What is the CISSP?

The Certified Information Systems Security Professional (CISSP) is an industry-leading information security certification designed to accredit a holistic understanding of information security and the ways to protect an organization against various types of breaches. The International Information Systems Security Certification Consortium (ISC)² originally created the certification in 1992 but its popularity rose in the early 2000’s once it was adopted under the Department of Defense’s 8570 IAT and IAM categories. The CISSP certification is also accredited by the American National Standards Institute (ANSI) to be in compliance with the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards. 

The CISSP ensures that IT professionals possess a standardized, vendor-neutral knowledge of the current information security landscape. As such, it has developed into a highly sought after certification by security professionals around the globe and both public and private organizations are willing to pay lucrative salaries in order to bring such individuals onto their security teams.

What is the CISSP Exam?

The CISSP exam is a three-hour exam consisting of 100-150 questions that certify security professionals in 8 different areas:

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communications and Network Security
5. Identity and Access Management (IAM)
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security

Candidates will face various question types including, multiple choice, hotspot and drag and drop. Additionally, candidates will be faced with different versions of the CISSP exam at their time of testing.

On April 15, 2018 the CISSP exam changed. To find out more about the changes read this quick blog post: Making Sense of the CISSP Exam Changes

How to Get Certified: 4 Steps to Earning the CISSP Certification

Step 1: Qualification

To qualify as a CISSP, you will need at least five years of full-time and paid work experience in two or more of the eight domains covered in the CISSP. For those with college degrees/approved additional credentials 1 year of paid work experience may be waived at the discretion of (ISC)².

For candidates who do not meet the work experience required, they can still sit for the CISSP exam and if they pass will receive the title of Associate of (ISC)² until the total experience requirement is met.

Step 2: The CISSP Exam

The next step is to tackle the CISSP exam. Candidates should prepare for the exam through a combination of extensive self-study and by taking a CISSP exam prep course. Once a candidate feels prepared, he/she needs to schedule the exam through Pearson VUE. At the time of scheduling, candidates will be required to:

• Complete the examination agreement – this is a commitment to the (ISC)² Code of Ethics
• Review the Candidate Background Questions
• Submit the exam fee (if you enroll in a CISSP exam prep course this may be included in the course fee or it may be added on; please check with your training consultant)

Only thing left of Step 2 is to show up on your exam date and pass the CISSP!

Step 3: The Endorsement Process

After passing the exam, you will need to subscribe to the Code of Ethics reviewed in Step 2. Additionally, candidates need to have the endorsement of another (ISC)² member who is active and certificated by the consortium. This person will verify aspects of your professional employment such as:

• Length of employment
• Professional reputation
• Nature of employment (must meet the work requirements listed above)

Please note, candidates are only given nine (9) months following their exam pass date to complete this step in the CISSP certification process. If you do not meet the work requirements, you must complete the process to become an Associate of (ISC)² during this 9-month window. Failure to either receive a valid endorsement or to become an Associate of (ISC)² within 9 months of passing the CISSP exam will result in the candidate’s exam results to be voided and will require a retest of the exam in order to move forward in the process.

Step 4: Maintain Your Certification

Re-certification is required every 3 years after passing the CISSP exam. To renew the certification candidates must:

1. Submit 40 CPE each year. This translates to a total of 120 CPEs every 3-year cycle.
2. Pay the maintenance fee of $85 each year.
3. Continue to abide by the (ISC)² Code of Ethics

Why Obtain the CISSP Certification?

According to PayScale.com, 1,121 voters with a CISSP rated their job satisfaction a 5 out 5 and average salaries are reported in the six figures. (ISC)² also reports that CISSPs earn, on average, 25% more than their non-certified peers. Additionally, due to its vendor-neutral and well-respected status, a CISSP can be applied to any organization in any country; thus giving CISSP credential holders the flexibility to land a well-paying job anywhere in the world.

Are You Ready to Become CISSP Certified?