๐ŸŽฏMost Actionable

CISSP - What I Learned

Mariana · 10:09 · 2024

careercertificationsleadership

Mariana shares her hard-won insights on the CISSP exam, revealing that it's fundamentally a management exam wearing technical clothing. She walks through her study strategies, favorite resources, and a custom practice question she designed just for Simply CyberCon attendees.

Open on YouTube โ†—

CISSP - What I Learned: Think Like a Manager, Not a Technician

Mariana delivers one of the more immediately useful talks at Simply CyberCon 2024, breaking down the CISSP exam in a way that could save aspiring certificate holders months of misguided study time. Her core message is clear: the CISSP is a management exam, and if you study it like a technical exam, you will struggle.

What Actually Makes the CISSP Hard

Mariana identifies two factors. First, the sheer volume of material โ€” the official study guide is over a thousand pages covering everything from business continuity planning to encryption to software development lifecycle. Second, and more critically, the format of the questions. The CISSP does not just test whether you know the material. It tests whether you can apply management best practices to complex scenarios.

While some describe the exam as "a mile wide and an inch deep," Mariana partially disagrees. The technical topics may be surface-level, but the management application questions are deeply specific about how they want you to answer.

The Manager Mindset

The most valuable insight: when answering CISSP questions, you must embody the mindset of a high-level manager balancing competing business objectives and security priorities. The questions are long, the answer choices are often a full sentence each, and the difference between options A and B can feel almost subjective. But once you understand that you are always answering as a manager โ€” considering budget constraints, policy requirements, and regulatory compliance โ€” the correct answer becomes clearer.

Mariana's custom Simply CyberCon practice question illustrates this perfectly. She asks: what is the ultimate purpose of Simply CyberCon? The plausible answers include networking, knowledge sharing, and fostering a supportive environment. But the CISSP answer is about driving cyber risk reduction by addressing the talent shortage. That is the strategic, management-level objective.

Study Strategy and Resources

Mariana is honest about her own mistakes. She studied the book thoroughly, highlighted everything, and expected to do well on practice questions. She did not. The practice questions revealed that knowing the material is not enough โ€” you need to understand how the exam frames questions.

Her top resource recommendations: Luke Ahmed's "Think Like a Manager" book and online question video subscription, and Prabh Nair's free YouTube videos that break down questions with detailed explanations of why each answer choice is right or wrong.

Her study advice: start practicing questions as early as possible. Read the question, read the answer choices, read the question again. Identify the competing business and security objectives. And do not get discouraged when practice questions are hard at first โ€” that is normal.

Who Should Watch

Anyone preparing for the CISSP. Anyone who has failed it and is not sure why. Anyone who is heavy on technical knowledge but has not yet made the mental shift to management-level thinking. This talk could save you significant time and frustration.