CISSP Certification Exam: Training vs. Self-Study

Written by Mark Hillyard

One of the best ways to get ahead in the world of cybersecurity is to become a CISSP: a Certified Information Systems Security Professional. Those who pass the CISSP exam will come away with valuable skills, and the ability to design, build, and manage their own cybersecurity program.

Aimed at those with several years of solid experience in the security sector, generally in a senior role, the CISSP qualification comes with a whole host of benefits – including satisfying various leadership levels of DoD 8570 training requirements. On top of that, they’ll become a member of (ISC)², considered to be the world’s largest IT security organization.

That comes with all kinds of advantages. For example, CISSP professionals earn on average 25% more than those without the certification. It’s a universally recognized qualification and will open up a slew of prestigious job opportunities.

These rewards don’t come easy, though. To pass the CISSP exam, you’ll need a score of 70% or higher, or 700 points out of 1,000. In a test that covers a broad range of topics and modules, this feat will not be a walk in the park.

Cybersecurity is never going out of fashion, and gaining new skills in this area is always going to be a wise investment. But is it worth taking part in training, or can you go it alone and pass the exam with nothing more than self-study?

The answer lies somewhere in the middle, but it’s important to take a quick look at the pros and cons of each approach.

First up, is it possible to pass the exam with nothing more than your own hard work?

Self-Study for the CISSP Exam

CISSP study is difficult, but if you’re a hard worker, highly experienced in the cybersecurity industry, and extremely self-motivated you might be tempted to go it alone. Let’s dive into the arguments for and against this:

The Pros:

  • You’ll save money in the short-term. However, in the long-term this might not necessarily be true. Just taking the CISSP exam costs $699, so going in without full preparation could result in the need for an expensive re-take.
  • When you self-study, there’s no time limit. So you can get far more work done than if you limit yourself to group sessions and organized course work.

The Cons:

  • There’ll be a lot of rigorous studying involved. Doing everything yourself is hard and will demand long hours of grueling work.
  • It will be tough to stay motivated. The CISSP exam is diverse, and while you might find many of the modules fascinating, some will simply not be your strong point. You’ll likely find some aspects uninspiring and exhausting, and self-motivating will be tough.
  • Even the best cybersecurity professionals are only one person. Without a network of experienced people to reach out to for help, advice, and practice, studying can become even harder and more isolating.

Taking a Course

If you decide to take a course or bootcamp, you’re in luck. There are lots of great courses out there for the CISSP, and this approach has a number of advantages over pure self-study.

Let’s take a look at the pros and cons:

The Pros:

  • Group study brings support from people who are experienced in the CISSP, a community of others to work with and learn from, and an environment geared towards helping you.
  • Working with others can help you identify your weaknesses and highlight areas to improve, something that’s hard to do alone. It brings a ‘fresh pair of eyes’ and external motivation.
  • You get all the resources of the course and the group, not just your own.
  • Doing a course allows you to focus more. Instead of having to shuffle things around every day to find time to study, you can free up a block of your life and dedicate it fully to the course.

The Cons:

  • With a course, you only get so many in-person contact hours. Relying solely on this time to pass the exam may leave you underprepared, so it’s important to work in some solo practice too.

Ultimately, the best approach is a mix. Study entirely alone and you may well end up burnt out, overwhelmed, and missing out on a lot of valuable information. On the other hand, you can’t rely on a course for everything, and you’ll still need to do some study on your own.

A course, however, offers so many advantages and benefits that it’s hard to argue against. If you decide that a structured course is what you’re looking for, try the Beyond20 5-day CISSP Boot Camp; it’s a powerful weapon in your quest to become a CISSP.

Originally published February 02 2019, updated December 12 2019