Become a Certified Information Systems Security Professional (CISSP)

CISSP Certification - Career, Requirements and Salary

Have you been fascinated with the Internet since you opened your first browser and visited your first website? If you have been, then as time progressed, you’ve likely become even more interested in how the Internet works and the safeguards put into place to protect those who use it. This might even have led you to major in Information Technology and Security in college. Now you have a shiny degree and have been told by those working in the field that you need to attain certifications and almost all the professionals suggested you start with the CISSP, also known as the Certified Information Systems and Security Professional. Wondering what that is, why you need it, and how to get it? Keep reading.

Why Earn the CISSP?

Attaining the CISSP is a foundation on which an IT security career can be built. By attaining this certification, an IT professional can join an organization that helps design and execute IT security throughout the world. Although it is possible to work as an IT security professional without the certification, a person’s career will plateau quickly and room for advancement will be limited. Anyone who wants to rise in the ranks of IT security would be wise to attain this certification. If a person went to the trouble of getting a degree in information technology and security, it just makes sense to continue that education and attain certification in the field.

Overview of Who Offers CISSP Certification?

CISSP certification is offered by the International Information Systems Security Certification Consortium, also known as (ISC)2. The organization was founded in 1989 and is a non-profit membership association for information security professionals. The organization has more than 140,000 certified members who work to create and execute information security measures in the United States and other countries.

Along with the CISSP certification, (ISC)2 also provides certification in the following areas:

  • Systems Security Certification Practitioner (SSCP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Authorization Professional (CAP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Healthcare Information Security and Privacy Practitioner (HISPP)

How to Get Certified

Work Experience/Associate of (ISC)2

In order to qualify to take the CISSP exam, an applicant must have a minimum of five years of professional work experience in the information security field. Their work history must include at least two of the 10 domains in the (ISC)2 CISSP Common Body of Knowledge (CBK).

An applicant can qualify for a waiver of one year of work experience if they meet one of the following qualifications:

  • Have attained a four-year degree from an accredited college or university
  • An advanced degree in Information Security from a US National Center of Academic Excellence in Information Security (CAE-IAE)
  • Hold a credential from the (ISC)2 approved list:
    • Microsoft Certified Solutions Expert (MCSE)
    • CompTIA Security+
    • Certified Information Systems Auditor

The waiver means that, instead of needing five years of work experience, an applicant only needs four years.

Taking the Exam

The exam is given year-round at authorized testing centers around the world. That said, many applicants have to travel to get to the nearest authorized testing location.

The exam itself consists of 250 multiple-choice questions, based on the following CISSP domains:

  • Domain 1. Security and Risk Management
  • Domain 2. Asset Security
  • Domain 3. Security Architecture and Engineering
  • Domain 4. Communication and Network Security
  • Domain 5. Identity and Access Management (IAM)
  • Domain 6. Security Assessment and Testing
  • Domain 7. Security Operations
  • Domain 8. Software Development Security

Test takers have six hours to complete as many questions correctly as possible. To pass, an applicant must score a minimum of 700 points out of a possible 1,000. If an applicant has studied the testing guide provided by the (ISC)2 or another study organization and taken at least one practice test, the questions should at least be familiar.

You can sign up to take the exam on the Pearson VUE website. Applicants will have to create an account and then follow the prompts to register for the exam. The exam costs $549 if you register early or $599 if you miss the early registration deadline. If you take the exam at a testing location there are several security protocols you must follow such as providing a valid ID; taking nothing with you into the testing location including drinks, cell phones, or books; and only a proctor can let you in or out of the testing facility.

Code of Ethics and Endorsement

After an applicant has taken and passed the CISSP exam, they have to get a written endorsement. The endorsement must come from an active (ISC)2 credential holder who can attest to the applicant’s industry knowledge. Along with this endorsement, applicants must agree to adhere to the code of ethics established by the (ISC)2.

The code is broken down into four canons:

  • Protect society, the commonwealth, and the infrastructure
  • Act honorably, honestly, justly, responsibly, and legally
  • Provide diligent and competent service to principals
  • Advance and protect the profession

Basically, (ISC)2 members agree to act and perform their duties at the highest level of ethics and integrity. They are bound to treat fellow members, employers, and the public properly and to act truthfully and with solidly ethical actions.

Annual Maintenance Fees

Annual maintenance fees are used to keep the (ISC)2 organization going. The fees also cover programs that help keep members informed and trained in the latest security protocols. There are two tiers of membership fees broken down according to membership level.

  • Certified (ISC)s member
    Annual maintenance fees are a flat $125, due on the anniversary of their certification. Certified members only pay $125 regardless of the number of certifications they hold with the (ISC)2.
  • Associate (ISC)2 member
    Annual maintenance fees are $50, due on the anniversary of becoming an associate.

How to Prepare for the Test

The best way to prepare for the test is to study for it. Both Pearson and the (ISC)2 offer study guides for purchase. You can also take practice tests that are provided with the study materials. As a general rule, an applicant should study a portion of the material each night for several months. Taking a practice test before you start studying will provide a baseline and help reveal the areas where you need to focus your studying efforts. After several weeks of studying, take another practice test and see where you still need work. Using this method will best help you prepare for the exam. Cramming for the test just weeks or days before the exam is discouraged. It’s also ill-advised to rely on your work experience for a passing score, as your work experience might not sync perfectly with the testing materials. You’ll also want to make sure all your needed paperwork is in order and that you were truthful on your application. This is especially important because a portion of new applicants are audited. If during the audit it is found that you weren’t truthful in your application, membership to the (ISC)2 will possibly be revoked.

Advantages to CISSP Certification

Earning the CISSP certification can benefit an information security professional in a variety of ways. As with other professions, you are taken more seriously if you have an advanced degree or specialized training in an area. Attaining the certification shows that you went the extra step to study, sit for, and pass an exam as well as going through the screening process and being accepted for membership with (ISC)2. For many in the information security field, this is an important distinction. Along with making you look more credible, it also makes you more marketable. Companies want its employees to stay in tune with the latest goings-on, so the CISSP certification shows that you’re willing to do so, especially considering the certification has to be renewed every three years. As part of the renewal process, certified professionals have to log 120 continuing education credits focused on security and information technology. Setting yourself up as an expert that stays informed also equates to more money. The certification means you can command a higher salary than a worker who doesn’t hold the certification.

Typical CISSP Responsibilities & Duties

A Certified Information Systems Security Professional’s duties might vary a bit from one employer to another, but there are some core duties and responsibilities a professional will have regardless of where they’re working.

Some of these duties include:

  • Understanding dangers to the security of data and information
  • The skills to repair and/or fortify frameworks where breaches occur or could occur
  • The ability to work with various sorts of PC systems
  • A willingness to follow the code of ethics adopted by CISSP
  • Have the expertise to configure, build, and deal with the general security stance of an association or organization.

Along with these skills and duties, CISSP professionals need soft skills such as written communication, verbal skills, the ability to multitask, and the ability to work independently as well as with a group.

Careers and Salaries for CISSP Professionals

CISSP professionals can make a decent salary even at the beginning of their careers. According to the US Bureau of Labor Statistics, the average salary of an IT professional with less than five years of experience is $96,000. Salaries differ according to various factors. An information security expert with more than five to nine years’ experience can earn $87,005 but that increases dramatically after 10 years where the annual salary jumps to an average of $102,591, and general tops out at $117,000 for someone with 20 or more years’ experience. A salary can also be affected by geographic location. Two IT Security professionals, one in Atlanta, the other in NYC might have the same education, work experience, and hold the same certifications but the professional in Atlanta earns $96,372, while the NYC IT professional brings in $119,840. Finally, a title can also determine how much a professional earns. Security Architects earn the highest salaries, coming in at an average of $110,451. Information Security Managers and IT Directors can expect to earn $105,000 on average, while a security engineer earns an average of $92,293.

Demand for CISSP professionals is expected to grow at a rate of 32%, which is much faster than job growth in other industries, according to the BLS. It is anticipated and an additional 35,500 IT professionals will be needed by 2028.

Next Steps

Once you have attained the CISSP, you might be wondering “What’s next?” As we mentioned above, the (ISC)2 also offers certification in the following areas:

  • Systems Security Certification Practitioner (SSCP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Authorization Professional (CAP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Healthcare Information Security and Privacy Practitioner (HISPP)

If you think your focus is going to shift, attaining a certification in those possible areas would be ideal. For example, if you are considering working in the healthcare field, attaining the HISPP certification would make you more marketable in that industry pool. Plus, in the IT field, there is no such thing as too much education. Globally speaking, there are still many people who are just discovering the Internet; their online experience needs to be as safe as possible, and an IT professional’s expertise is needed to ensure that.

Leaders in Cyber Security Education: Find Your Career Today

Get started today on your path to advance your career!