CISSP CAT Exam Deep Dive: Study Tips from InfoSec Institute Alum Joe Wauson
Joe Wauson is a Cyber Operations Planner at the United States Air Force. Currently based out of Germany, Joe enrolled in InfoSec Institute’s live online Certified Information Systems Security Professional (CISSP) Boot Camp to help him prepare for the new CISSP CAT exam.
Time zone differences meant Joe’s class started in the afternoon and ended at midnight. We sat down with Joe to learn how InfoSec Institute’s fast-paced class kept him awake late into the night and got him ready to pass his CISSP exam on the first attempt.
Earn your CISSP, guaranteed!
Why Did You Decide to Earn Your CISSP?
My colleagues recommended I get CISSP certified. I work as a Cyber Operations Planner, where I work at the operational level, bridging the gap between strategic and tactical levels. I take strategic goals from leadership and translate them so staff at the tactical level — those who actually configure the servers — understand them. On the flipside, I also translate technical jargon from the tactical teams and communicate needs back to senior leadership.
Sitting the CISSP class and taking the exam helped me understand the managerial side of security much better. It showed me the best ways to communicate security best practices with leadership and express the importance of security from an operational perspective. Prior to class, I hadn’t thought about security much from a managerial standpoint. The course was both a good refresher on things I already knew, and also introduced security managerial topics I wasn’t familiar with.
Why Did You Pick InfoSec Institute as Your Training Provider?
InfoSec Institute was recommended to me by my coworkers. Two of them had taken the CISSP course with InfoSec in the past. That was enough for me. Getting military tuition assistance to pay for the course was also really simple.
Describe Your Online CISSP Boot Camp Experience.
I had some apprehension about taking an online training course. I earned my bachelor's online, and for the most part, online students were ignored during class.
This wasn’t the case in my CISSP boot camp. My instructor, Robert, was really good at making sure we were engaged. Everyone in the class introduced themselves — even the online students. Robert took time to tailor course content to people’s understanding. He made sure we all got what we needed and left class ready to pass the exam.
Class went from 8:00 a.m. to 5:00 p.m., with additional study groups available in the evening. I’m based in Germany, so class didn’t start for me until 3:00 p.m. and ran until midnight.
Thankfully, Robert was a really energetic speaker — almost like a security evangelist. He covered all the CISSP domains and explained how questions would be asked on the test. It was really easy to stay engaged.
What Was it Like to Take the New CISSP CAT Exam?
The test starts with questions from each CISSP domain. Questions then get more difficult until you start getting them wrong. You can expect to miss about half of the questions on the exam. If you pass, that means you missed really hard questions.
If the test starts with Domain 1 and you get all of those questions right, it will stop asking you questions about Domain 1 and move on to another domain. Once you get a few questions wrong, it will drill into that subject. It’s a nerve wracking test.
The exam will ask as many as 150 questions and as few as 100. Once you get to question 100, any question could be your last. Mine ended right at question 100. When I got to that point, I probably stared at the “Next” button for a good 30 seconds. I was reasonably sure I had failed.
Robert recommended we plan to finish the exam at 100 questions. His advice was to read each question three times and eliminate the worst answers, instead of focusing on finding the best answer first.
I spent about an hour and 40 minutes on the test. That’s about one minute per question. You can’t go back and change your answers, so it’s important you take your time.
What Types of Questions Did the Exam Ask?
A lot of the questions on the CISSP exam don’t have what a tech person would call a “right” answer. You have to pick the “best” answer from a managerial standpoint.
Robert did a good job explaining this concept in class. On a question about the best way to prevent data loss, for example, the best answer is to not collect any data at all. If you think about it like a technician, the best answer might be to use encryption.
Earning my Security+ certification was much easier. Questions were familiar and expected. The CISSP exam is on a whole different level. There’s something like 40,000 questions in the CISSP test bank. And with the CAT exam, no test is the same.
Did You Use Any Other Tools to Prepare for Your Exam?
I started studying for the CISSP exam about a week before my class started. In addition to the boot camp, I used the practice tests from InfoSec Institute and questions from SkillSet.
I took the exam a few days after class and passed.
Did Your Boot Camp Help You Pass the CISSP Exam?
The CISSP boot camp was important for two key reasons. It introduced me to aspects of information security I hadn’t been exposed to, and let me go deeper into some domains I wasn’t that familiar with. I’m in a planning position, so if you asked me how many bits are in a crypto key, I wouldn’t have known. My role is to determine when and where we need security, and someone else picks out the best tools and implements them. It was a great refresher course.
The review of exam question types was also essential. As Robert told us in class, the CISSP exam is a test for managers. If you’re already doing a CISSP job verbatim, you might not need the boot camp, but I don’t think there’s a lot of those people out there. Their skills are either really IT or managerial heavy. The CISSP boot camp will help you bridge that gap and marry the two skill sets together.
Do You Have Any Exam Preparation Tips for Other CISSP Candidates?
Once your exam begins, just take it question by question. As soon as the test starts, nothing matters but what you bring to the testing center that day. Take the test and do the best you can. If it goes terribly, remember why and do better next time.
Earn your CISSP, guaranteed!
Would You Recommend InfoSec Institute Training to Your Peers?
Yes, I would. Both my rep, Steven, and my instructor, Robert, were really good.
- Exam Pass Guarantee
- Live expert CISSP instruction
- CISSP exam voucher
In this Series
- CISSP CAT Exam Deep Dive: Study Tips from InfoSec Institute Alum Joe Wauson
- CISSP certification - The ultimate guide [updated 2021]
- The CISSP domains and CBK: An overview
- CISSP certification salary: A comprehensive 2024 salary guide
- Definition & types of access control models & methods (updated 2023)
- CISSP domain 4: Communications and network security — What you need to know for the exam [2022 update]
- CISSP domain 5: Identity and access management — What you need to know for the exam [Updated 2022]
- CISSP domain 7: Security operations — What you need to know for the exam [Updated 2022]
- CISSP domain 6: Security assessment and testing — What you need to know for the exam [Updated 2022]
- CISSP domain 8 overview: Software development security — What you need to know for the exam [Updated 2022]
- CISSP and DoD 8570/8140: What you need to know [Updated 2022]
- Top 10 CISSP interview questions [Updated 2022]
- CISSP domain 1: Security and risk management — What you need to know for the exam
- The ISC2 code of ethics: A binding requirement for certification
- The CISSP experience waiver [updated 2022]
- Earning CPE credits to maintain the CISSP
- Renewal requirements for the CISSP [updated 2022]
- CISSP computerized adaptive testing (CAT): 25 of your questions answered
- CISSP job outlook [updated 2022]
- CISSP resources: Books, practice exams and other study tools [updated 2022]
- CISSP exam questions: 5 drag & drop and hotspot questions
- Risk management concepts and the CISSP (Part 2) [Updated 2022]
- What is the CISSP-ISSAP? Information Systems Security Architecture Professional [updated 2021]
- Average ISSEP Salary in 2021
- Average ISSMP Salary [updated 2021]
- CISSP domain 3: Security engineering CISSP - What you need to know for the exam [2022 update]
- Understanding the CISSP exam schedule: Duration, format, scheduling and scoring [updated 2021]
- What is the CISSP-ISSEP? Information Systems Security Engineering Professional [updated 2021]
- Information and asset classification in the CISSP exam
- CISSP domain 2: Asset security - What you need to know for the Exam [updated 2021]
- 8 tips for CISSP exam success [updated 2021]
- Risk management concepts and the CISSP (part 1) [updated 2021]
- Average ISSAP Salary in 2021
- What is the CISSP-ISSMP? Information Security System Management Professional [updated 2021]
- CISSP concentrations (ISSAP, ISSMP & ISSEP) [updated 2021]
- Due care vs. due diligence and the CISSP
- CISSP prep: Security policies, standards, procedures and guidelines
- Vulnerability and patch management in the CISSP exam
- Data security controls and the CISSP exam
- Logging and monitoring: What you need to know for the CISSP
- Data and system ownership in the CISSP exam
- CISSP Prep: Mitigating access control attacks
- CISSP Domain 5 Refresh: Identity and Access Management
- Identity Governance and Administration (IGA) in IT Infrastructure of Today
- CISSP: Incident management
- CISSP: Business continuity planning and exercises
- CISSP: Perimeter defenses
- CISSP: Secure communication channels
- Environmental controls and the CISSP
- CISSP: Disaster recovery processes and plans
- Change management and the CISSP
