By: Ter Govang, CISSP, CPP, CCMP
Founder, Portcullis Modern Inc.
This photo is from a year ago when I bit the bullet and bought the CISSP Body of Knowledge. Six months later, I aced the exam. Since then, my inbox has been filled with folks asking how they can do the same, assuming I learned it all from scratch.
For me, the CISSP was a natural progression in my career. The concepts weren't new - they were principles and practices I'd been immersed in for two decades. My background made the exam feel more like a comprehensive review than a daunting challenge.
Early Career
With 20 years stemming from Trades & Technology, including 16 years in technical security, what most don’t know about my early years:
Configured computers in a Hewlett Packard call center back in the early 2000s
Designed and installed network infrastructure and servers, industrial controls, and integrated systems for almost two decades
Earned 100% in Programmable Logic Controllers during electrical trades training where I found hexadecimal and binary programming straightforward and exciting.
I don't do surface-level knowledge. My brain doesn't work that way. I learn by doing, by understanding the 'why' behind everything.
The Path to CISSP
After passing the ASIS Certified Protection Professional (CPP) exam in 2017, I wanted more. The CPP is great, but it's not technical. It prepares you for cybersecurity as well as the CISSP prepares you for physical security - which is to say, not really.
I'd been applying change management principles for a decade, watching them transform my projects and teams and decided to pursue the Certified Change Management Professional (CCMP) designation. In security, we often fixate on gadgets and systems, forgetting the human element. Change management is the missing piece - it's what makes or breaks projects, especially in our field.
The CCMP, based on a standard (which, as we know, standards are fundamental), formalized what I'd been practicing for years. It wasn't just about getting another certification; it was about validating a skill set that's woefully undervalued in our industry. This credential perfectly bridged the gap between technical expertise and the people-focused approach that's needed for successful security implementations and functional alignment.
So, when I decided to go for the CISSP, it wasn't about memorizing a textbook. It was about connecting the dots of my entire career. For six months, I dedicated my mornings to self- paced study. I turned every commute into a mobile session with an extended audiobook. Was it exciting? Not always. But it was necessary.
Finally, I tackled the CISSP. My approach:
Six months of dedicated morning self-paced study sessions
A 65-hour audiobook during commutes
Connecting the dots from my entire career
Advice for Aspiring CISSPs
To everyone reaching out for the secret to passing the CISSP overnight: there isn't one. You can't cram two decades of experience into a few weeks of study.
The CISSP isn't just another cert. It's a validation of years of hands-on work. It's about bringing together the technical, the tactical, and the strategic, something I've been doing my entire career.
If you're eyeing the CISSP, here's my advice: focus on gaining real-world experience. Dive deep into every aspect of security. Don't just learn the 'what' - understand the 'why' and the 'how'.
And remember, in this field, we never stop learning. Designations aren't the end goal - they're just milestones in an ever-evolving journey.
To those still looking for a shortcut: there isn't one. Put in the time, do the work, earn your stripes. That's how you pass the exam. That's how you succeed in security.
The question isn't just how to pass the CISSP - it's how to become the kind of professional the CISSP represents.
Are you ready for that journey?
Comments