CISSP, which stands for Certified Information Systems Security Professional, is a certification offered through (ISC)2 (The International Information System Security Certification Consortium), an international nonprofit dedicated to improving information security worldwide.
Why Become a CISSP?
In contrast with the CISM certification, which is more focused on the managerial aspects of information security within a company, the CISSP is more technically-focused. It equips you to deal with real cybersecurity risks in the workplace and, in the end, indicates that an you can design, implement, and maintain an information security program in a business.
The CISSP Certification is especially designed for those working in the following job fields, among others:
- Security Analyst
- Security Consultant
- IT Director
- Network Architect
- Security Systems Engineer
While there are many benefits to becoming a CISSP, one of the top reasons to consider this certification involves upward mobility and visibility in your career. And according to ISC(2), the CISSP certification can “improve your job security, create new opportunities for you or even increase your salary.”
How do You Become a CISSP?
The path to becoming a CISSP is fairly straightforward, but it is a multi-step process. In order to be certified you must pass an exam, have the requisite work experience, and have your application endorsed.
The CISSP Exam
The CISSP exam is a multiple-choice CAT exam offered at Pearson VUE Testing Centers. It covers eight fundamental domains of information security, listed and weighted approximately on the exam as follows:
- Domain 1: Security and Risk Management (15%)
- Domain 2: Asset Security (10%)
- Domain 3: Security Architecture and Engineering (13%)
- Domain 4: Communication and Network Security (14%)
- Domain 5: Identity and Access Management (13%)
- Domain 6: Security Assessment and Testing (12%)
- Domain 7: Security Operations (13%)
- Domain 8: Software Development Security (10%)
In order to get your CISSP certification, you must have at least 5 years of full-time work experience in at least two of the eight CISSP domains–which, you’ll recognize, are the same domains as those tested on the CISSP exam:
- Domain 1: Security and Risk Management
- Domain 2: Asset Security
- Domain 3: Security Architecture and Engineering
- Domain 4: Communication and Network Security
- Domain 5: Identity and Access Management
- Domain 6: Security Assessment and Testing
- Domain 7: Security Operations
- Domain 8: Software Development Security
If you don’t have the required work experience before you take the CISSP exam, there’s still an option for you– anyone who takes the CISSP exam without having the work experience beforehand becomes an Associate of ISC(2). That gives you six years to complete the requisite five years of work experience.
(ISC)2 Code of Ethics and Endorsement
Once you pass the exam, assuming you have already completed the requisite work experience, you have nine months to complete your CISSP certification. This means that you need to agree to follow ISC(2)’s code of ethics and have your (ISC)2 application endorsed by an (ISC)2 member who is a certified professional. This endorsement means that your work experience is considered satisfactory.
Maintaining Your CISSP Certification
After you’ve completed your CISSP certification and are operating as a full CISSP, you need to maintain your certification. This means re-certifying every three years, which requires three things:
- Following the (ISC)2 Code of Ethics
- Paying the annual $85 maintenance fee
- Earning and submitting 40 continuing professional education hours each year, for a total of 120 hours over the three years
These continuing education hours can come from a variety of sources, including (ISC)2-sponsored live worldwide and online seminars.