Do I even need to take the CISSP? I rarely asked myself that question. But plenty of other people did. My usual answer: if you just graduated, it helps you break into the industry; if you’ve been working three to five years already, it’s not really necessary — you’ve got the experience to clear the bar anyway. I also asked my boss about it at some point. Same answer: not really necessary.
Still, I’d been working in this field without a cert for so long (lol) that maybe it was time to bite the bullet. Also, honestly, the job market’s been rough and more and more postings are listing it as a requirement. It wasn’t exactly a spontaneous decision, but I still hesitated when I saw the registration fee. $749 is no joke.
I spent about 20 days studying and passed on the 5th. The biggest takeaway wasn’t the cert itself — it was the process of preparing for it. Studying for CISSP is a kind of disillusionment. You figure out pretty fast that management thinking matters more than technical thinking if you want to pass. You also realize it’s essentially a compliance test — you have to accept their framing of answers and test points, full stop. For me personally, the journey went from anxious (“I’m about to waste $749”) to just… going with the flow. I didn’t come out feeling stronger, and I also stopped thinking CISSP was some insurmountable wall. I just feel calmer now, more grounded. More importantly, I realized that the principles I believe in and the path I’ve chosen aren’t something a certification can touch. Wisdom isn’t at the destination — it’s something you find along the way. Look outward, experience things, take action. That’s it.
After passing, I told two of my bosses. One said: “Good.” The other said: “Man, you really had nothing better to do.”
My wife said: “Honey, you’re amazing!”