Roadmap to Success: CISSP

Roadmap to Success is a series of posts designed to help learners better understand certification pathways, career opportunities associated with those certifications, and the next steps beyond certification.

UPDATED: This article was updated on October 20, 2016, to reflect relevant changes to the CISSP certification curriculum.

The Certified Information Systems Security Professional (CISSP) certification is a globally recognized, vendor-neutral credential designed to equip learners with the knowledge and skills to protect organizations from increasingly sophisticated attacks.

As the need for highly qualified security professionals grows within the IT industry, the CISSP has emerged as a popular and in-demand certification. Generally, the CISSP qualifies learners for roles including security consultant, security manager, IT director or manager, security auditor, security architect, and security analyst.

ISC2 Certified Information Systems Security Professional (CISSP)

The Certified Information Systems Security Professional (CISSP) credential is an advanced certification designed to validate the skills and abilities of those with proven deep technical and managerial competence, experience, and credibility to design, engineer, implement, and manage information security programs to protect organizations.

The CISSP tests learners' competence in eight (8) domains from the common body of knowledge. The CISSP credential is made up of just one exam, which is covered by the CBT Nuggets training playlist, ISC2 CISSP 2018.

Typically, learners pursuing this certification should have at least five (5) years of experience working in IT security. Ideally, before attempting the CISSP, learners should have experience in access control, telecommunications, and network security, information security governance and risk management, software development security, cryptography, security architecture and design, operations security, business continuity and disaster recovery planning, legal, regulations, investigations and compliance, and physical environment security.

Downloadable Study Plan

CBT Nuggets offers a study plan that maps to Keith Barker's ISC2 CISSP 2018 training. This downloadable CISSP study plan breaks down the course and supplemental learning resources to equip learners with a strategic and manageable approach to conquer training goals.

Exam Details

The CISSP exam is demanding. Not only must learners demonstrate their experience in order to qualify for the opportunity to sit for the exam, but they also must demonstrate real endurance through the 6-hour, 250-question exam experience.

• Prerequisite experience: Minimum of five years of cumulative paid full-time work experience in two or more of the eight domains.

• Time allotted for the exam: 6 hours

• Number of questions: 250

• Passing score: 700 out of 1,000 points

• Exam registration: Pearson Vue testing centers

• Exam cost: $599* *Learn more about 2016 ISC2 exam pricing. Please note that pricing may change in 2017.

• Exam outline: Available by request (free resource)

• Endorsement: Once you pass the exam, you have nine months to complete the endorsement process to be fully CISSP certified.

Recertification

ISC2 credentials are valid for three years from the date of certification. To maintain a credential, learners also must earn post-continuing Professional Education Credits (CPEs). Learn more about maintaining a credential on the ISC2 website. Please note that ISC2 requires annual maintenance fees (AMFs) and CPEs.

The Next Step

The CISSP is an advanced security credential. It can serve as a building block to prepare learners to continue with ISC2 certifications by earning CISSP Concentrations, including:

• CISSP Architecture (ISSAP)

• CISSP Engineering (ISSEP)

• CISSP Management (ISSMP)

Often, learners working in security-related fields will have a diverse certification portfolio that might include:

• CCNA Security (made up of two exams: ICND1 and IINS)

• CCNP Security (made up of four exams: SISAS, SENSS, SIMOS, and SITCS)

• Certified Ethical Hacker (made up of one exam: EC Council Certified Ethical Hacker v9.0)

• ISACA CISM (made up of one exam: ISACA CISM)

• CompTIA Security+ (made up of one exam: CompTIA Security+)

Career Considerations

The InfoSec Institute provides a helpful salary guide to help learners determine appropriate pay scales for job opportunities associated with the CISSP. Depending on professional experience, an employee who holds a CISSP can earn between $54,820 and $152,311.

Payscale.com/ reports a smaller range of salaries for employees holding a CISSP credential, landing between $60,579 and $152,584. Common roles or titles for those who hold a CISSP include information security analyst, information security manager, IT security architect, information security officer, and security engineer.

The ISC2 CISSP certification meets the requirements for DOD 8750 and/or DOD 8140 baseline certifications for IAT Level III, IAM Level II, IAM Level III, IASAE Level I, and IASAE Level II, qualifying learners for Department of Defense jobs and contract work for the U.S. federal government.

ISC2 Credential Pathways

Unlike many IT industry certification vendors, ISC2 credentials rely heavily upon learner experience rather than on traditional prerequisite exams or certifications. Using years of experience as a means of direction, ISC2 has developed a helpful credential guide. Generally, ISC2 credentials are broken down as follows:

Less than one year of experience:

• ISC2 Associate

1-2 years of experience:

• Systems Security Certified Practitioner (SSCP)

• Certified Authorization Professional (CAP)

• HealthCare Information Security and Privacy Practitioner (HCISPP)

Four years of experience:

• Certified Secure Software Lifecycle Professional (CSSLP)

Five or more years of experience:

• Certified Information Systems Security Professional (CISSP) CISSP Concentrations: CISSP Architecture (ISSAP) CISSP Engineering (ISSEP) CISSP Management (ISSMP)

• Certified Cloud Security Professional (CCSP)

Three years of experience with a degree or six years of experience without a degree:

• Certified Cyber Forensics Professional (CCFP)

While ISC2 credentials do not have traditional prerequisites, learners must be able to demonstrate that they have the required experience before they are permitted to sit for an exam. A learner's experience must be proven and aligned with the ISC2 Common Body of Knowledge (CBK) domains.

Most typically, learners advance chronologically through the credentials according to their experience in the industry. However, learners can enter into the credential process at any stage of their careers. So, it's common for learners to attempt their first ISC2 credential at the CISSP level or beyond.

Concluding Thoughts

Earning a CISSP credential is a significant step in one's IT career, and one that proves advanced skills, abilities, and knowledge. Working to earn the CISSP is a significant commitment with the potential for significant rewards. Start training for the CISSP today!

Watch. Learn. Conquer the CISSP!

Not a CBT Nuggets subscriber? Start your free week now.

Learn more about the CBT Nuggets Learning Experience.