The Certified Information Systems Security Professional (CISSP) certification is a prestigious credential for individuals in the cybersecurity field. Here’s a summary of key information about CISSP:
- CISSP is a renowned cybersecurity certification.
- It demonstrates your ability to design, implement, and manage top-tier cybersecurity programs.
- Achieving CISSP membership provides access to exclusive resources, educational tools, and networking opportunities within the ISC2 community.
- CISSP focuses on cybersecurity leadership and operations.
- The CISSP exam covers eight domains:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
- You need at least five years of cumulative, paid work experience in two or more of the CISSP Common Body of Knowledge (CBK) domains.
- If you have a relevant four-year college degree or hold an approved credential, you may be able to satisfy one year of the required work experience.
Who Benefits from CISSP:
- CISSP is suitable for experienced security professionals, managers, and executives.
- Positions that benefit from CISSP include Chief Information Security Officer, IT Director/Manager, Security Analyst, Security Auditor, and more.
CISSP is a valuable certification for cybersecurity practitioners looking to advance their careers and demonstrate their expertise in various security domains.
Difficulty: 1 out of 5.
CISSP is definitely a certification that people assume means one thing but actually means another.
CISSP is a risk management certification that helps technical individuals translate technical risk into business risk.
CISSP is not a cybersecurity certification (at least in the technical sense) nor is it something that shows you're an elite hacker.
CISSP shows people that have never thought about the net present value of a project how they are impacting the overall profitability of the business. You're presented with scenarios and asked to provide a management-level recommendation. You're not going to be selecting the command switches for technical controls. You're looking at overall strategy to maximize revenue and minimize cyber-physical risk. You might be asked about firefighting requirements inside of datacenters. You might be asked about the most budget-friendly way to reduce phishing attack surface. These are the questions you have to consider to pass the CISSP exam.
Out of all of the certifications I have, CISSP is definitely the one that gets the most interest for hiring purposes. I personally found it to be pretty easy because I had many years of project management experience working in a large corporation. Translating technical risk is something I was very good at so I pretty much just had to skim the book, do some practice questions to learn some framework questions, then went ahead and took it. I passed at 100 questions which means I had a pretty good running average.
Make sure you fully understand what experience requirements are prior to starting the CISSP journey. If you work in IT or software development, you probably qualify for CISSP. You don't have to be a titled cybersecurity expert. Good luck!
Difficulty: 4 out of 5.
My CISSP exam experience dates back to 2015, where I dedicated several weeks to studying and reviewing over 500 practice questions. The CISSP exam covers a vast breadth of material, yet it isn't overly technically challenging. It primarily focuses on management aspects rather than delving into deep technical intricacies. I strongly recommend individuals to pursue and maintain the CISSP certification, as it is often misunderstood and erroneously listed as a mandatory requirement in various job postings, even when not entirely applicable. For professionals with several years of experience, obtaining and upholding the CISSP through CEUs/CPEs can significantly enhance career prospects and opportunities.