Roadmap to Success: CISSP
Roadmap to Success is a series of posts designed to help learners better understand certification pathways, career opportunities associated with those certifications, and next steps beyond certification.
UPDATED: We updated this article on October 20, 2016, to reflect relevant changes to the CISSP certification curriculum.
The Certified Information Systems Security Professional (CISSP) certification is a globally recognized, vendor-neutral credential designed to equip learners with the knowledge and skills needed to protect organizations from increasingly sophisticated attacks. As the need for highly qualified security professionals grows within the IT industry, the CISSP has emerged as a popular and in-demand certification. Generally, the CISSP qualifies learners for roles including security consultant, security manager, IT director or manager, security auditor, security architect, and security analyst.
(ISC)2 Certified Information Systems Security Professional (CISSP) The Certified Information Systems Security Professional (CISSP) credential is an advanced certification designed to validate the skills and abilities for those with proven deep technical and managerial competence, experience, and credibility to design, engineer, implement, and manage information security programs to protect organizations. The CISSP tests learners' competence in eight (8) domains from the common body of knowledge. The CISSP credential is made up of just one exam, which is covered by the CBT Nuggets training playlist, (ISC)2 CISSP 2018.
Typically, learners pursuing this certification should have at least five (5) years of experience working in IT security. Ideally, before attempting the CISSP, learners should have experience in access control, telecommunications and network security, information security governance and risk management, software development security, cryptography, security architecture and design, operations security, business continuity and disaster recovery planning, legal, regulations, investigations and compliance, and physical environment security.
Downloadable Study Plan CBT Nuggets offers a study plan that maps to Keith Barker's (ISC)2 CISSP 2018 training. This downloadable CISSP study plan breaks down the course and supplemental learning resources to equip learners with a strategic and manageable approach to conquer training goals.
Exam Details The CISSP exam is demanding. Not only must learners demonstrate their experience in order to qualify for the opportunity to sit for the exam, but they also must demonstrate real endurance through the 6-hour, 250-question exam experience.
Prerequisite experience: Minimum of five years of cumulative paid full-time work experience in two or more of the eight domains. Time allotted for exam: 6 hours Number of questions: 250 Passing score: 700 out of 1,000 points Exam registration: Pearson Vue testing centers Exam cost: $599 (USD)* *Learn more about 2016 (ISC)2 exam pricing. Please note that pricing may change in 2017. Exam outline: Available by request (free resource) Endorsement: Once you pass the exam, you have nine months to complete the endorsement process to be fully CISSP certified.
Recertification (ISC)2 credentials are valid for three years from the date of certification. In order to maintain a credential, learners also must earn and post Continuing Professional Education Credits (CPEs). Learn more about maintaining a credential on the (ISC)2 website. Please note that (ISC)2 requires annual maintenance fees (AMFs) in addition to CPEs.
The Next Step The CISSP is an advanced security credential. It can serve as a building block to prepare learners to continue with (ISC)2 certifications by earning CISSP Concentrations including:
Often, learners working in security-related fields will have a diverse certification portfolio that might include:
CCNA Security (made up of two exams: ICND1 and IINS)
CCNP Security (made up of four exams: SISAS, SENSS, SIMOS, and SITCS)
Certified Ethical Hacker (made up of one exam: EC Council Certified Ethical Hacker v9.0)
ISACA CISM (made up of one exam: ISACA CISM)
CompTIA Security+ (made up of one exam: CompTIA Security+)
Career Considerations The InfoSec Institute provides a helpful salary guide to help learners determine appropriate pay scales for job opportunities associated with the CISSP. Depending on professional experience, an employee who holds a CISSP can earn between $54,820 and $152,311. Payscale.com/ reports a smaller range of salaries for employees holding a CISSP credential, landing between $60,579 and $152,584. Common roles or titles for those who hold a CISSP include information security analyst, information security manager, IT security architect, information security officer, and security engineer.
The (ISC)2 CISSP certification meets the requirements for DOD 8750 and/or DOD 8140 baseline certifications for IAT Level III, IAM Level II, IAM Level III, IASAE Level I, and IASAE Level II, qualifying learners for Department of Defense jobs and contract work for the U.S. federal government.
(ISC)2 Credential Pathways Unlike many IT industry certification vendors, (ISC)2 credentials rely heavily upon learner experience, rather than on traditional prerequisite exams or certifications. Using years of experience as a means of direction, (ISC)2 has developed a helpful credential guide. Generally, (ISC)2 credentials are broken down as follows:
Less than one year of experience:
1-2 years of experience:
HealthCare Information Security and Privacy Practitioner (HCISPP)
4 years of experience:
5 or more years of experience:
Certified Information Systems Security Professional (CISSP) CISSP Concentrations: CISSP Architecture (ISSAP) CISSP Engineering (ISSEP) CISSP Management (ISSMP)
3 years of experience with degree or 6 years of experience without degree:
While (ISC)2 credentials do not have traditional prerequisites, learners must be able to demonstrate that they have the required experience before they are permitted to sit for an exam. A learner's experience must be proven and aligned with the (ISC)2 Common Body of Knowledge (CBK) domains.
Most typically, learners advance chronologically through the credentials according to their experience in the industry. However, learners can enter into the credential process at any stage of their careers. So, it's common for learners to attempt their first (ISC)2 credential at the CISSP level, or beyond.
Concluding Thoughts Earning a CISSP credential is a significant step in one's IT career, and one that proves advanced skills, abilities, and knowledge. Working to earn the CISSP is a significant commitment with the potential for significant reward. Start training for the CISSP today!
Watch. Learn. Conquer the CISSP!
Not a CBT Nuggets subscriber? Start your free week now.
Learn more about the CBT Nuggets Learning Experience.