Dear All, I hope you are doing well. I successfully passed the CISSP examination on 15 November 2025. At that time, I did not apply for ISC2 Associate status, nor did I submit an endorsement application for CISSP certification because I had only four years of relevant professional experience and therefore did not yet meet the full CISSP experience requirement. Recently, I completed one of the certifications listed by ISC2 as qualifying for a one-year experience waiver toward the CISSP experience requirement. With this waiver, I now believe that my four years of professional experience, combined with the approved certification, may satisfy the experience requirement for CISSP certification. I understand that candidates who pass the CISSP examination have a limited period (which I understand to be nine months from the exam date) to complete the necessary post-examination requirements. Based on my calculation, this deadline would fall around 15 August 2026. My concern is regarding the endorsement and review process. If I now submit my endorsement application with my four years of experience and the qualifying certification for the one-year waiver, will my application remain valid as long as it is submitted before the deadline, even if ISC2's review process extends beyond that date? Alternatively, would you recommend that I first apply for ISC2 Associate status to ensure I remain within the required timeline and then pursue CISSP certification after the endorsement review is completed? I would greatly appreciate your guidance on the best course of action to ensure I do not inadvertently lose my eligibility due to processing timelines.

Hello all, I am so happy to State that I have cleared my exam today. Big shout out to Vincent who created such an amazing app and the group and ofcourse our beloved May Brooks. Her quote "Train hard, Fight easy" is priceless.

Alright folks, here it is! The registration link for the FREE MasterClass you don’t want to miss:👉Registration Link - Let us know in the comments if you'll be there! Tuesday, September 16th at 7:00 PM UAE We’re thrilled to welcome May Brooks-Kempler (@May Brooks) to our community!May is one of the most respected CISSP instructors worldwide. She’s an (ISC)² Board Member, co-author of the Official CISSP Study Guide, TEDx speaker, bestselling author (Scams, Hacking, and Cybersecurity), and a recognized leader in the global infosec community. What this means for you: 📚 Study Group MasterClass Takeover – May is giving our members free admission to her upcoming CISSP MasterClass. This is your chance to learn directly from one of the best and show her what our study group is all about. 🎤 Pop-In Q&A – Keep joining our study groups, because you never know when May might drop in for a quick Q&A. 🤝 Exciting Collaboration – This is just the beginning. May is backing our community as the place for anyone self-studying or preparing for the CISSP together. 💡 Earn 2 CPE Credits – Self-submit for 2 CPEs just for attending the MasterClass.

Senior management has approved funding for a new information security program. The CISO wants to ensure that the program is sustainable and aligned with business strategy. Which of the following is the MOST important first step? A. Develop detailed security policies and procedures for all business units. B. Conduct a comprehensive risk assessment across the organization. C. Implement baseline technical controls to address known vulnerabilities. D. Establish a security steering committee with representation from business leadership.

During a risk assessment, management learns that a legacy system critical to operations has several known vulnerabilities. The vendor no longer provides patches, and replacing the system would take over a year and significant budget. 👉 As a security manager, what would be your BEST recommendation to management in this situation? Think it through ...