Top 5 Pitfalls of CISSP Training

Top 5 Pitfalls of CISSP Training

Top 5 Pitfalls of CISSP Training 864 486 CyberVista now N2K

Congratulations are in order. You have recently made two excellent decisions. The first is that you have decided to earn your CISSP certification. The CISSP is a great investment that can help you distinguish yourself to current and potential employers in the security field. Second, you have decided to use a training provider to help you prep for the CISSP certification exam. Self-studying for the CISSP exam is very difficult, and can be expensive and ineffective. Yet, choosing the wrong training provider is just as bad as not using one in the first place.

The list below are the top 5 characteristics to avoid when choosing a CISSP training provider:

1. Avoid Gray Market Providers

By definition, gray market options are unauthorized sales channels. In the case of CISSP training, gray market providers refer to training companies that operate outside of any relationship with (ISC)² – the organization that develops the CISSP exam. This means gray market providers’ content has not been vetted or examined by (ISC)². By contrast, (ISC)² approved courses are led by (ISC)² certified instructors and their content has been thoroughly reviewed by (ISC)² for accuracy and exam relevance. The (ISC)² stamp of approval represents legitimacy, credibility, and content accuracy.

You may also be tempted to rely on the “pass rates” boasted on the websites of gray market providers. These, too, should generate skepticism. (ISC)² does not report the passing rates of the CISSP exam and official training providers are encouraged not to make this information public. Some sites claim to have 90% or 95% pass rates, but you should remember that these services are relying on questionable survey tactics or convenience sampling (at best) to achieve these high pass rates.

2. Avoid Brain Dump Sites

An exam brain dump refers to a site that hosts “real” exam questions and answers that are available for purchase. These sites claim that they have somehow acquired (ISC)²’s bank of exam questions, and all you will need to do on test day to pass the exam is regurgitate the right answer to the question you have already seen, word-for-word. Yeah, right.

Aside from running the risk of breaking (ISC)²’s Code of Ethics by supplying or utilizing these bogus sites, these sites represent quintessential social engineering. Watch out for promises like “Questions taken from the current pool of questions,” “Free updates, available within 1 week of any change in the real exam,” and “Testing Engine Downloaded Instantly After Purchase, Simulating Real Exam Environment.”  Any remarks like this should send your spidey-sense tingling.

Brain dump sites will even show you customer testimonials as proof of their authenticity. For example, on, “Juliana” from New Jersey writes in, “I passed with an exceptional score of 89 marks in CISSP examination!” Juliana, you need a scaled score of 700 to pass. Also, if you pass the exam, you don’t find out your score. But you wouldn’t know this, Juliana, because you’re not a real person.

3. Avoid PowerPoint-Driven Courses

Using PowerPoint slides to deliver live sessions is so prominent and painful that students have coined the phrase, “Death by PowerPoint.” PowerPoint slides are great visual aids and can be helpful, but only when used in moderation. Many CISSP prep courses are dependent on PowerPoint slides (numbering in the several hundreds), which can lead to simple copy and pasting from students, and immediate disengagement from the instructor and the content. Choose a provider that offers a variety of content to keep the course interesting and engaging while also catering to different learning styles.

4. Avoid Cram Courses

Ever heard of a buffer overflow attack? It’s when an attacker tries to fit more information into an application’s memory bank than it can hold. This causes the application to crash. What is true for applications is also true for students. Cramming is not an effective way of learning. The predominant approach to CISSP training are boot camps, which attempt to cram 300 hours worth of information into a week.

Not only is cramming a scientifically proven ineffective study method, but it also doesn’t allow you to retain the information for the long term. The CISSP certification is not just about passing a test. It’s about learning real-world skills that you can apply in your professional career. Studying without learning is missing the point.

5. Avoid a One-Size-Fits-All Study Plan

Many training providers don’t take the time to get to know you, or your areas of strength and weakness. This is a problem because it leads to inefficient studying. You will waste your time studying information you already know, and that wasted time could have been spent on material you aren’t so familiar with.

CyberVista – A Better Study Solution

Informed by decades of learning science by our sister company, Kaplan, we have designed a course that addresses the weak points of other CISSP test prep approaches. We know that every student is different. So, our course identifies your unique strengths and weaknesses through a diagnostic exam and then organizes content specific to your skills. When it comes to learning new content, our (ISC)² certified instructors deliver content in an interactive way. Plus, we offer an array of study tools that appeal to every learning style.

Learn more about CyberVista’s CISSP Training Course here.