4 Month Journey to CISSP - 2025

So, I haven't posted much in the past four months. That’s because my head has been buried in a study guide while working toward ISC2's CISSP. I've completed quite a few certifications in the past—starting with entry-level ones and moving into some offensive security-specific certs—but this was going to be the first that covered what would become a recurring phrase over the next few months: the "Common Body of Knowledge" of cybersecurity.

I knew a few people who had already passed the CISSP, and I had bought the official study guide months ago, but I wasn’t really sure where to start. I quickly realized that I don’t do well in boot camps—eight hours of lectures a day and I completely zone out. So, I decided to go the self-paced route. One course that’s extremely popular is Destination Certification, which offers a full curriculum, an app, and its own study book.

Something I didn't realize when getting into studying for the CISSP is there is some danger in using too many resources. You'll find that everyone covers the content a little differently. This means you might encounter the same concept presented in multiple, sometimes conflicting, ways or being quizzed on content separate from what you studied. Whatever study guide you pick, I would suggest sticking with it and not jumping around.

Disclaimer: I go on in this article to talk a lot about Destination Certification because that is what I used; it worked for me. I'm not sponsored by them or anything. Just sharing my experience.

When I registered for my exam, I purchased the Peace of Mind voucher. For an additional $200, you get a second opportunity to take the exam if needed. As someone who has failed a few exams in the past, I thought this was a smart investment.

The Book

As I mentioned, I had already purchased the official study guide. It's over 1,000 pages long, full of dry content and dense blocks of text. Don’t get me wrong—this book is perfect for some people. It includes knowledge assessments, covers everything thoroughly, and is just waiting for you to power through all 1,000+ pages.

Instead, I recommend Destination Certification: A Concise Guide, which is only 532 pages. You can purchase this book separately from the course and still be just fine.

The Course

The course costs $1,500 for the Essentials package and just under $2,000 if you include peer mentoring. Honestly, it’s not cheap. In the world of professional cybersecurity, sure, it’s reasonable—but not everyone is fortunate enough to have a company foot the bill. So what do you get for $1,500?

I chose the Essentials package, as I have pretty good discipline and knew I could hold myself accountable.

The course is video-based and on-demand. Each video is typically around 15 minutes, and with each section containing 30–70 videos. They also provide a schedule to help you track your progress based on your target exam date. I found this to be the best way to stay on pace. For most people, the course takes about three months to complete (though they offer a two-week intensive option as well).

There’s also a workbook with fill-in-the-blank exercises for each video. I believe the intention is to keep you focused and engaged as you move through the course. Instead of printing it out and filling it in by hand, I used PDFgear to edit the PDFs on my computer. However, once I finished the course, I never went back to review the workbook. I wish they offered a completed version—mine ended up too messy to follow.

In addition to the videos, each section includes knowledge checks. The course also tells you when to incorporate other resources, like the Mind Maps and the app, which I’ll cover next.

The App

The Destination Certification app is free. You can download it to your phone and start reviewing questions and flashcards right now. About a month before my exam, they added 1,700 new questions. There are also 1,300 flashcards available.

I used the flashcards in a somewhat unconventional way: I read each one out loud into Google Docs, creating a single document with all the content. Then I used a text-to-speech tool to convert that document into MP3s, which I played while reviewing the cards in the app. I’m not sure whether the benefit came from the text-to-speech or from reading everything aloud to myself—but it worked.

The practice questions are high-quality. They force you to think critically and focus on keywords—exactly the kind of mindset you need for the exam. But it’s exhausting. With about 1,600 questions total, and roughly an hour needed per 50 questions, I worked on them whenever I could. In the final month before the test, I completed about 80% of the questions.

At first, I only answered questions I hadn’t seen before. Eventually, I got to a point where I had 68% correct, 12% incorrect, and the rest unanswered. One week before the exam, I shifted strategies and only focused on questions I had previously answered incorrectly. By exam day, I had reduced my incorrect answers to just 5%.

The Mind Maps

Another free resource Destination Certification offers is their Mind Map videos. These videos group content together at a high level to help reinforce key concepts and provide a bird’s-eye view of each domain.

I watched each video three times: once after completing the corresponding section, again after finishing the full course, and a third time during my final review as I re-read the book. Each day I sat down and went through one chapter. By the third viewing, I could confidently explain every concept.

The Exam

About 24 hours before the exam, I stopped studying completely. I relaxed, spent time with my wife, and went to bed early—even though my exam was scheduled for 2 PM the next day.

The Pearson testing center was an hour away, so I left two hours early after making sure I had my two forms of ID. On the drive, I listened to a YouTube video called "50 Hard CISSP Questions", which is about an hour and a half long—perfect for the trip.

The staff at the test center were very friendly. I completed the check-in process and was taken in early to begin. When you first sit down and start answering questions, the nerves definitely kick in. But it’s important to remember that you have plenty of time. Read each question slowly, understand what it’s asking, and don’t rush.

I got through 80 questions with about an hour left. Since I didn’t know how many total questions I’d need to answer, I raised my hand to take a short bathroom break. That reset helped me return with a fresh mind for the final stretch. I answered 20 more questions—and the test ended.

After the longest five minutes of my life, I was escorted back to the registration desk. The world’s slowest printer finally produced my results. The staff member folded the paper in half, handed it to me, and there it was—I passed.

Can I Do It?

So, you're probably reading this because you're considering taking the CISSP.

To take the CISSP, you need five years of relevant work experience. I had 4.5 years as a penetration tester, but my college degree satisfied the final year. That five-year requirement isn’t just gatekeeping—there’s a lot of content to study, and it definitely helps to already have hands-on knowledge. Between my work and previous certifications, I was solid in at least two domains going in.

If you have that experience, then yes—you can absolutely do it. If you have the funds, I highly recommend purchasing the Destination Certification course. It provides the structure, resources, and community support you need to pass. If the cost is a barrier, you’ll just need to be more disciplined and make sure you thoroughly understand the book. Thankfully, the app and Mind Maps are free and still extremely valuable.

Absolutely—you’ve got this. Set a timeline, download the app, buy the book, and get started. In just a few months, you too can experience the world’s slowest printer—and read the long-awaited word: “Congratulations.”