9 Keys to Choosing the Best CISSP Training
Avoid Lame and Boring CISSP Training
You’re here most likely because you need or want to pass the CISSP certification exam. How do you decide which CISSP training will best enable you to pass the CISSP certification exam? This guide covers 9 key points to consider before selecting a CISSP training provider.
#1 Self-Study or CISSP training?
The first point you should consider is do you even need CISSP training? To get the CISSP certification, you are not required to take CISSP training. You can totally study on your own. This is certainly the cheapest alternative. Self-study can be more time-consuming and less effective though. You need to be manage your time well, stay focused, and have a plan.
Action Item: Decide if you need to take CISSP training. Even if you take CISSP training, you need to augment it with study on your own.
#2 Online vs In-Person
There are really 3 main options for CISSP training – 1. In-Person, 2. Live Online, and 3. Online. The best option is typically In-Person where you have face-to-face interaction with the trainer and fellow students. Plus, In-Person gets you away from your home or work environment, where you can purely focus on the material.
The next best alternative is Live Online – this is where you remotely attend a live course. With a Live Online course, you can interact with the trainer and fellow students via audio, chat, and often video. You can see slides, see the trainer on video, and sometimes even record the sessions.
If you have difficulty setting and sticking with a study schedule, In-Person and Live Online are good alternatives, because they set the schedule for you 🙂
Online is the next option. Online is also known as “self-paced” or “asynchronous”. This is basically self-study, but with videos and online materials. It’s up to you to schedule the time into your day to watch the online videos, do the exercises, etc. Unlike In-Person and Live Online, there’s no real-time interaction.
Action Item: Decide what CISSP training delivery option will work best for you.
#3 Exam Pass Guarantees
There’s really no such thing as a guarantee you will pass – passing the CISSP exam is on you – it’s your responsibility. Many CISSP training providers use the term “Exam Pass Guarantee” to describe their CISSP program designed to increase the probability of you passing the CISSP exam. An Exam Pass Guarantee may mean any of the following:
Free retakes of CISSP training, before or after you take the CISSP exam
Discounted or Free (Included) CISSP retake vouchers
One-on-one training sessions
Action Item: Inquire with the CISSP training provider to see if they have an exam pass guarantee or a similar program. Find out what is included.
#4 CISSP Pass Rates
Many CISSP training providers advertise high pass rates, such as we have a “99.9% CISSP Certification Exam Pass Rate!”. This may entice you to consider that CISSP training provider, but their pass rate is really just an estimate. There is no real way for a CISSP training provider to know their pass rate. A person that takes CISSP training is not obligated to share their exam results with the training provider. And, the training provider does not have visibility into exam results. This would be a violation of privacy, confidentiality, etc.
Action Item: Inquire about CISSP pass rates to see what the CISSP training provider says. If they BS you, consider going elsewhere.
I use the term investment because there’s a tendency to ask how much does it “cost” when registering for CISSP training. People typically view everything as a “cost”. A mindset shift is often required when making decisions about spending time and money. You should ask yourself, is this a “cost” or “investment”? A cost will not provide any long-term benefit. An investment will provide a return. Let’s give a quick example with the CISSP Certification:
Current Salary before CISSP: $50,000
CISSP Training Investment: $3000
Passed the CISSP Exam: Yes
New Job Salary / Promotion after CISSP: $55,000
ROI (Return on Investment) Time-frame: 7.5 months until you break even, after 7.5 months you will make $415 more per month.
Expect to pay from $1500 – $5000 for CISSP training. The amounts vary so much due to a number of factors, such as what’s included (exam fees, materials, resits, practice exams, etc.), instructor quality, training facility amenities, travel, etc.
Action Item: Determine the amount you are willing to invest in yourself for CISSP training. Find out what type of pay increase or job change you can make when you get the CISSP. It may not be about the money for you, but about flexibility and gaining leverage and options to quit a crappy job.
Google Review example. Search Google for the CISSP training provider’s name.
Check reviews for the organization. Reviews of the instructors, reviews of the company, etc. A company may make up reviews on their website, so check independent sources as well. You can check for legit reviews on Google, Facebook, the Better Business Bureau, etc.
Action Item: Check out reviews on Google, Facebook, and other sites.
#7 What’s Included
Be sure to check what’s included with the CISSP training. Some organizations include the CISSP exam voucher/fee, books, access to study questions, free course retakes, etc.
Action Item: Contact the CISSP training provider and get clarity on what comes with the course.
#8 Official (ISC)² Training Providers
(ISC)² will try to scare you into thinking you have to take training from an official provider. This is not true. Plus, there’s no guarantee the training you get from an official provider will be better than someone else’s CISSP training. There’s been numerous complaints about the “official” material. It really boils down to how good of a instructor you end up with. A great instructor can overcome crappy materials; a bad instructor cannot.
Below are a couple sample reviews I found about the “official” courses. In theory, these should have the best materials and best trainers. You can decide what’s right for you.
Feedback on an Official CISSP course. Source: https://community.infosecinstitute.com/categories/cissp (Click to Enlarge) Comment of the ISC2 Blog. Source: https://blog.isc2.org/isc2_blog/2017/01/cissp-training-myths-busted.html (Click to Enlarge)
Action Item: Decide how important taking an “official” course is to you. If it outweighs everything else, only look at official CISSP training providers. Remember “official” does not necessarily equal effective.
#9 CISSP Practice Exams
One of the biggest mistakes CISSP candidates make is just studying the material and not taking practice tests. You should take as many practice tests as you can get your hands on! It is vital you understand how to dissect questions, eliminate distracting answers, understand “best” answers, etc. The best way to do this is practice. 50% of your time should be spent on practice exams. The CISSP boot camp instructor should provide context on the material being taught by framing how the material may show up in a CISSP exam question or scenario.
Action Item: Inquire with the CISSP training provider to see if they include practice exams as part of the course. Also, see if the practice exams are available after the course.
I hope you found this CISSP guide useful. Best of luck on your journey to get CISSP certified. The CISSP certification is the outcome you seek, but remember to take some time to enjoy the journey along the way. It’s not the CISSP certification that matters most, but the pursuit that makes you better tomorrow than today.
Christian at Lantau Peak near Hong Kong
Christian Espinosa is Alpine Security’s CEO/Founder and a Cybersecurity Professor at Maryville University. He holds over 25 certifications, including the CISSP, CCISO, and PMP. Christian is a US Air Force veteran with a BS in Engineering from the US Air Force Academy and MBA from Webster University. Christian holds multiple patents on cybersecurity attack and defense. Major recent projects include penetration testing and assessments of commercial aircraft, medical device penetration testing, and numerous incident response projects. When Christian isn’t protecting us from cybercriminals, he climbs mountains, travels the world, teaches outdoor wilderness survival, and competes in Ironman triathlons.