Discover your next IT certification,
unlock your potential, earn more!

Jumpstart your career with expert Wiley resources

CISSP: The Industry Standard

Post image of CISSP: The Industry Standard

Most cybersecurity job postings for mid- to late- career professional positions will ask for or prefer candidates who have the Certified Information Systems Security Professional (CISSP) certification from ISC2. Why is that, and what does it take to earn this certification?

What is the CISSP?

The Certified Information Systems Security Professional (CISSP) is a leadership and operations certification, first launched in 1994 by the International Information Systems Security Certification Consortium (ISC2). It is based on a Common Body of Knowledge (CBK) which is a standardized, vendor-neutral taxonomy and the basis of the CISSP test.

In order to obtain a CISSP, a candidate must pass the exam, and demonstrate 5 years of direct full-time paid professional experience in at least 2 of the 8 professional domains, endorsed by a CISSP holder. (One year can be waived if the candidate has a bachelor’s degree or master’s in cybersecurity). Candidates must also sign a professional code of ethics. Over 165,000 people are current CISSP holders.

What is Covered in the CISSP?

The primary domains are:

Within each domain area are sub-domains that show the detail of the Common Body of Knowledge, which candidates will need to understand and apply in order to successfully complete the examination.

How is the CISSP Maintained?

Every three years the ISC2 follows a Job Task Analysis (JTA) process, to ensure the domains are relevant and correctly weighted in the CISSP examination. The latest refresh occurred in April 2024, which kept the eight domains the same, but changed some sub-domain content and slightly modified the exam weighting.

What is the Value of the CISSP?

  • The CISSP is the most requested certification in job postings, globally. The certification is recognized by the US Department of Defense (DoD), and is ANAB/ISO17024 recognized, which means that certification holders are authorized to work DoD security jobs. It is also a certification held by only ~5% of security professionals globally, so it is relatively rare, even if it is well known.
  • Being part of the CISSP community means having access to a network of over 165,000 certification holders. ISC2 has local chapters and regular meetings, to help holders maintain their certifications.
  • For people earlier in their security career, learning the CBK can help broaden their understanding of the industry, and their role within it. 
  • Holding a CISSP can signal to a prospective employer that you are committed to continuous learning and self-improvement.
  • The thing that makes the CISSP challenging to achieve is the reason it is valued.  First, the examination requires a deep, practical understanding of the subject matter, and it also requires five years of on-the-job experience.  This means it’s one of the few cybersecurity certifications that can demonstrate skilled understanding of the subject matter.

Other Things To Know

The CISSP evaluates a candidate’s knowledge of the common body of knowledge.  This means understanding the ISC2 terminology, and how to take the examination to maximize your demonstration of that knowledge.  For cyber professionals who are already five years into their career, this can mean breaking old habits and re-learning terminology – a common stumbling block to successful examination taking.

The CISSP requires ongoing commitment to maintaining the certification.  There is an annual cost to the membership and recertification fees, as well as the activities you complete to satisfy the continuing learning requirements.  Be prepared for these expenses.

As popular as the CISSP is, as you progress in your career beyond the five to ten year mark, you will need to demonstrate additional commitment to new learning and industry expertise.  Learning new technologies and techniques that are not covered by the CBK will be very important.  Participating in industry working groups or conferences will be equally relevant to your career path.

The CISSP is the most recognized cybersecurity certification in the industry, and is worth obtaining for people with at least five years of industry experience.  It will take time and effort to earn, but membership in the ISC2 community provides plenty of training and networking benefits.  As your career moves past ten years in industry, be sure to add other activities to your CISSP to ensure you remain relevant to hiring managers, and successful in your current role.