If you're a seasoned cybersecurity professional who wants to show businesses that you have the skills they need to protect critical data, then you might consider the Certified Information Security Systems Professional (CISSP) qualification.

Below, we explain who the CISSP certificate is for, why it might benefit you, and how to decide whether to pursue this qualification. We also look at what careers and industries this certification is helpful for, and how to go about getting it.


What is CISSP Certification?

CISSP certification is a senior-level information security qualification. It shows that you possess an extensive and in-depth knowledge of cybersecurity. Anyone with a CISSP certification can be expected to lead an IT security team, implement effective security procedures, and protect web or online-based data systems.

Who Provides the CISSP Certification?

CISSP certification is provided by ISC2. ISC2 is a globally recognized community of cybersecurity professionals. Membership is not automatic. You must pass the CISSP exam and complete the certification process, to become CISSP-certified. This rigorous process ensures that ISC2 membership and certification remain prestigious.

Who is the CISSP Certification for?

The CISSP certification is for experienced cybersecurity professionals and business leaders. It is not an entry-level IT or security qualification. If you are already working at a mid to high level in a cybersecurity field, CISSP certification can help you transition to an even higher position.

Who is Eligible for CISSP Certification?

Although the CISSP exam is open to all interested in cybersecurity, you must have at least five years' worth of work experience in relevant domains (discussed below) to become CISSP-certified.

However, if you don't have enough work experience, you can apply to be an ISC2 Associate. ISC2 Associates have the knowledge required to pass the exam, but not the work experience.

  • You can take the exam and show employers that you have passed the qualification.
  • While you build work experience, you can learn from the ISC2 community.

What are the Benefits of Having a CISSP Certification?

There are many benefits for cybersecurity professionals who pursue CISSP certification.

  • Networking: Pursuing CISSP certification connects you to others in your field. This may open new doors or simply enhance your knowledge of the sector.
  • Employability: ISC2 is a globally recognized, leading provider of IT certification. You can increase your employability in a competitive field with a CISSP certificate.
  • Earning Potential: As the CISSP certification shows advanced cybersecurity knowledge, it may help you pursue higher positions within companies and, accordingly, higher salaries.
  • Skills Development: Studying for and pursuing the CISSP qualification will help you develop new, critical skills which will allow you to develop your cybersecurity knowledge.

What are Some Job Prospects Following CISSP Certification?

CISSP certification confirms the ability to design safe and effective cybersecurity programs for any business. As such, CISSP-qualified professionals can expect to find work in any cybersecurity-related field, including:

  • Security consultant
  • Chief information officer
  • Information analysts
  • Security engineers
  • Cybersecurity manager
  • Senior information security risk officer

Your skills will be in demand anywhere there is a need for cybersecurity protection, data privacy protection, and IT security management.

What are Some Average Salaries for CISSP-Qualified Professionals?

According to research by ISC2, the average salary globally for CISSP-qualified individuals is USD$119,577.

  • In Europe, the average salary is USD$103,493
  • North Americans can expect to earn, on average, USD$147,757

Of course, these are merely average ranges. What you will actually earn depends upon various factors including:

  • Occupation
  • Geographical location
  • Years of experience
  • Company payscale/structure

In other words, it would not be uncommon to earn less or more than these average salaries. However, what we do know is that CISSP-certified individuals can command impressive incomes. This is yet another benefit of pursuing CISSP certification.

What are the Steps to CISSP Certification?

We can summarize the main steps to CISSP certification as follows:

  • Complete at least five years' worth of work experience in at least two of the eight CISSP exam domains. If you have a relevant qualification, this may count as one year of work experience.
  • Register for the CISSP examination. Schedule your exam and pay the required fee.
  • If you pass the exam, you can begin the endorsement process. This is when a qualified professional who knows you, or the ISC2, vouches for your skills and work experience.
  • Once the endorsement process is complete, your certification can be approved. You will then pay the annual maintenance fee to complete certification.
  • You must complete the endorsement and certification process within nine months of passing your exam, or else you will be required to retake the exam.
  • If you do not have the experience required, you can still apply for and pass the CISSP exam. But rather than applying for certification, you apply to become an ISC2 Associate.

Once you complete the certification process, you can hold yourself out to be a CISSP-certified cybersecurity professional.

What is the CISSP Exam?

The CISSP exam is the most critical part of CISSP certification. Passing the CISSP examination proves you have the skills, knowledge, and experience to design, build, and manage a company's security program. The exam tests eight key domains, which we will explore in more detail below.

  • Every CISSP examination lasts three hours.
  • You can expect between 100 and 150 items on the test. The number of items will depend on your unique responses to each question. Meaning, some candidates will answer more questions than others.
  • You need at least 700 out of 1000 points to pass the examination.

Once you complete the examination, if you pass, you can proceed to applying for certification. You must do this within nine months of your exam date or else you must repeat the exam.

How Much Does the CISSP Exam Cost?

According to the ISC2 website, at the time of writing, it costs $749/€665 to sit for the CISSP exam.

Note that if you need to reschedule or cancel, you will be charged the following additional fees:

  • Rescheduling: $50/€40
  • Canceling: $100/€80

Fees are subject to change. Always double-check the ISC2 website or give them a call to confirm the relevant fees.

What Should I Expect on the CISSP Exam?

Before you undertake the CISSP examination, it's helpful to know what to expect from the process.

As mentioned, the exam tests eight key domains, which you should have some relevant work experience in before you complete the test.

The eight domains are:

  • Security and Risk Management: How to manage data security and risks through an organization's entire infrastructure. You must also show an understanding of compliance and regulatory requirements.
  • Asset Security: How to physically secure data ("assets") through its entire life cycle within an organization.
  • Security Architecture and Engineering: Demonstrate an understanding of secure design principles when building IT architecture. Showing that can identify and mitigate potential vulnerabilities.
  • Communication and Network Security: This section involves showing that you know how to enable communications and relevant protocols securely within a network.
  • Identity and Access Management: Demonstrating that you know how to keep data secure, and promote legally compliant authentication procedures, within a company. This is crucial in keeping data safe and restricting access to authorized personnel.
  • Security Assessment and Testing: An ability to design and implement security tests, such as penetration testing, to keep data secure.
  • Security Operations: Proving that you understand how to implement security principles through day-to-day business operations e.g. disaster recovery, threat mitigation.
  • Software Development Security: Developing internal software or showing that you know how to safely source third-party software from elsewhere.

Each domain has roughly equal weight attributed to it within the exam. However, "Security and Risk Management" has slightly more weight compared to other domains, which is unsurprising given the nature of CISSP certification.

The exam format is computerized adaptive testing (CAT). Let's break down what this means, as it may be significantly different from exams you have completed before.

What is Computerized Adaptive Testing?

Computerized adaptive testing is a new way of testing based on your unique abilities.

  • Each candidate receives an item (or question, or scenario) which is below the passing standard.
  • The candidate answers the question or scenario. Based on their responses, the computer algorithm generates more questions or scenarios.
  • The questions are uniquely designed to challenge candidates based on their strengths and weaknesses. The idea is to generate a truer, more comprehensive understanding of a candidate's abilities than a typical exam.

You must answer at least 75 questions to be considered for passing or failing. And typically, according to ISC2, the most capable candidates answer the least questions (around 100 or so).

How Do I Get My Exam Results?

CISSP exam results are issued, informally, the moment you complete your exam. However, you should not rely on these results as they are not verified. Your formal results will be released once they have been analyzed. It could take up to eight weeks to receive your CISSP exam results, depending on your test center.

Results will be emailed to you. They won't be available over the phone or by any other means.

Can I Retake the Exam if I Fail?

Yes. If you fail the CISSP exam, you can retest up to three times within a year. This means that you can take the CISSP exam, in total, up to four times within 12 months:

ISC2 Retake Policy

How to Prepare for the CISSP Exam

As with any certification, you can maximize your chances of passing the first time around by preparing thoroughly.

ISC2 offers three main training options for those looking to complete CISSP certification:

  • Adaptive Self-Paced: Self-paced learning has no instructor. You will have full access to a range of learning materials which you study at your own pace. You can tailor the learning experience to suit your own needs and schedule. Once you work through the materials, you can test your exam readiness with various quizzes and a final assessment.
  • Instructor-Led: Instructor-led training is remote learning guided by an instructor. You will receive live online tuition alongside materials you can review in your own time. You will complete various end-of-chapter quizzes and a final assessment to test your exam preparedness.
  • Classroom-Based: You will be taught by an ISC2-approved instructor in a classroom. You will participate in discussions, practical scenarios, and quizzes. You will also complete an assessment which you can use to gauge your exam readiness.

You can also learn at your own pace, in your own way, by purchasing older, official exam papers or by purchasing textbooks recommended by ISC2. There are also some (albeit limited) free resources available, such as short quizzes.

The CISSP exam is challenging. Give it your best shot by preparing thoroughly in advance.

How Much Does CISSP Certification Cost in Total?

There are a few potential costs involved in this certification.

First, every candidate must pay an examination fee. Then, to complete the certification process after passing the exam, you must pay your first annual maintenance fee of USD$135 (at the time of writing):

ISC2 Certified Members fees

ISC2 Associates (those who can pass the exam but lack enough work experience to become certified) must pay an annual maintenance fee of USD$50.

You will also most likely be required to pay for either self-paced or instructor-led training or official self-study tools to give yourself the best chance of passing the CISSP exam. The costs vary depending on the materials you need, but as an example, the self-study guidebook is around USD$60, and full-length practice tests are around $USD40.

To budget effectively for CISSP certification, carefully consider what you need from your study materials. Only purchase what you need. And make sure you have enough funds available to pay your exam fee and maintenance fees without delay.

Can Your CISSP Certification be Revoked?

There are occasions when the ISC2 may suspend or revoke your CISSP certification. Should this happen, you will be unable to hold yourself out to be CISSP-certified until your qualification is reinstated.

Reasons why you might lose your certification include failure to pay annual fees, failure to complete any mandatory ongoing learning courses, or a failure to follow the Code of Ethics.

Code of Ethics

Every CISSP-certified person must demonstrate that they have the professionalism required to work as a security professional certified by ISC2. This means agreeing to, and following, the Code of Ethics. The obligations are simple, and can be summarized as follows:

  • Act in the interests of the profession
  • Behave professionally and with integrity
  • Show the expected level of diligence, competence, and skill when completing work

Here is a closer look at ISC2's Code of Ethics in more detail:

ISC2 Code of Ethics

Contact ISC2 if you have any questions regarding what is expected of you. You should also read the Code of Ethics and supporting documents in full.

Summary

The Certified Information Systems Security Professional (CISSP) qualification is a globally recognized IT qualification. It proves you have an advanced understanding of how to protect data, comply with complex global security laws, and manage reliable IT teams.

  • The first step to certification is completing the CISSP examination.
  • If you pass, you must prove you have the relevant work experience (five years in cybersecurity) before you can fully qualify.
  • Anyone can pursue the exam; however, if you don't have enough work experience, you can become an ISC2 Associate until you do.
  • The exam is highly personalized, testing your unique capabilities rather than simply answering the same paper as everyone else.
  • You must maintain good standing with ISC2 to retain your certificate; otherwise, it could be suspended or revoked.

Is CISSP right for you? CISSP may be suitable if you are already an experienced security professional looking to improve their employability, deepen their knowledge, and pursue a higher position in the field. It may not be right for those newer to the field or those who wish to pursue the more technical, engineering-based side of security and networks.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy