CISSP Pass Rate & What To Do If You Fail?

The CISSP ranks are growing at roughly 150 new certification holders a week, while the total number of security professionals that hold the CISSP is well over 150,000. 

This growth is largely driven by an excellent marketing campaign performed by ISC2, making the CISSP the one must have certification to prove your capabilities.  It is now one of the most in-demand certifications on the job market, a quick search for CISSP on will result in thousands of matches.

Despite this growth, the CISSP is a tough exam to pass and requires a grueling and thorough study plan to have any chance of passing.  You simply cannot rely on experience to get a passing mark.

At this point you might be wondering, what is the CISSP pass rate? Unfortunately, that data isn’t available to the public and is kept private by ISC2.  However, it is widely accepted by the security community that the pass rate is likely to be between 50% and 60%.  

This difficulty ensures that anyone that passes the CISSP can be relied upon to have a certain level of cybersecurity knowledge across multiple domains.  Additionally, they are guaranteed to have at least 5 years of experience across at least two of the eight CISSP knowledge domains.

It’s these points that make the CISSP so sought after by employers and makes it worthwhile for anyone that takes their cybersecurity career seriously or is looking to increase their employability.  

Why You Might Fail the CISSP?

You Crammed

Cramming is something that most of us have done at some point in our lives, but it’s an ineffective method of learning and retaining a subject.  

The CISSP test is designed in such a way that you need to know the subject matter thoroughly and be able to answer questions that are asking you to apply knowledge and judgment based on real-world scenarios.  

Cramming won’t allow you to answer these questions effectively.  You need to study in such a way that you learn the subject matter. 

Therefore, I don’t recommend you attend so-called CISSP boot camps.  Boot camps are essentially glorified and expensive cramming sessions.  They are made to fit as much content as possible into a very short time frame. 

Study by yourself and you’ll save money and probably learn a whole lot more. 

Your Study Plan Wasn’t Effective

In my article on how to study for the CISSP, I detail how you can quickly and easily identify your weak areas.  This absolutely needs to be done so you know where to focus your efforts effectively.  

Studying without a plan is likely to waste time and cover ground that you know well while skimping on the areas that you need to focus on.  

The CISSP covers a whole lot of ground, with eight domains to cover, but it doesn’t go into any particular area in great depth.  You need to have a birds-eye management view of a lot of subjects, without getting stuck into the minute details. 

You Second Guessed Yourself

The actual CISSP exam is challenging.  When I started answering questions I began doubting some of my answers, some areas seemed straightforward, while others were incredibly challenging.  

The format of the exam itself is mentally exhausting.  You might only have to answer 100 questions, but you might also have to answer 150, depending on how well you perform.  This uncertainty can be mentally taxing. 

You want to avoid getting stuck in a rut of second-guessing your answers and doubting your capabilities.  If you prepared sufficiently, then you’ll be fine.

You Are Confused By The Questions

Whoever writes the CISSP questions is an evil genius.  They have a certain way of phrasing what could be a straightforward question into something that makes you doubt your answers.  

A question rarely has a straightforward answer, instead you’ll be forced to pick the best answer based on the scenario presented.  Keep in mind that the CISSP is a managerial certification and they expect you to answer exam questions from the point of view of a manager and you’ll do fine.

What To Do If You Fail The CISSP

The first thing to do is to not become disheartened.  

As much as half of the security professionals that attempt the CISSP will fail, which means you’re in good company.  

The best thing you can do is take it as a learning experience and understand where you might have gone wrong.  Do you need to take more practice tests? 

  • Do you need to study certain areas more thoroughly? 
  • Was your studying effective? 
  • Do you know why you failed?

Once you’re able to answer all of these questions, you’ll be much better prepared to sit the CISSP again and pass with flying colors. 

Final Thoughts

Without a doubt, the CISSP is a hard exam and one which will tax even the most knowledgeable of security professionals.  This is reflected in the pass rate, which is likely under 60%. 

However, with proper planning, there is absolutely no reason why you can’t pass the CISSP on the very first attempt.

Even if you do fail, it’s not the end of the day.  Treat it as a learning exercise, move on, and try again.