(ISC)² CISSP certification is a highly coveted cybersecurity certification for seasoned professionals and leaders in this space. CISSP stands for Certified Information Systems Security Professional and this guide will explain everything you need to know regarding the CISSP, how it can fit into your career and if it is worth pursuing. The CISSP is a globally recognized credential managed by the International Information Systems Security Certification Consortium (ISC)². Since its launch in 1994, it has become a standard in validating an individual’s deep technical and managerial knowledge and experience in the
field of information security. CISSP not only meets the requirements for ANSI/ISO/IEC Standard 17024, it was actually the first information security certification to do so. It is also an approved baseline certification under the U.S. Department of Defense (DoD)
8570 certification requirement. For the purposes of this guide, all exam related information is aligned to the CISSP Computerized Adaptive Testing (CAT). The CISSP CAT exam is the standard used for all English-based CISSP exams. The CISSP exam is also available as a linear, fixed-form exam in: Unless otherwise noted, details
regarding the exam are aligned to (ISC)²’s CISSP Certification Exam Outline effective as of May 1, 2021 The CISSP certification exam will cost $749 starting on May 1, 2021. It is currently $699. The (ISC)² CISSP certification exam offers candidates up to 3 hours to complete the 100 – 150 multiple choice and
advanced innovative questions. (ISC)²’s advanced innovative questions consist of drag and drop and hotspot style of questions. The CISSP certification exam is based on (ISC)²’s Common Body of Knowledge (CBK®) which concentrates on 8 domains related to information security: The CISSP certification exam is known to be one of the more challenging cybersecurity certification exams available. As such, it is not uncommon for even experienced cyber professionals to fail on their first attempt. This certification requires candidates to be experienced in the field of cybersecurity, which is often helpful on the exam’s objective and performance based questions. However, many questions are aligned to how a security or risk manager would think and act, not how a technologist would perform. Years of technically performing information security tasks can actually lead to incorrectly answering questions that should be approached from a process or managerial standpoint. The biggest challenge is retraining yourself to the think to the test and how (ISC)² expects you to answer. How To Pass The (ISC)² CISSP Certification Exam?As mentioned above, the biggest challenge IS professionals face when tackling the CISSP exam is their tendency to answer from their viewpoint as a technologist in the field. In order to pass the CISSP certification exam, it is necessary to look at the exam from the viewpoint of an Information Security Manager and the process requirements such a role needs to adhere to. In terms of preparation, most people take several months to thoroughly study the exam domains using an assortment of materials including:
CISSP RequirementsBefore you can sit for the CISSP exam you need to meet specific experience requirements. This includes a minimum of 5 years cumulative paid work experience in at least 2 of the 8 CISSP CBK domains. It is possible to reduce the work requirement by 1 year if you hold a 4-year college degree OR regional equivalent OR one of the approved credentials listed below:
Instructor-Led vs Self-Paced CISSP TrainingMore often than not, the question of instructor-led training (ILT) or self-paced training is presented as a one or the other approach for preparing for a certification exam. In relation to the CISSP exam, both options are often necessary as a part of a comprehensive study plan. As mentioned previously, the CISSP exam is not one to take lightly and it is definitely not one that can be passed after a single week of training either through self-paced, ILT or both. Instead the below is a suggested outline for preparation.
Requirements After You Pass Your CISSP ExamMeeting the education requirements and passing your exam are not the only steps required to earning your CISSP certification. There are three more steps you need to complete before officially becoming a CISSP:
Is CISSP Worth It?It can be! If you are pursuing a managerial path in cybersecurity, then the CISSP is an ideal fit and can help you attain higher salaries and greater career opportunities than your non-certified peers. It is typically best suited for professionals holding or aspiring to hold the following job titles:
The CISSP certification is also an IA approved baseline certification under the DoD Directive 8570.01-M for the following job categories:
The (ISC)² CISSP Compared To Other Industry CertificationsWhile the CISSP is a highly coveted cybersecurity certification, it is certainly not the only available and it may not be the best fit. Below is a quick breakdown of how the CISSP certification compares to other credentials so you can choose the best path for your career. CISSP vs CISMCISSP leans heavily into the operational side of security whereas the ISACA CISM focuses on how your information security practices fits into your business objectives. CISM is often a next step after CISSP if your goal is to become a CIO or Risk Management Professional. CISSP vs CASP+If you want an advanced level certification but don’t intend to pursue a management role in cyber, then CompTIA’s CASP+ is your perfect choice. According to CompTIA, “CASP+ is the only hands-on, performance-based certification for practitioners — not managers — at the advanced skill level of cybersecurity. While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP+ certified professionals figure out how to implement solutions within those policies and frameworks.” CISSP vs CRISCISACA’s CRISC is narrowly focused on controlling and mitigating risk whereas the CISSP addresses a broader range of cybersecurity topics with risk management only accounting for about 15% of the exam. In terms of career opportunities, CISSP will open more doors in cybersecurity than CRISC but if your goal is a role in risk management then CRISC will help you standout. CISSP vs CISASimilarly to the CRISC comparison, CISA is a highly concentrated exam on Information Systems auditing. This concentration is a benefit for an auditor but doesn’t provide the broad industry acceptance that the CISSP garners. CISSP vs Security+, CEH or CCSPCISSP doesn’t really compare to certifications such as the CompTIA Security+, EC-Council CEH or even the (ISC)² CCSP because they are each designed for very different audiences and skill levels.
CISSP Average SalaryAccording to Payscale.com, the average salary for a CISSP is $121,000 annually. Over 80% of respondents report they are in mid-career or later stages of experience. Jobs For CISSPsAs mentioned previously, the CISSP certification is broad enough to apply to a number of cybersecurity job roles. Over 73,000 jobs on LinkedIn mention the CISSP and titles include:
Similarly, these opportunities are available across a number of industries. Banking, Automotive, IT, Computer Software, Civil Engineering, Insurance, Aviation & Aerospace, Defense & Space, Financial Services, Government, Higher Education & more all have posted jobs for looking for CISSPs. How Many CISSPs In The World?Only 156,054 professionals hold the CISSP certification worldwide as of July 2022. According to Cyber Seek, there are currently more open positions requesting the CISSP than there are CISSP certification holders. How To Maintain Your CISSP CertificationA CISSP certification is valid for 3 years from the date it was earned but it can be renewed if the certification holder earns and submits a total of 120 Continuing Professional Education (CPE) credits during the three-year certification cycle. (ISC)² requires two categories of CPEs which they simply label as Group A or B. Group A CPEs must be earned and submitted annually and (ISC)² requires CISSP certification holders to submit 30 Group A CPEs each year to qualify for renewal. Domain-Related Education, Contributions to the Profession, and Unique Work Experience are all considered Group A CPEs. Group B CPEs can be earned and submitted at any point during the three year certification cycle. General Professional Development is labelled as Group B CPEs. In addition to the 90 Group A CPEs, (ISC)² requires an additional 30 CPEs that are either Group A or B for members to renew their CISSP certification. Sample CISSP CPE ActivitiesExample of Group A CPE activities include the below activities as long as the content relates back to the CISSP domains:
Example of Group B CPE activities include the below activities as they relate to general professional development outside of the CISSP domains. These activities are generally in a management or public speaking capacity:
What’s Next? CISSP ConcentrationsAfter earning your CISSP, the next step in your security certification path could be a CISSP concentration. CISSP concentrations signify that you not only have the skills of an (ISC)² CISSP, but that you also have achieved subject matter mastery in the field of information security architecture, engineering or management. CISSP-ISSAPThe CISSP Information Systems Security Architecture Professional (CISSP-ISSAP) is most appropriate for either a chief security architect or analyst, according to (ISC)². It is closely aligned to the consultative process of information security and makes the most sense for independent contractors or government leaders who need to meet 8570 requirements. CISSP-ISSEPThe CISSP Information Systems Security Engineering Professional (CISSP-ISSEP) is ideal for senior systems engineers or IA officers/analysts. This certification was developed in conjunction with the U.S. National Security Agency (NSA) and ensures that certification holders can develop secure systems using systems engineering processes. The CISSP-ISSEP also meets DoD 8570.01-M certification requirements. CISSP-ISSMPThe CISSP Information Systems Security Management Professional (CISSP-ISSMP) is designed for cybersecurity leaders such as, CIOs, CISOs, CTOs, or other security executives. From establishing to governing information security programs, this certification attests that you have all the necessary skills. For government leaders, the CISSP-ISSMP also meets DoD 8570.01-M certification requirements. Register Now For An Upcoming (ISC)² CISSP Training Course! Complete the form below to schedule a time to speak with an Admissions Advisor about our upcoming (ISC)² CISSP Training. Which of the following are valid ISC 2 certifications?The (ISC)² CISSP®, SSCP®, CCSP®, HCISPP®, CAP®, CSSLP®, CISSP-ISSAP®, CISSP-ISSEP® and CISSP-ISSMP® certifications have met Directive 8570.1 requirements and are approved by ANSI to the ISO/IEC Standard 17024.
What is ISC 2 CISSP?Professional certifications
(ISC)2 maintains what it calls a Common Body of Knowledge for information security for the following certifications: Certified Information Systems Security Professional (CISSP), including: Information Systems Security Architecture Professional (CISSP-ISSAP)
What is ISC in cyber security?Cybersecurity and IT Security Certifications and Training. | (ISC)²
Which of the following types of certifications validates the holders have met the baseline of understanding required by all cybersecurity job positions?CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career.
|