Learn how to prep for the most comprehensive and in-demand cybersecurity certification
Many certification roadmaps include (ISC)2’s CISSP (Certified Information System Security Practitioner) as a crucial cybersecurity certification to consider in a career and education plan. One example is the CompTIA IT Certification Roadmap, which places CISSP in the “Expert” column of the Information Security pathway. The CompTIA roadmap of IT certifications is not alone in recognizing the importance and value of the CISSP.
CISSP is a widely desired indicator of knowledge, experience and excellence on the resume of many IT professionals. CISSP is not just recommended by industry groups—it has achieved its respected position as an important IT certification through practical observation. The drive to achieve this notable certification is evidenced by its appearance on a significant number of job postings. Performing a job search in any moderate or larger metropolitan area reveals an astounding number of IT and cybersecurity positions request that the applicant be CISSP-certified.
A quick scan of resume posting sites also shows that many IT professionals are either currently employed or are job seeking include CISSP on their resume and/or profile to attract the attention of top job brokers and HR managers.
(ISC)2 asserts there are over 125,000 CISSP-certified individuals worldwide, and that number is growing at a steady pace. Those who hold the CISSP certification are employed at Fortune 500 companies, start-ups, and many operate as independent contractors.
According to the Global Knowledge IT Skills and Salary Report, CISSP-certified professionals have the highest worldwide IT salaries ($100,146) and rank fifth in the United States ($111,475).
A 2018 survey by Certification Magazine reveals even further insights into the demographics of those holding the CISSP certification.
- Over 10% of certification holders are women
- Most are aged 35 to 64
- 41.8% have a master’s degree and an additional 33.2% hold a bachelor’s degree
- 94.2% are employed full-time
- CISSP holders are often senior specialists (42.7%), managers (16.4%), or directors (11.8%)
- 70% have worked in cybersecurity for over a decade
How to get and remain CISSP certified
The CISSP certification is designed for experienced IT professionals. To fully achieve the certification, you must have five cumulative years of paid, relevant work experience in two or more of the CISSP topical domains. There are options to substitute one year of experience for a recent IT or security-related college degree or another authorized certification. (Here is a list of more than 50 qualifying certifications: www.isc2.org/Certifications/CISSP/Experience-Requirements).
Your experience will need to be confirmed by another person holding the CISSP and in good standing with the certification requirements. This process is called endorsement. You have nine months after passing your exam to complete the endorsement process and achieve the CISSP certification. If you fail to be endorsed by that deadline, you lose your exam passing status and will have to re-take the exam.
If you don’t have five years of relevant experience, you can still take the CISSP exam, and then you’ll have up to six years to obtain or finish obtaining the five years of required experience. This pathway to certification is known as the “Associate of (ISC)2.” It means you will take the same CISSP exam, but the nine-month deadline to be endorsed is extended to six years.
During your exam registration, one of the last questions you are asked is whether you are pursuing the “Associate of (ISC)2.” If you are unsure about your experience, you should elect the “Associate of (ISC)2” path. There is no requirement to wait six years to complete the endorsement, and you can still perform it the week after you pass the exam if you do have five years of relevant experience.
Do not claim to be CISSP-certified in conversations, in email, or on your resume until you have received the welcome packet from (ISC)2. This welcome packet will be sent to you after you have met all the requirements and your endorsement is accepted. It will arrive by postal mail and will include a certificate of achievement suitable for framing along with instructions for how to take advantage of the many benefits of being CISSP certified.
Take the (ISC)2 Code of Ethics seriously. If you are found to be in violation of the Code of Ethics, (ISC)2 can strip you of your certification and bar you from ever taking one of their certifications again. As long as you are an ethical and law-abiding individual, this should not be a concern.
Don’t forget about the requirement to earn education credits to maintain your certification. Every three years you must earn 120 continuing professional education (CPE) credits to maintain your CISSP certification. In addition, you are also required to pay a yearly Annual Maintenance Fee (AMF) of $85. Most of the details regarding AMFs are only available to members who log into their accounts on www.isc2.org.
Preparing for the CISSP exam
In order to prepare for the CISSP exam, there are several resources or paths to consider.
I highly recommend attending a CISSP preparation training class. Global Knowledge offers a CISSP Certification Prep Course that provides in-depth coverage of all eight domains required to pass the CISSP exam.
Instructor-led classroom or virtual classroom courses will immerse you in the concepts and details of the CISSP material. A training course will focus your attention on CISSP for five full days and give you the opportunity to interact with other students and the instructor to gain a deeper understanding of topics, as well as provide an opportunity to get your questions answered.
Another preparation path is self-study. For some who already possess strong core skills in the area, this may be a sufficient means to prepare for the CISSP exam. However, I would recommend assessing your abilities and knowledge base early. In the event you are not able to obtain the knowledge on your own, plan on attending a formal training class. To assess your preparedness, use a 100- to 150-question practice exam that covers the full range of CISSP topics. If you score 70% or better, then you are likely able to self-study for the exam.
Even if you are taking an instructor-led prep course, self-study should complement it. Either way, there are several resources I recommend. A good study guide is always an excellent starting point. The CISSP Study Guide 8th Edition is a great choice. It is the book used by Global Knowledge in their CISSP training classes, and I am one of its three authors. It includes coverage of every topic listed on the official Certification Exam Outline, plus many other subjects that support the main topics, relate to the main topics, or that round out your knowledge and understanding of the main topics. This book includes end-of-chapter questions which are also available online through a testing engine. The online resources include the end-of-chapter questions plus an additional 900 questions that do not appear in the book, as well as a large glossary and over 1,000 flash cards.
For additional practice questions, I recommend the following:
- The CISSP Official Practice Tests 2nd edition
- The quiz engine at www.skillset.com
- The quiz engine at www.cccure.education
However you elect to study, be sure to regularly review the Certification Exam Outline to make sure that you fully understand each and every listed item. You will also want to round out your preparation by taking numerous full length (100 –150 question) practice tests and seek to consistently achieve above 80% correct. This should indicate that you are well prepared to take and pass the CISSP exam. The CISSP certification will be a solid addition to your resume, it will earn you the respect of your peers, and it may even enlarge your wallet.