Passed today. First try, 103 questions, 90 minutes left. I’m sitting on my couch, eating a kilo of ice cream with the kiddos buzzing around, still trying to process how this happened. I feel like I pulled off a massive fluke, and this post is, rather than a success story, a sort of postmortem. Please, DO NOT copy my “study” plan.
I began in June 2025, devising the Great Plan on how I would pass the CISSP, and didn’t hold up to it by any step. I bought a bunch of the stuff recommended here and wasted most of it. The Destination Certification book? I read half of chapter one. Peter Zerger’s Last Mile? Sat untouched on my drive. Thor Pedersen’s Udemy bootcamp? I made it through half of Domain 1 before shelving it.
So, how did I get here anyway?
First, Kelly Handerhan’s “Why you will pass the CISSP” 2026 video on YouTube. That mindset shift is the only reason I survived the exam logic. Opened LearnzApp, closed it, never went back. Downloaded the DestCert mobile app, took a bit of the tests, and checked maybe less than 5% of the flashcards. Closed it, too. I also fed a bunch of yt links into NotebookLM and listened to synthetic AI voices explain the domains to me like a podcast while doing the dishes, commuting to the office, or nervously pacing around. Dubious, maybe, but it kept the concepts in my head.
The real “studying” happened in my homelab. I have a rather heavy setup with online bareme(n)tals, VPSs scattered around the world, my own pile of Raspberries, NASs, managed switches, routers, and a custom internet connection from my ISP. Instead of reading about the OSI model or software security, I treated my lab like a corporate environment. I sat down with my AI assistant (shoutout to my digital “genia”) and we mapped out everything. We segregated “The Forge” (my dev environment) from testing and my production server, “hari”. We ran risk assessments on my deployments. When I decided to run Dockge instead of a standard enterprise tool, we did a cost benefit analysis and discussed risk appetite and defense in depth. We talked through BCDR and backups every time I built a new docker stack. I learned the domains by physically building them and breaking them down in the terminal.
But that path came with a massive cost. I was constantly guilting over not using the standard material, skipping the proper bootcamps due to costs, and dodging the practice exams. The anxiety of “not doing it right” hit my health hard. My sleep schedule was completely destroyed, my body was running on pure adrenaline, and the physical toll of the stress was overwhelming. I pushed my hardware to the near breaking point.
I got lucky. I applied the concepts to my daily hands on work and somehow it clicked perfectly when I sat in front of the screen. But boy oh boy, the exam felt so massively heavy. I was convinced every question I answered was incorrect and that I wasn’t prepared at all, because I didn’t do Quantum Exams. When the test suddenly stopped at 103 with 90 minutes left and the exit survey showed up, pure, raw depression kicked in. I was sure I bombed it. 20 minutes later, the proctor came looking for me. “Congrats, you passed”, she said with a BIG smile, and handed me a paper saying exactly that. I cried. Couldn’t stop sobbing, even after 15 minutes.
So teachers, tell your students, not do what I have done… /s
Find a study method that actually involves using the materials you buy. But if you are a hands on person, try applying the abstract management concepts to your own network. It might just save you when the exam throws those weird scenario questions at you.
Leave a Reply