InfoSec Institute alum Gil Owens is a Cyber Systems Engineer at Peraton. Gil, a military-trained counterterrorism analyst, transitioned into a defense contractor role six years ago where he focuses on cyber defense and threat management. He’s earned his Network+, Security+, CEH, CCNA and CISSP certifications, and is preparing to take his CASP with InfoSec Institute this month.

With help from InfoSec Institute’s Certified Information Systems Security Professional (CISSP) Boot Camp, Gil passed his CISSP exam on his first attempt. In this Q&A, Gil shares his experience as an InfoSec student and offers tips to help others prepare for one of the toughest certification exams in the industry.

Why Did You Pursue CISSP Certification?

Before my security role, I was a military-trained counterterrorism analyst. The military managed my training and certification prep for this position. I went straight into Network+ and followed with Security+, CEH and CCNA. I took the CISSP training after my role changed from a military, operational position to an intelligence-based contractor role with Peraton.

What Do You Look for In Training Vendors?

I was looking for a partner who would meet my needs and was well-reviewed by other students. Before contacting InfoSec Institute about the CISSP course, I asked my friends and colleagues for training recommendations. Several recommended I look at InfoSec Institute.

My schedule isn’t always predictable, which can make scheduling training difficult. I needed a vendor who provided both in-person and online training options. I’ve had issues rescheduling courses with other vendors in the past, so finding a flexible vendor was important. That’s one of the things I appreciated about my InfoSec Institute rep, Brian. I changed my training date several times and he was really accommodating.

How Was Training With InfoSec Different From Your Other Experiences?

My experience with InfoSec Institute was positive from start to finish. I’ve worked with about four other training vendors and have had challenges each time. InfoSec Institute offered many more course scheduling options, and changing from in-person to online format was easy. The customer support, training materials and practice exams were all first rate.

InfoSec Institute’s instructors were another big differentiator for me. Not everyone can be a trainer — if the instructor doesn’t have the right personality or engage with students, it becomes a self-study situation. There are so many resources online now — it’s easy to find videos and practice exams. The major benefit you get from paid training is the insight you gain from the instructor. I got this from InfoSec Institute, but not the other vendors I worked with.

Tell Me More About Your InfoSec Institute Instructor.

My instructor, Robert, was fantastic. He shared stories from the trenches and brought the course material to life. The course covered a ton of material, and his approach helped keep it light. Robert inserted jokes when appropriate and invited us to share our own experiences with the group to keep class interesting and real.

I could tell he was an experienced instructor. He mentioned in class he’s taught the CISSP course over 40 times and it showed. It’s clearly something he really enjoys and is good at.

What Was it Like to Take an InfoSec Institute CISSP Boot Camp Online?

I originally planned to attend the in-person CISSP training, but had to switch to the online format because my schedule changed. The online course was good — I don’t feel I missed out on anything from not being on site during the training.

During class, we used a group email to bounce questions and ideas off each other. We also used the chat feature to send messages back and forth during lecture.

After class each day, about half of us stayed signed in for study group. We’d spend about 30 minutes discussing key points and helping each other with challenging topics like cryptography. We’d go over the material together and think of different ways to look at it, different ways to remember things. Those of us with more knowledge or experience with a concept would lend that expertise to the group as whole.

We were all part of the same struggle. We exchanged study tips and shared additional resources help others through tough domains. Everyone comes in with different levels of experience. Knowledge levels are different, degrees of understanding are different. Having the networking element as part of the class enhances the learning experience.

What Was it Like Taking the New CISSP Computer Adaptive Testing (CAT) Exam?

The new CAT format is designed to hone in on your weaknesses. A single question can touch on multiple domains, so a broad level of understanding is important. The test first baselines your knowledge of all eight domains, and then adapts the remaining questions to drill down into your weakness. At question 100, the test ends if you have a passing score, but can include as many as 150 questions. That means everyone’s test is unique.

For the test itself, I followed the instructor’s guidance to:

  • Break each question into parts
  • Look for keywords, such as MOST, BEST, NOT or LEAST to determine what is being asked, then read the question again
  • Review each answer for errors and inconsistencies, rather than focusing on correctness

These test taking tips can really make the difference between a successful or unsuccessful outcome.

I think the common theme from people who don’t pass the CISSP is they tested before they were ready. They knew they were weak in some domains, and then got a bunch of questions on those domains they weren’t prepared to answer.

Questions on the exam put you into a scenario where you need knowledge of several domains and how they relate to each other. Often there are several right answers, but you need to pick the answer that is most correct. It requires a deeper level of understanding — not just memorization.

Did You Study Outside of Class?

After the 30-minute class study group, I would take a break and then study for an additional two hours each night. Some people take the CISSP without investing a ton of time to get a feel for what the test is like, with the intent of passing it the second time around. I didn’t look at it that way — failing wasn’t an option for me. I wanted to do what I needed to do to pass the first time.

I gave myself two more weeks after class to prepare and studied for two additional hours each day. There’s so much material in the CISSP domains. The test recognizes your weaknesses and drills down into those weaknesses. I didn’t want to have any weaknesses going into the exam.

I didn’t have any apprehension going into the test — I felt like I was ready, and passed the CAT in 100 questions.

What Other Resources Did You Use to Prepare?

I used everything. That’s how you break up the exam-prep monotony. If you use the same materials to prepare each day, you’ll get burnt out. Some days, I spent an hour reading notes from class, and the other hour going through practice questions. In some cases, I’d do practice questions for two hours straight. Other times I’d spend the entire time reading over materials. I even had some colleagues quiz me — hearing the questions and reciting my answers out loud was helpful.

I spent quite a bit of time replaying recordings from the Boot Camp. This was one of the things that drew me to InfoSec Institute — the ability to replay recordings of class after the course ended. I found this extremely helpful and cannot emphasize this enough.

I also liked the timed practice exams I got with the course. This was really helpful because the actual exam is timed. On the CISSP CAT exam, you can’t go back and change your answers. The practice exam helped me master the ability to read questions, process the information and select the right answer quickly.

I also watched quite a few videos online. Hearing different people explain things differently can really help. Some are better than others, but the different perspectives help.

Would You Recommend InfoSec Institute to Your Peers?

Yes, I would — I already have.