Joe Wauson is a Cyber Operations Planner at the United States Air Force. Currently based out of Germany, Joe enrolled in InfoSec Institute’s live online Certified Information Systems Security Professional (CISSP) Boot Camp to help him prepare for the new CISSP CAT exam.

Time zone differences meant Joe’s class started in the afternoon and ended at midnight. We sat down with Joe to learn how InfoSec Institute’s fast-paced class kept him awake late into the night and got him ready to pass his CISSP exam on the first attempt.

Why Did You Decide to Earn Your CISSP?

My colleagues recommended I get CISSP certified. I work as a Cyber Operations Planner, where I work at the operational level, bridging the gap between strategic and tactical levels. I take strategic goals from leadership and translate them so staff at the tactical level — those who actually configure the servers — understand them. On the flipside, I also translate technical jargon from the tactical teams and communicate needs back to senior leadership.

Sitting the CISSP class and taking the exam helped me understand the managerial side of security much better. It showed me the best ways to communicate security best practices with leadership and express the importance of security from an operational perspective. Prior to class, I hadn’t thought about security much from a managerial standpoint. The course was both a good refresher on things I already knew, and also introduced security managerial topics I wasn’t familiar with.

Why Did You Pick InfoSec Institute as Your Training Provider?

InfoSec Institute was recommended to me by my coworkers. Two of them had taken the CISSP course with InfoSec in the past. That was enough for me. Getting military tuition assistance to pay for the course was also really simple.

Describe Your Online CISSP Boot Camp Experience.

I had some apprehension about taking an online training course. I earned my bachelor’s online, and for the most part, online students were ignored during class.  

This wasn’t the case in my CISSP boot camp. My instructor, Robert, was really good at making sure we were engaged. Everyone in the class introduced themselves — even the online students. Robert took time to tailor course content to people’s understanding. He made sure we all got what we needed and left class ready to pass the exam.

Class went from 8:00 a.m. to 5:00 p.m., with additional study groups available in the evening. I’m based in Germany, so class didn’t start for me until 3:00 p.m. and ran until midnight.

Thankfully, Robert was a really energetic speaker — almost like a security evangelist. He covered all the CISSP domains and explained how questions would be asked on the test. It was really easy to stay engaged.

What Was it Like to Take the New CISSP CAT Exam?

The test starts with questions from each CISSP domain. Questions then get more difficult until you start getting them wrong. You can expect to miss about half of the questions on the exam. If you pass, that means you missed really hard questions.

If the test starts with Domain 1 and you get all of those questions right, it will stop asking you questions about Domain 1 and move on to another domain. Once you get a few questions wrong, it will drill into that subject. It’s a nerve wracking test.

The exam will ask as many as 150 questions and as few as 100. Once you get to question 100, any question could be your last. Mine ended right at question 100. When I got to that point, I probably stared at the “Next” button for a good 30 seconds. I was reasonably sure I had failed.

Robert recommended we plan to finish the exam at 100 questions. His advice was to read each question three times and eliminate the worst answers, instead of focusing on finding the best answer first.

I spent about an hour and 40 minutes on the test. That’s about one minute per question. You can’t go back and change your answers, so it’s important you take your time.

What Types of Questions Did the Exam Ask?

A lot of the questions on the CISSP exam don’t have what a tech person would call a “right” answer. You have to pick the “best” answer from a managerial standpoint.

Robert did a good job explaining this concept in class. On a question about the best way to prevent data loss, for example, the best answer is to not collect any data at all. If you think about it like a technician, the best answer might be to use encryption.

Earning my Security+ certification was much easier. Questions were familiar and expected. The CISSP exam is on a whole different level. There’s something like 40,000 questions in the CISSP test bank. And with the CAT exam, no test is the same.

Did You Use Any Other Tools to Prepare for Your Exam?

I started studying for the CISSP exam about a week before my class started. In addition to the boot camp, I used the practice tests from InfoSec Institute and questions from SkillSet.

I took the exam a few days after class and passed.

Did Your Boot Camp Help You Pass the CISSP Exam?

The CISSP boot camp was important for two key reasons. It introduced me to aspects of information security I hadn’t been exposed to, and let me go deeper into some domains I wasn’t that familiar with. I’m in a planning position, so if you asked me how many bits are in a crypto key, I wouldn’t have known. My role is to determine when and where we need security, and someone else picks out the best tools and implements them. It was a great refresher course.

The review of exam question types was also essential. As Robert told us in class, the CISSP exam is a test for managers. If you’re already doing a CISSP job verbatim, you might not need the boot camp, but I don’t think there’s a lot of those people out there. Their skills are either really IT or managerial heavy. The CISSP boot camp will help you bridge that gap and marry the two skill sets together.

Do You Have Any Exam Preparation Tips for Other CISSP Candidates?

Once your exam begins, just take it question by question. As soon as the test starts, nothing matters but what you bring to the testing center that day. Take the test and do the best you can. If it goes terribly, remember why and do better next time.

Would You Recommend InfoSec Institute Training to Your Peers?

Yes, I would. Both my rep, Steven, and my instructor, Robert, were really good.