Cybersecurity Journey — Part 1

I aced 2,000 practice questions. I knew the material cold. Here's why I still walked out with a failing score, and the exact plan I'm using to pass next time.

If you're reading this after seeing your own "fail" printout, I know exactly where you are mentally right now. You don't need another motivational post. You need clarity. You need to understand why you failed and how to make sure it never happens again.

This isn't another "study harder" article. These are the three strategic mistakes that silently cost me the CISSP, and the exact recovery plan I'm using to pass next time.

Mistake #1: I Was a Technician in a Manager's Exam

My Flawed Thinking

In every question, I was looking for the right technical solution. Firewalls, encryption, authentication — if it sounded technical, I went for it.

I thought the CISSP was testing how well I understood cybersecurity concepts at a granular level.

In my head, I'd read a question and think:

Well, obviously the next step is to patch the system or reconfigure the IDS.

That was my downfall.

The Brutal Reality Check

The CISSP isn't testing your ability to configure or troubleshoot. It's testing your ability to prioritize, manage risk, and protect business assets from a leadership perspective.

  • Here's the trick:

Every question is written as if you're a CISO advising executives, not a SOC analyst fixing a breach.

  • For example, one question might describe a data breach and list four actions.
  • The technically correct one — say, isolating the system — might not be the best management decision.
  • The right answer could be "inform senior management" or "initiate the incident response plan." That's what CISSP means by thinking like a manager.

The Root Cause

I was solving for speed, not process. My entire career has trained me to fix problems fast. But CISSP wants you to think strategically to communicate, escalate, and follow policy.

I Failed My First Ethical Hacking Interview — Here’s What I Learned

I walked in thinking I was Mr. Robot. I walked out feeling like a script kiddie.

infosecwriteups.com

The 100% Actionable Fix: The "Manager's Hat" Drill

  • For every practice question, I now write one sentence starting with: "As a risk advisor, I prioritize…"
  • This forces me to reframe my mindset from doing to deciding.
  • Every answer must serve the business objective, not my technical instinct.

Mistake #2: I Fell for the Perfect Answer Fallacy

My Flawed Thinking

During the exam, I kept looking for the "perfect" answer — the one that solved everything cleanly. When none of the options felt 100% correct, I'd overthink it and second-guess myself.

I can't count how many times I thought:

None of these sound right. Maybe I'm missing a keyword.

That's when time started slipping away. I ended up rushing through the final domain questions.

The Brutal Reality Check

There are no perfect answers on the CISSP. Every question has at least one answer that's less wrong than the others.

The exam tests your ability to choose the most appropriate action given incomplete information, just like in real-world security management.

The Root Cause

Perfectionism. I've been conditioned to find the right answer, but CISSP rewards decision-making under uncertainty.

I Got a Remote Cybersecurity Job with Zero Experience — Here’s My Exact Strategy

How I went from a retail job to working remotely as a Security Operations Center (SOC) analyst

medium.com

The 100% Actionable Fix: The "Least Wrong" Filter

Here's my new two-step system:

  1. Eliminate the two most obviously wrong answers first.
  2. Between the remaining two, ask: "Which answer establishes a process, involves communication, or prioritizes long-term risk reduction over a quick technical fix?"

The answer that aligns with management and risk strategy wins every time.

Mistake #3: I Misunderstood the CIA Triad's True Hierarchy

My Flawed Thinking

I memorized the Confidentiality, Integrity, Availability triad like everyone else. But on the exam, I kept defaulting to Confidentiality as the top priority, because that's what's drilled into us in most training.

So when I saw questions involving data or systems, I instinctively chose the answer that protected confidentiality.

The Brutal Reality Check

The CISSP doesn't care about your default. It cares about context.

For example:

  • In a healthcare system, Availability may be top priority.
  • In financial reporting, Integrity matters most.
  • In national security, Confidentiality leads.

Every question demands that you identify which element of the triad is most critical to the business function at hand.

The Root Cause

I was memorizing frameworks instead of thinking like the business.

I Applied for 100 Cybersecurity Jobs. Here’s Why I Got Rejected.

How to apply for cybersecurity jobs

medium.com

The 100% Actionable Fix: The CIA Triad Prioritization Matrix

Now, for every question, I ask:

  1. What is the primary asset being protected?
  2. What is the business impact if this asset fails?
  3. Which element, Confidentiality, Integrity, or Availability, aligns with that business risk?

That answer usually leads directly to the correct option.

Five AI Cybersecurity Tools You Should Know About Right Now

AI doesn’t replace security experts — it makes them smarter, faster, and more effective.

medium.com

The Human Element: Failure as Feedback

Failing the CISSP exam hurt. You feel embarrassed. You question your competence. You wonder if you're cut out for this.

But here's what I realized after the initial sting wore off: Failing didn't expose a lack of knowledge — it exposed flaws in my strategy.

That's fixable.

If you failed, you're not behind — you're ahead. You've seen the traps. You've felt the curveballs. You have data now. And that data is your advantage.

You're more dangerous going into your second attempt than most people walking in blind.

Five AI Cybersecurity Tools You Should Know About Right Now

AI doesn’t replace security experts — it makes them smarter, faster, and more effective.

medium.com

My CISSP Recovery Playbook (Summary)

  • Shift to a Manager's Mindset: Every decision should align with risk management and policy.
  • Use the "Least Wrong" Filter: You're not solving puzzles, you're managing uncertainty.
  • Apply the CIA Matrix in Context: Always anchor decisions to the business function

The Mindset Shift That Changes Everything

My gut was screaming one thing during the exam, but the CISSP wanted another. Now, I finally understand that passing isn't about knowing more. It's about thinking differently.

Your Turn

What was the hardest mindset shift for you in preparing for the CISSP? Share your biggest challenge or "aha" moment in the comments below.

Follow My Journey

I'll be sharing my progress, refined study plan, and the resources I'm using to prepare for my retake. If you're on this same road, stick around. Let's pass it together.