I was staggered to recently come across a comprehensive infographic of available security certifications broken down into eight different areas. I was even more staggered to see that in total, it includes no less than 473 different certifications!
It’s an understatement therefore to say that for those yet to dip their toes in the proverbial waters of certifications, it can be very daunting wondering where to start. While there are literally hundreds of technical certifications available for cybersecurity, most aren’t necessarily business focused, and depending on their content, may not even need to be. However, with security having moved from being the “no” department to becoming integral in the overall organizational strategy, a certification with both a business leadership and technical lens is critically important and relevant.
Well, look no further than the cybersecurity certification considered the ‘gold standard’ in information security, the Certified Information Security Systems Professional (CISSP) administrated since 1994 by a member association called ISC2. What makes the CISSP different from virtually all other cybersecurity certifications is that it is vendor neutral, both business and technically focused, and relevant for security engineers all the way up to a Chief Information Security Officer (CISO).
Designed to be a tough exam, and with depth of content described as ‘an inch deep and a mile wild’, this highly coveted and globally recognized certification is already held by approximately 165,000 people worldwide.
Qualifications for Earning the CISSP Certification
While there aren’t any technical requirements to taking the CISSP exam, to wear that shiny badge (I mean this literally as you get a badge once certified) you’ll need to prove a minimum of five years full-time experience in two or more of the eight domains in the CISSP Common Body of Knowledge (CBK). One of these five years is waived if you hold one of several professional certifications detailed on the experience requirements section on the ISC2 website. Part-time work and internships may also count towards the experience requirements, all of which you have six years to build-up from the date of passing.
Deciding to study for the CISSP should not be taken lightly. While the amount of study can vary greatly from person-to-person, you should plan for around four to six months of intensive study time. The first step is to gather the material you’ll use for studying. Your main and authoritative source of material is the ISC2 CISSP Official Study Guide (9th edition at the time of writing this article). The details of this book and where to purchase it are available on ISC2’s website in their self-study section, along with some freely available resources.
Next is deciding whether you are going to go down the instructor-led course pathway, self-study, or combination of both. While an instructor-led course is a great way to kick off your learning journey it is quite expensive. Self-study is an option that is very commonly used, with many resources available such as computer-based training (CBT), as well as lots of freely available content on YouTube. Not all CBT courses are created equal, so some careful research is required to ensure it is provided by a reputable person or company. It would not be appropriate to recommend any specific organizations who offer such training material or courses, but some time spent on the CISSP sub-reddit will point you in the right direction.
The last tool in your preparation toolbelt is the official practice quiz app from ISC2 called “Learnzapp”. It’s regularly updated with new content, and amongst other features, provides a ‘readiness’ score based on how well you answer the practice questions. Another app called “Pocketprep” also offers many practice questions and if your budget allows, using both is worth the investment. The reason for this (I talk about it further on) is that getting exposure to as many questions as possible is incredibly important to help when preparing.
Finally comes the study plan. A well-structured study plan is vital and is going to be your best friend (arguably the worst). The plan needs to be customized to your own environment and situation. For example, there’s no point allocating four hours of study time a day if you’ve got a young family and holding down a full-time job. The study plan is not set in stone, so be flexible as you work your way through it. Things happen, life happens. Simply adjust the plan to accommodate, ensuring you are doing some form of studying every day. Plan to spend at least 1-2 hours every weekday, and double or even triple that on the weekend. That might sound outrageous, but that’s the reality of the tempo needed.
The study plan should include a mixture of:
- Going through the entire book
- Watching instructional videos
- Participating in an online study group where you can test each other
- Practice questions
A mixture of all these is necessary, and chief among them are practice questions. Lots and lots of practice questions, some of which are freely available as well as paid. Any person who has achieved CISSP certification will attest that attempting many practice exam questions (at least 1,000) is necessary to prepare yourself for the exam. This is particularly important as going through these questions will help with adjusting your mindset for the exam, which is to think like a manager. This is an important point, so I’m going to go into a bit more on this. While some of the questions may be phrased in a technical manner, and in fact have a technical answer, you’re being tested on whether you can answer these questions in the context of what is best with respect to the organization, and how your decision could impact the business.
Lastly, it’s important to emphasize that memorizing content alone will only take you part of the way. The questions are phrased in a way that requires you to fully understand the concept, not just regurgitate the answer. Let’s take Incident Management as an example and the seven steps involved in this activity. Instead of a question which simply asks you to name the steps in the correct order (memorizing), the question will be phrased in such a way that demands you fully understand the concept, as well as understanding what is conducted during each step, why that step is necessary, who’s involved, and so forth.
All of this is critical to ensuring you are prepared and confident walking into that exam room.
Benefits of the CISSP Certification
The all-time favorite book of Willy Wonka by Roald Dahl tells how Charlie Bucket finds a golden ticket and wins a lifetime supply of chocolate. Disclaimer: there is no golden ticket at any stage of achieving CISSP certification, and there is no chocolate.
Better than any of those, you will be able to proudly add those five hard-fought magical letters on your LinkedIn profile (don’t forget the shiny badge!) and significantly increase the likelihood of getting your dream job or promotion. Holding one or more cybersecurity certifications is a great way to not only make you stand out amongst others when looking for that next role, but you’re also likely to command a higher salary (more on that later!). This is especially true with respect to those who hold the CISSP certification. Have a look at the cybersecurity roles advertised in your area. I can virtually guarantee that for those at an intermediate or senior level, the CISSP certification will be included where a certification is desired and may even be a requirement.
One of the reasons why this certification opens so many doors is due to the security proficiency you will have demonstrated across so many areas of cybersecurity. Your familiarity and knowledge of the ‘an inch deep and a mile wild’ content enables you to pivot from one sector of cybersecurity to another. Similarly, this gives employers confidence that you are well versed and have a strong awareness in virtually all areas of cybersecurity and can adapt and apply yourself to different disciplines.
Organizational restructuring used to be rare, but it is increasingly becoming a regular activity for many corporations looking to increase profit by reducing headcount. The next time you find yourself in such a situation, being CISSP certified can give you that edge over your colleague, which just might save your job!
As further evidence of how CISSP certified professionals the world-over have benefitted, ISC2 have a section on their website called “Member Spotlight” where CISSP holders share their journeys and impact it has on their professional careers. I’ve included below some testimonials on that page:
“Earning my CISSP certification resulted in great recognition within the cybersecurity industry. It elevated my opportunities for a quicker promotion and a more advanced cybersecurity role. Now I’m part of an organization that’s known as the industry leader.”
“I’ve renewed my ISC2 membership for many years because it provides valuable recognition for recruitment and signifies expertise in the cybersecurity industry.”
Salary Potential for CISSP-Certified Professionals
I mentioned earlier that obtaining this certification is an investment in yourself and your future, but what do the numbers say?
Let’s start with looking at how much you could (and should) be earning depending on where you are in the world. The findings in the table below from the ISC2 website (collated from their 2023 Cybersecurity Workforce Study) shows the earning potential of this certification in different parts of the world:
Table 1
| Region | Average CISSP Salary (USD) |
| Globally | $119,577 |
| Asia-Pacific | $70,898 |
| Europe | $103,483 |
| Latin America | $50,272 |
| Middle East and Africa | $46,917 |
| North America | $147,757 |
Although there isn’t really a comparative certification to CISSP, ISC2 recently completed a study and released the findings of the global average salaries for the certifications they offer:
Table 2
| ICS2 certification | Average CISSP Salary (USD) |
| SSCP | $94,948 |
| ISSMP | $106,946 |
| ISSEP | $109,035 |
| CGRC | $110,006 |
| CCSP | $114,211 |
| CSSLP | $115,803 |
| ISSAP | $118,973 |
| CISSP | $119,577 |
While there isn’t a single source that has been tracking the salary increase for holders of this certification, these indicative numbers are based on a variety of sources collated by AI engines. The trend is clear: recognition for the value and the demand is going in one direction:
Table 3
| Year | Average CISSP Salary (USD) |
| 2014 | $102,000.00 |
| 2015 | $105,000.00 |
| 2016 | $110,000.00 |
| 2017 | $115,000.00 |
| 2018 | $120,000.00 |
| 2019 | $125,000.00 |
| 2020 | $130,000.00 |
| 2021 | $135,000.00 |
| 2022 | $140,000.00 |
| 2023 | $145,000.00 |
| 2024 | $150,000.00 |
Before you start seeing dollar signs behind your eyeballs and booking your CISSP exam, it’s important to bear in mind that the actual salary will vary based on several factors,as would be the case for most professions. This will largely be determined by your hands-on experience, number of years in the industry and exposure to the skills sought in a role. Location does also play a significant part, as is evident in table 2 above.
To enhance your preparation for the CISSP certification and advance your career, utilize Hornetsecurity’s Security Awareness Service. This service equips you with the essential knowledge and skills to excel in cybersecurity, ensuring you’re well-prepared for the CISSP exam. Invest in your success with our expert training solutions today.
To keep up with the latest articles and practices, visit our Hornetsecurity blog now.
Conclusion
Maintaining a competitive edge over your peers and remaining highly employable is becoming harder and harder, and gaining cybersecurity certifications is an excellent way to stay ahead. The CISSP stands head and shoulders above the many other cybersecurity certifications available and is attainable by ensuring you have the right study tools, materials and a realistic study plan.
Most important of all though is the right mindset that you will succeed, as 165,000 others have before you. With so many resources available to you, such as courses, videos, practice questions, and material on social media, this is an investment form which you simply can’t lose, when you consider the long-term career benefits, increased earning potential, and the respect of your peers.
The CISSP certification isn’t just a passport to success, it’s a passport to your future.
FAQ
What is the CISSP certification?
The Certified Information Systems Security Professional (CISSP) is a globally recognized certification for information security professionals, covering both technical and business aspects of cybersecurity.
What are the qualifications needed to earn a CISSP?
To earn the CISSP, you need at least five years of full-time experience in two or more of the eight domains of the CISSP Common Body of Knowledge (CBK). One year of experience is waived if you hold certain other certifications.
What is the salary potential for CISSP-certified professionals?
CISSP-certified professionals earn an average global salary of $119,577, with variations based on location and experience. In North America, the average salary is notably higher at $147,757.
