Is the CISSP Worth It?

The internet can be a scary place. Every year, all around the world, billions of dollars get spent in the hopes of preventing hundreds of millions of dollars worth of cyber attacks. With all that money, attention and expertise getting invested in it, cybersecurity is serious business. It's also a broad, deep and complicated business. True mastery of cybersecurity principles includes physical security, information technology, and digital safeguards – all of which are covered in the CISSP.

Companies and businesses who need to remain safe online depend on trained and certified men and women. The CISSP is one of the certifications that companies look for when hiring cybersecurity professionals into positions of authority for their networks. 

Earning the CISSP proves much more than being able to design and implement a cybersecurity program, it also means you've committed yourself to being a member of an organization that represents the best in digital security practices and principles.

What is the CISSP?

The CISSP is an advanced cybersecurity certification issued and maintained by (ISC)². The non-profit International Information System Security Certification Consortium, or (ISC)², is a professional organization that is committed to identifying cybersecurity best practices and disseminating them to professionals and businesses all over the world. The CISSP is one of eight certifications that (ISC)² offers to cybersecurity professionals with some of the best knowledge, skills, and abilities in the industry.

The Certified Information Systems Security Professional or CISSP from (ISC)² is a certification of a cybersecurity professional's ability to design, implement and manage an advanced cybersecurity system. There are many factors of cybersecurity tested by the CISSP, including proving your ability to manage security and risk procedures and asset security. The certification focuses on designing security architectures and providing network security for communication and information networks. Identity and access management is a key part of CISSP, as is assessing security postures and testing for vulnerabilities. Last, having a CISSP proves competence in managing security operations and software development security.

Earning the CISSP requires a few different things: first, you have to pass the CISSP Exam. You must also apply for membership to the (ISC)² and prove five years of cumulative paid work experience in two or more of the eight domains of the CISSP body of knowledge.

What are the CISSP Exam Objectives?

The (ISC)² Certified Information Systems Security Professional (CISSP) exam is a 3-hour exam with 100-150 multiple choice questions and what (ISC)² calls "advanced innovative items". There are eight exam objectives for the (ISC)² CISSP exam, which they refer to as domains:

• Domain 1. Security and Risk Management

• Domain 2. Asset Security

• Domain 3. Security Architecture and Engineering

• Domain 4. Communication and Network Security

• Domain 5. Identity and Access Management (IAM)

• Domain 6. Security Assessment and Testing

• Domain 7. Security Operations

• Domain 8. Software Development Security

The CISSP exam is one of the most wide-ranging and thorough cybersecurity certification exams available. As can be seen from the domains, the CISSP exam covers fundamentals of cybersecurity theory through advanced and specialized implementations like maintaining security for teams who develop applications. 

How much does the CISSP Exam Cost?

The CISSP exam itself costs $499 USD, but there are additional costs to consider. Earning the CISSP is not as simple as passing the exam – although that's necessary. You must also be a member in good standing with (ISC)², and that's not free. You have to pay $125 to become a member and pay it again as an annual maintenance fee for as long as you hold the certification. You only pay the annual fee once, regardless of how many certifications you hold. That means that, in total, earning the CISSP will cost at least $624 and $125/year after that.

What Experience Do You Need for the CISSP?

There are two answers to the question of how much experience you need for the CISSP. There's the CISSP exam itself and then there's the credential. Passing the CISSP exam will be very hard without plenty of real-world experience and preparation, but (ISC)² also has specific work requirements you must prove before you can actually earn the CISSP.

The CISSP exam is a challenging exam that requires deep technical and managerial knowledge in designing, engineering, and managing an organization's overall security posture. The CISSP is relevant across all disciplines in the field of information security because it tests technical subjects like implementing secure design principles in network architectures and broad managerial subjects like applying the right risk management concept to an organization's security posture.

But (ISC)² requires that anyone who plans to earn the CISSP demonstrate at least five years of paid work experience in at least two of the eight domains that are on the test. There are some small exceptions and ways to shave off a year (with a bachelor's degree or equivalent certification) here or there. But ultimately, earning the CISSP requires proving that you've worked a minimum of 35 hours/week for five years in a related cybersecurity field.

Who Should Take the CISSP?

The list of IT professionals who should take the CISSP is long. The CISSP itself is a broad certification that applies to many different disciplines within cybersecurity. Managers of cybersecurity teams will advance their careers just as much as technical experts. Junior security analysts should earn the CISSP, and so should Chief Information Security Officers.

Is CISSP Worth It for Directors of Security or IT Directors/Managers?

The CISSP is worth it for high-level administrators and managers like Security Directors, Directors of IT or IT Managers. Technical aspects of the exam and certification aside, the CISSP covers important topics for IT and security managerial professionals to know like aligning the security function of a cybersecurity strategy with a business strategy, goals, mission, and objectives.

Or maybe you're a manager or director who provides governance oversight. The CISSP is worth it because of its emphasis on understanding the legal and regulatory issues, standards, and requirements that pertain to information security programs in a holistic way. Earning the CISSP demonstrates that you know how to determine and comply with formal requirements and achieve business objectives, which is key for directors and managers of IT and security.

Is CISSP Worth It for Network Architects or Security Architects?

Yes, the CISSP is worth it for most network architects and security architects. The CISSP can only be earned by security professionals who understand how to plan, implement and maintain a security strategy. Network and security architects who plan and design their business' security posture from the ground up can use the CISSP to prove familiarity with vulnerabilities and strengths of security architectures, designs and solution elements.

Security and network architects are responsible for determining the right cryptographic solutions to deploy under different circumstances, and the CISSP is perfect for proving your knowledge of that. Whether you want to emphasize how to identify cryptanalytic attacks or design site and facility security controls, the CISSP is the best way to prove your expertise.

Is CISSP Worth It for a Security Administrator?

Yes, the CISSP is definitely worth it for security administrators who know they want to continue in the career field. Not only that, but because it's an intentionally broad certification that applies to eight different cybersecurity domains, it's perfect for helping guide you to the parts of the job that you like the most and that you're the best at.

Managing identification and authentication of people, devices and services is a common job responsibility for security administrators early in their career, and earning the CISSP proves a profound understanding of the principles of IAM. Or maybe you'd like to move away from technical configurations and want to emphasize a career in assessing, testing, and validating security strategies. The CISSP is worth it for anyone who wants to conduct security control testing or reporting on test outputs.

Is the CISSP Worth It?

The CISSP is worth it for practically any cybersecurity professional. Even IT professionals who don't come into direct contact with traditional cybersecurity implementations and configurations should consider doing the prep work necessary to earn the CISSP. $624 is a hefty price tag for the CISSP, and paying $125/year might be discouraging, but the value you'll get from the CISSP will almost certainly make it worth it. 

Using CISSP to Learn Skills

Maybe you've read this far and you're starting to think that the CISSP is too advanced a certification for you at this point in your career. But the great thing is that even if you don't have five years of paid work experience in two of the eight domains the CISSP covers, you can still take it. After that, you can become an Associate of (ISC)², which is like a junior version which means you have the cybersecurity skills, abilities, and knowledge, and are still working on the experience part.

And since the CISSP is such a thorough test of cybersecurity skills, there are tons of ways to prepare for it and learn all the skills you'll need to pass the test. No other cybersecurity certification covers all eight domains like CISSP does. If you want to prepare your career for security and risk management, asset security, security architecture, and engineering, or any of the five other domains on the test, preparing for the CISSP is a great way to learn those skills. 

Using CISSP to Validate Skills

For anyone who's already spent five or more years working in cybersecurity and wants to prove that you're familiar with everything that goes into designing and implementing an excellent security posture for a company, the CISSP is an excellent way to validate your skills. (ISC)² is a respected name throughout the IT industry, and earning the CISSP says to employers that you're a well-rounded security professional who's broadly capable and highly trained. Get started with CBT Nuggets today!