don't know it, it's my fault."
🛠️ 3. A History of Security Failures (Japanese Book)
A history book explaining why security technologies and organizations emerged.
📚 Japanese book — great for naturally absorbing background knowledge about security technologies.
Highly useful for contextualizing the otherwise dry acronyms found in CISSP questions.
🛠️ 4. Introduction to Cryptography - Alice in Secretland (Japanese Book)
Structured explanation of cryptographic basics.
📚 Japanese book — an excellent reference for solidifying cryptography fundamentals.
🚀 Study Strategy
Here’s how I structured my learning:
After solving questions:
→ Review via CISSP Notes → Search online → Discuss with Copilot/ChatGPT.
Focus during review:
- What problem does this tech solve?
- Where is this tech used daily?
- Visualize it with image searches.
📋 Step-by-Step Breakdown
Step 1: Take Mock Exam 1
- Goal: Understand the exam scope and self-assess.
- Feeling: Total confusion. (Score: 52.67%)
Step 2: Solve All Domain Questions (First Round)
- Goal: Cover the breadth of the material.
- Feeling: Blind guessing. Took forever to review unknown terms.
Step 3: Systematic Input via CISSP Study Notes
- Goal: Organize scattered knowledge into a structured map.
- Feeling: Like finishing the frame of a messy jigsaw puzzle.
🔥 Tip:
I printed the notes and added my own comments to them — a huge help later!
Step 4: Solve All Domain Questions (Second Round)
- Goal: Eliminate unknown terms.
- Feeling: Finally "participating" instead of random guessing.
Step 5: Create a Knowledge Map
- Goal: Visualize relationships between terms and identify weaknesses.
- Feeling: Super fun — like playing a giant word association game!
👉 Example:
Step 6: Focus on Low-Scoring Domains (Third Round)
- Goal: Push all domains above 90% accuracy.
- Feeling: Knowledge connections naturally surfaced during questions.
Step 7: Take Mock Exams 1–4 (First Round)
- Goal: Find weak areas.
- Feeling: Still lots of gaps, but could eliminate wrong choices logically.
🔥 Tip:
Always have a reason for choosing each answer — even if it's a wild guess!
Step 8: Take Mock Exams 1–4 (Second Round)
- Goal: Solidify 90%+ scores and gain confidence.
- Feeling: Better conceptual grasp — recognizing patterns among options.
📊 Progress Over Time
Domain Score Progress
Mock Exam Scores
Domain Growth Charts
First Round
Second Round
Third Round
🎯 Exam Day Feelings
- I guessed the answer mentally before checking choices.
- It was extremely tough, but I felt I could "fight" with what I had prepared.
📝 Conclusion
- CISSP is a great opportunity to grasp the big picture of cybersecurity quickly.
- Even beginners can challenge it — just flipping through a CISSP book is already great learning.
- Creating a Knowledge Map was my most effective method to pass.