This time, I will not talk about any interesting cybersecurity topics. This post is dedicated to people preparing for the CISSP or similar exams from ISC2.

I just passed the exam, and I am excited to share my insights with you! This time, I won’t go into much detail, but don’t worry, I will cover everything in the upcoming weeks and months.

If you have been following me for a while, you know that my goal was to pass the CISSP exam, and I documented my journey from the beginning. I must say it wasn’t how I imagined it.

My CISSP Journey Begins – Why I’m Doing This and What You Can Expect

Erich Winkler

·

June 26, 2025

Read full story

I thought that after getting a master’s degree in Cybersecurity, I would be better prepared for the exam. However, the number of topics you must cover for the exam is enormous.

That’s why you need to be efficient in your efforts. The goal of the exam is to test you on all kinds of topics and try to confuse you as much as possible to verify that you know what you’re doing.

First, let me tell you what resources I found the most useful for the CISSP exam:

1. All-in-One CISSP (Shon Harris & Fernando Maymi): A huge book, but an excellent reference when diving deep into specific topics.
   

2. CISSP Official Practice Tests by David Seidl & Mike Chapple: The best practice questions I found. I’d strongly suggest aiming for 90%+ on all sets before exam day.
   

3. LearnZapp: A simple app with practice questions. Not as good as the official ones, but it definitely helped me identify a couple of weak spots. Worth trying!
   

4. Destination Certification Inc. Mindmaps: A clear overview of all domains. I discovered them late, I’d actually suggest starting with these!
   

5. CISSP Last Mile by Pete Zerger, vCISO, CISSP: One of the best materials I’ve found. It was a real lifesaver a week before the exam! So was his YouTube channel!

If you Google these resources, you find out that the All-In-One-CISSP book has nearly 1,500 pages. I admit that it can be a little scary in the beginning.

With that being said, DO NOT START with reading the whole book! That would probably be a waste of time. I started reading the book, and I have to admit, I didn’t remember much after that.

BUT, that doesn’t mean the book is useless. It’s the most accurate source of information you have, and that’s more valuable than you might realize now.

Learning process

Let’s walk through the process from the very beginning.

Step 1: High-level overview

Start with the Destination Certification Mindmaps.

They won’t tell you everything, not even close, but they give you a clear high-level overview. O

nce you go through all the videos, you’ll realize how much there is to learn, and it will force you to start strategizing.

Step 2: Deep dive

The CISSP exam is mostly managerial, but some domains are more technical. To save you hours of research, here’s the key: focus on Domain 4: Communication and Network Security and Domain 5: Identity and Access Management (IAM).

Make sure you understand the technical reasoning behind each solution in your study materials.

This is where the All-In-One CISSP book comes in, go through these domains thoroughly and grasp all topics from a technical perspective.

There are no shortcuts here.

Exam questions in these domains get very technical, and you won’t answer them correctly if you only remember the “high-level” concepts.

Step 3: Time for practice questions

Now it’s time to test yourself, to see what you already know and uncover what you don’t. Go through the practice questions in CISSP Official Practice Tests and make notes as you go.

The goal isn’t to ace every question, it’s to spot your weak areas. You’ll likely discover topics you didn’t even realize were part of the exam. When you do, use the All-In-One CISSP as your reference to fill in the gaps.

Step 4: Time to put it all together

Okay, great! You went through all of the domains now. And you are getting more and more confident, right?

Well.

To be honest, at this point, I was probably the most confused. I was mixing all of the terms, I wasn’t sure how it is all connected together, and I didn’t know what to do.

Don’t worry, if you feel the same, it’s completely normal.

And I actually found something that will really help you to put it all together.

It’s a YouTube playlist, CISSP Exam Cram 2025 by Inside Cloud and Security, and CISSP Last Mile by Pete Zerger, vCISO, CISSP.

And trust me, it’s worth it to watch it now rather than in the beginning. Because now you know many of the terms, and these videos will help you to understand the relationships between terms.

Step 5: Understand the mindset

Make sure you know this! The exam often gives you a question and 4 good answers.

You’re supposed to choose the BEST answer.

When this happens, make sure you think as a manager.

Have that in mind, and make sure you choose secure, cost-effective decisions that will be most beneficial for the business and, most importantly, for the privacy and safety of people.

Preparing for the CISSP exam?

Let me help you put all the pieces of the CISSP exam puzzle together.

If you want a structured way to master Domain 1 of the CISSP exam, I’ve created something for you.

My CISSP Domain 1 Checklist provides clarity and focus on everything that truly matters for the exam and real-world practice.

➡️ Download it here and stop wasting time on scattered study materials.

Study tips

• Set a recurring study schedule. Make it non-negotiable.

• Use diagrams and analogies for better understanding

• Don’t rely on motivation. Rely on your system.

• Build a glossary of key terms.

• Practice questions and review notes during short breaks and commutes

Conclusion

I just passed the exam, and I’m still processing it! This definitely isn’t the last time you’ll hear about CISSP here. I’ll continue covering cybersecurity topics in this newsletter.

I’ve prepared plenty of diagrams and study materials while studying, and I can’t wait to share them with you.

If you’re interested in the CISSP exam, drop a comment below!

Leave a comment

And if not, don’t worry, I’ll keep sharing cybersecurity insights as before.