CISSP remains one of the most respected and sought-after cybersecurity certifications. With the most recent update released in May 2021, (ISC)2 has maintained the high bar it set to validate the knowledge and skills of senior cybersecurity managers.
Many certification roadmaps include (ISC)2’s CISSP (Certified Information System Security Practitioner) as a crucial cybersecurity certification to consider in a career and education plan. One example is the CompTIA IT Certification Roadmap, which places CISSP in the “Expert” column of the Information Security pathway. The CompTIA roadmap of IT certifications is not alone in recognizing the importance and value of the CISSP.
(ISC)2 asserts that as of 2021 there are over 142,000 CISSP-certified individuals in over 170 countries, and that number is growing at a steady pace. Those who hold the CISSP certification are employed at Fortune 500 companies, governments, small businesses, start-ups, and many operate as independent contractors.
CISSP is a widely desired indicator of knowledge, experience, and excellence on the resume of many IT professionals. The drive to achieve this notable certification is evidenced by its appearance on a significant number of job postings. Performing a job search reveals an astounding number of IT and cybersecurity positions request that the applicant be CISSP-certified.
Those holding the CISSP certification are also among some of the highest-paid IT professionals, earning $59,000 to $194,000 USD (based on data from several surveys). Keep in mind that salaries are often based on an individuals’ breadth of skills and years working in the field.
According to the Global Knowledge 2020 IT Skills and Salary Report, CISSP-certified professionals have the third-highest worldwide IT salaries ($119,170 USD) and rank fifth in North America ($138,647 USD). The North American salary for CISSP professionals in 2020 was an increase of over 10% from 2019 and the ranking increased from 10th to 5th in only a year. CISSP is also listed as the second most common certification being pursued by IT professionals seeking to advance their careers.
A 2020 survey by Certification Magazine reveals even further insights into the demographics of those holding the CISSP certification.
- 96.8% are employed full-time
- CISSP holders are often senior specialists (43.2%), managers (16.7%), directors (14%), senior managers (13%), specialists (6.5%), or executives (3.4%)
- 72.1% have worked in cybersecurity for over a decade
CISSP remains an indicator of cybersecurity expertise and a highly desired certification for many reasons:
- It is a certification that is not based solely on passing an exam. It also requires that the professional obtain sufficient experience in the field of cybersecurity and IT security management.
- The experience of the professional is verified by others in the industry who hold CISSP to confirm that new applicants are abiding by the experience requirements.
- Education and experience must continue to accumulate while holding the CISSP certification. This is accomplished by requiring CISSP certified professionals to earn continuing professional education credits (called CPEs) every year.
- (ISC)2 is guided by a board of directors who are elected by the CISSP holders from amongst themselves.
- CISSP was one of the original certifications included in the DoD Directive 8570.1m (revised by DoD Directive 8140.01) and remains the dominant certification used/obtained for those in numerous cybersecurity positions.
Certifications, especially CISSP, often result in an IT professional experiencing either advancement in their job position or a raise of nearly 20% on average. Therefore, pursuing CISSP and other certifications is often a worthwhile investment in time and expense due to the increased pay, job promotion, and prolonged benefit to a career.
How to obtain and remain CISSP certified
The CISSP certification is designed for experienced IT professionals. To fully achieve the certification, you need to have five years of cumulative paid relevant work experience in two or more of the CISSP topical domains. There are some options of substituting one year of experience for a recent IT or security-related college degree or another authorized certification from a list of over 50 qualifying options.
Your experience will be confirmed by another person holding CISSP in good standing. This process is called endorsement. You have nine months after passing your exam to complete the endorsement process and achieve the CISSP certification. If you fail to be endorsed by that deadline, you lose your exam-passing status and will have to re-take the exam.
If you don’t have five years of relevant experience, you can still take the CISSP exam, and then you’ll have up to six years to obtain or finish obtaining the required five years of experience. This pathway to certification is known as the “Associate of (ISC)2.” It means you will take the same CISSP exam, but the endorsement deadline is extended to six years.
During your exam registration, one of the last questions you are asked is about whether or not you are pursuing the “Associate of (ISC)2.” If you are unsure about your experience, go ahead and select the “Associate of (ISC)2” path. There is no requirement to wait six years to complete the endorsement, and you can still perform it the week after you pass the exam if you do have five years of relevant experience.
This requirement to be endorsed is focused on verifying a candidate’s real-world, full-time paid work experience in the arena of IT security. As a CISSP candidate, this is a significant benefit because few other certifications verify both your ability to pass an exam as well as having real-world work experience in advanced IT security operations. Thus, with the CISSP certification on your resume, you are automatically more attractive to hiring organizations than those applicants without.
Don’t forget about your need to earn education credits to maintain your certification. Every three years you must earn 120 continuing professional education (CPE) credits to maintain your CISSP certification. Details about CPEs are also available in the (ISC)2 Continuing Professional Education (CPE) Handbook.
Additionally, you will pay an Annual Maintenance Fee (AMF) of $125 for your CISSP certification. Your first AMF is due immediately upon achieving certification, then it is due each year on your anniversary date.
Once certified, you will have access to the members-only area of the (ISC)² website where you can keep track of your earned CPEs and pay your AMFs. Failing to meet either requirement will result in the suspension of the certification and if not resolved within two years, termination of the certification.
Maintaining a CISSP certification is a significant benefit to IT professionals throughout their careers. The continuing education requirements show hiring organizations that you are still learning and working to maintain knowledge and skill in regards to the latest concepts, tools, and advancements in IT security.
Preparing for the CISSP exam
To prepare for the CISSP exam, there are several resources or paths to consider.
I highly recommend attending a CISSP preparation training class. Global Knowledge offers a CISSP Certification Prep Course that provides in-depth coverage of all eight domains required to pass the CISSP exam.
Instructor-led classroom or virtual classroom courses will immerse you in the concepts and details of CISSP material. A training course will focus your attention on CISSP for the duration of the class and allow you to interact with other students and the instructor to gain a deeper understanding of topics, as well as provide an opportunity to get your questions answered.
Another preparation path is self-study. For some who already possess strong core skills in the area, this may be a sufficient means to prepare for the CISSP exam. However, I would recommend assessing your abilities and knowledge base early.
In the event you are not able to obtain the knowledge on your own, plan on attending a formal training class. To assess your preparedness, you need to use a 100- to 150-question practice exam that covers the full range of CISSP topics. If you score 80% or better, then you are likely able to self-study for the exam.
Even if you are taking an instructor-led prep course, self-study should complement it. Either way, there are several resources I recommend. A good study guide is always an excellent starting point. The CISSP Study Guide 9th Edition is a great choice. It is the book used by Global Knowledge in its CISSP training classes, and I am one of the book’s three authors.
It includes coverage of every topic listed on the official Certification Exam Outline, plus many other subjects that support the main topics, relate to the main topics, or that round out your knowledge and understanding of the main topics. This book includes end-of-chapter questions that are also available online through a testing engine.
The online resources include the end-of-chapter questions plus an additional 500 questions grouped as four 125 question practice tests that do not appear in the book, as well as a large glossary and over 1,000 flashcards.
For additional practice questions, I recommend the following:
- The CISSP Official Practice Tests 3rd edition
- The quiz engine at skillset.com
- The quiz engine at cccure.education
- The practice questions from Boson
However you elect to study, be sure to regularly review the Certification Exam Outline to make sure that you fully understand every listed item. You also want to round out your preparation by taking numerous full-length (100 –150 question) practice tests and seek to consistently achieve 80% correct. This should indicate that you are well prepared to take and pass the CISSP exam.
Finding a great cybersecurity job position with a CISSP certification
The field of cybersecurity is growing quickly. So quickly that positions are sitting open waiting to be filled by qualified individuals. Are you one of those people ready to make a change in your career towards the future?
Cybersecurity is the arena of technology, methodology, and practice which focuses on protecting electronic information and the systems supporting it against compromise and attack. As a society, we have all become heavily dependent on computers, networks, and data stores.
This, in turn, has exposed us to the risk of loss or compromise of those data systems. The need for personnel knowledgeable and experienced in security implementation and management has never been greater, and the need is growing.
CERTIFICATION PREP GUIDE
Are you looking to become a CISSP Certified Professional?
Prepare yourself today by downloading our Certification Prep Guide and get ahead of the game.
Search for Job Opportunities in Your Area
As with anyone seeking out a new job or a career change, the first step is to discover what opportunities exist in the marketplace. Performing an initial assessment of offerings will provide you with a better understanding of what positions are available and what the minimum requirements are for each type of job.
In your survey of available security positions, you may see several certifications commonly requested. Among these, you are likely to see prominently is the requirement for (ISC)2 's Certified Information Systems Security Professional (CISSP). The CISSP certification has been one of the top requested certifications for over two decades and remains so in the security industry today.
Take the time to look through many of the job listings uncovered during your search. After some review, pick a position or title that seems appealing to you, such as cybersecurity manager, database security administrator, security policy chief, security trainer, or security systems quality assurance.
Then, search again with your selected title or position. Find different organizations requesting applicants for that position and then take note of several items:
- Required certifications in addition to CISSP
- Required specialty education
- Required experience
- Starting and potential salary and benefits
Every Company Requires Different Certifications
Every organization will have its requirements when selecting a potential new hire. You need to know what the marketplace seems to be requesting to get an overall sense of what is common and reasonable as requirements.
Most individual certifications are just part of the overall picture of what a company is seeking in a new applicant. Thus, performing a real-world position survey will give your expectations a solid dose of reality.
Having one or two certifications under your belt is rarely sufficient to landing a new job position. And those job positions that can be obtained with minimal certification are unlikely to pay at the marquee level.
Salary surveys over the last year or so often indicate that some cybersecurity jobs pay more than $100,000 per year plus benefits. However, if you fail to read the fine print on these eye-catching headlines, you might miss the fact that the top paying careers could require several years of specialized secondary education, may require dozens of certifications, and often 10+ years of relevant experience.
Be realistic. Top pay is given to those with the knowledge and ability to solve problems and improve an organization's security stance. Standing out from the crowd with excellence and a proven track record is what awards you with higher compensation.
Find a position you can land now, then seek out that which is necessary to move up your career ladder toward your dream job. This often includes obtaining more knowledge, acquiring additional certifications, developing new skills, and taking on challenges at work to prove your capabilities to management.
As a global learning provider, Global Knowledge offers a CISSP certification prep course to help advanced IT professionals study for and pass their CISSP exam. Take the course in the modality that fits your schedule and learning style to achieve your learning and certification goals.