The CISSP is the GOLD standard of Cyber Security certifications.

There are currently over 85,000 open CISSP jobs in the US.

Meaning there are more open CISSP jobs than there are people who are CISSP certified, and I assume most of the certified people are already employed.

Cyber security is growing, FAST.

Right now there are over 4.5 million job in Cyber security and the number of jobs are expected to grow 11-12% annually. That is close to 500,000 new jobs every year.

Source: ziprecruiter

Get our CISSP bundles:

📢My CISSP courses are updated for the 2024 curriculum.📢
The changes are VERY minor.
ALL my courses will be updated in-place, mean you get the updates for free!
Here is my video on the changes:

1% domain weight from Domain 8 to Domain 1.
More focus on AI, privacy, cloud, quantum, edge, system lifecycle, and Scaled Agile Framework.
100-150 questions, 3 hours (before it was 125-175 4 hours).

We teach you the 4 things you need to pass your CISSP exam!

See some of the CISSP videos, practice questions, and part of a study guide from the full CISSP bundle.

Picture of Thor Pedersen <br>CISSP, CISM, CC, PMP, CDPSE, CEH, 2x CCNP, Sec+, 3x CCNA ...

Thor Pedersen

Best selling CISSP, CISM, CC, and PMP trainer with over 570,000 enrollments worldwide.
20+ years experience working with most aspects of IT, information security, project management, and IT training.

Frequently asked CISSP questions:

I can’t promise you anything, but there is a huge demand for CISSP certified professionals, there are currently over 66,000 open CISSP jobs in the US alone and we are seeing the same picture across the world. 
The average CISSP salary in the US is over $112,000 per year.

This is the approach I use for all my studying and it seems to work for the majority of my students.

I cover it all in my Free CISSP study course, get it here!

For the CISSP get 1-3 good video courses, 1-2 good books, and do 3,000 – 5,000 practice questions before the exam.

  • Watch each video class once without/with taking notes.
  • Read the primary book once, read everything, and highlight what you think is important or what the book tells you is important. Add to your notes.
  • (Do some per domain practice tests, restudy EVERYTHING you get wrong/are unclear on).
  • (Re-watch each video class, and add to your notes).
  • (Re-read the primary book /and or) read the secondary book if you have it, read everything, and highlight what you know is important. Add to your notes.
  • Read the free study guides and supplement your notes.
  • Start on per-domain practice tests, start with easy/mid practice questions. Do a test then restudy EVERYTHING you get wrong/are unclear on. Do this for 2,000-3,000 questions or you consistently hit 80%+ on easy/mid questions. Add to notes as appropriate.
  • ̉Switch to hard questions, same process as easy/mid. Take a test, then restudy EVERYTHING you get wrong/are unclear on. It is perfectly normal to score 50-60% on your first hard tests, it is normal and OK. The whole idea of hard questions is to get you ready for complex scenarios and deconstructing questions. Spend more time deconstructing questions with hard questions.

Books, videos, study guides, google, and study groups are for gaining knowledge.

Easy/mid questions are for finding the large knowledge gaps.

Hard questions are for getting the right mindset and learning to logic your way through complex scenarios and deconstructing questions.

You will need all 3 categories to gain a higher chance of passing your CISSP exam.

The CISSP exam question pool is supposedly over 10,000 questions large and growing. This means that no practice test engine will ever “be like the exam” and brain-dumps will NOT work.

You need to understand ALL the concepts, be able to explain them and be able to logic your way through complex convoluted exam questions.

Most students score 80-85% on easy/mid practice questions, then move to hard questions and score 50-60%, remember, this is normal and OK. I have many students who do not score over 60-65% on my hard questions and pass the exam.

Use easy/mid questions early in your studying and hard questions the last 1-2 months.

You need to spend a good deal of time learning to deconstruct questions; what are they really asking here?

Do not worry if you spend 3-5 minutes on a question to begin with; just learn to deconstruct the question.

Deconstruct questions and answers:

  • Read the question; spot the keywords (PKI, Integrity, HIPAA) and indicators (FIRST, MOST, BEST), then deconstruct the question; what are they really asking here?
  • Once you have deconstructed the question, read the answer options.
  • Deconstruct the answer options too, if needed.

Many questions have 2 distractors and 2 possible right answers.

In rare cases, there can also be 4 wrong answers (you then pick the LEAST wrong answer) or 4 right answers (you then pick the MOST right answer).

Do not use the same practice questions more than once. You will get higher scores, but it will be inaccurate scores; you have seen the questions before.

After each practice test, review all the questions you got wrong and the ones you marked for review, and read the question explanation. Then re-read the book and, re-watch the video, use Google on the topics you answered wrong on the test.

Re-study the topic until you understand WHY the right answer is the right answer, and why you answered it wrong.

This is critical; you need to grow your knowledge, not just grind out practice tests.

For the last 2-4 weeks, do hard questions, use the free study guides, read the 11th hour, and re-watch all the videos at 1.5x – 2x speed; this is just to refresh the topics you covered earlier in your studying.

I normally do not recommend studying on exam day, but it can be beneficial to do 5-10 questions right before the test to get in the right mindset just prior to the exam (read in the parking lot or similar).

All this is included in our courses:

  • 34 hours of CISSP videos (over 200 lectures covering all 8 CISSP domains).
  • 4,300+ CISSP practice questions.
    • 625 hard CISSP practice questions.
    • 3,250 Easy/Mid CISSP questions – both as exam emulation and domain tests.
    • 198 topic questions after each major topic.
    • 240 domain questions, 30 after each domain.
  • CISSP Study Guides – 300+ pages.
  • A 2,500 word Glossary
  • 2,500 Flashcards
  • CISSP Quick Sheets – 120 pages (for review sessions).
  • ThorBot: Your 24/7 AI study assistant, clarify concepts, tailor your learning, and enhance your CISSP preparation.
  • A CISSP study plan.
  • 450+ CISSP links.
  • CISSP Mnemonics.
  • Subtitles in English, Spanish (Latin America), French, Arabic, Chinese, and Hindi
  • (optional) 700 Boson practice questions.
  • 2024 curriculum updated.


We made our CISSP study guides using our slides, you get over 300+ pages of CISSP study guides when you purchase our full CISSP course. 
You also get our CISSP Quick Sheets (120 pages) for your review sessions, and our CISSP Mnemonics PDF.


You have access to our courses for either Lifetime or 12 months, you can watch the videos and do the practice questions as many times as you want.

The CISSP CAT (Computerized Adaptive Testing) exam format uses an adaptive algorithm that tailors questions to the test taker.

You will get between 100 and 150 questions, and you have 3 hours to finish the test, that is 72 seconds per question (assuming 150 questions) which should be plenty, but still, keep an eye on the clock.

If you go above 100 questions do not panic, you still have a good chance of passing, the exam will keep giving you questions until it predicts with 95% probability that you will pass or fail or when you hit question 150. 

25 of the first 100 questions are beta questions, they do not count, you do not know which they are. and it is not the first 25, it is random. They are used by ISC2 to test possible future exam questions.

You need to score proficient (around 70%) in all 8 CISSP domains to pass the exam, if you are below in certain domains the exam will keep giving you questions from those domains until you pass or fail.

To get your CISSP certification you must have at least 5 years of professional experience in the information security field.

Your work experience must fall within two or more of the eight domains of the ISC2 CISSP CBK:
Domain 1. Security and Risk Management
Domain 2. Asset Security
Domain 3. Security Architecture and Engineering
Domain 4. Communication and Network Security
Domain 5. Identity and Access Management (IAM)
Domain 6. Security Assessment and Testing
Domain 7. Security Operations
Domain 8. Software Development Security

You may satisfy one year of required experience by holding one of the following below (you will then need four years of relevant work experience):

Four-Year College Degree or Regional Equivalent or Approved certification on the ISC2 Approved List

There are 8 domains in the ISC2 CISSP Common Body of Knowledge (CBK) 2024.

Domain 1: Security and Risk Management – making up 16% of the weighted exam questions.
Domain 2: Asset Security – making up 10% of the weighted exam questions.
Domain 3: Security Architecture and Engineering – making up 13% of the weighted exam questions.
Domain 4: Communication and Network Security – making up 13% of the weighted exam questions.
Domain 5: Identity and Access Management (IAM) – making up 13% of the weighted exam questions.
Domain 6: Security Assessment and Testing – making up 12% of the weighted exam questions.
Domain 7: Security Operations – making up 13% of the weighted exam questions.
Domain 8: Software Development Security – making up 10% of the weighted exam questions.

CISSP certification holders are required to earn 120 CPEs per 3-year cycle, pay a $125 Annual Maintenance Fee (AMF) and adhere to ISC2 ’s Code of Ethics.