Cybersecurity professionals are in high demand. Each year there is another big data leak where customer names, addresses, social security numbers, birth dates and phone numbers are stolen. With the increasing need for reliable cybersecurity teams comes the increasing need for skills validation. This is where security certifications come into play. There are many cybersecurity certifications today such as CEH, SANS GIAC, CISM, Security+, and CISSP. With there being so many different certifications it can be hard to decide on which path to take. This post will focus on the Certified Information Systems Security Professional or CISSP.
CISSP Certification Background
The CISSP is primarily aimed at more experienced cybersecurity professionals such as CIOs, CISOs, Security Managers, Security Auditors, Network Architects, Directors of Security, and other high-ranking positions. This certification is definitely not in the entry-level realm. The CISSP also meets the requirements of U.S. Department of Defense (DoD) Directive 8570.1 at the IASAE Level I, II, and III.
According to the International Information Systems Security Certification Consortium (ISC2),“Earning the CISSP proves you have what it takes to effectively design, implement, and manage a best-in-class cybersecurity program. With a CISSP, you validate your expertise and become an (ISC)² member, unlocking a broad array of exclusive resources, educational tools, and peer-to-peer networking opportunities.”
The CISSP is meant to demonstrate to organizations and prospective new employers that you are a proven security practitioner and have years of experience to back it up. It was accredited in June of 2004 under the ANSI ISO/IEC Standard 17024:2003 and is approved by the DoD in both the IAT and IAM categories. You must possess at least 5 years of full-time security work, that can be documented, in two or more of the (ISC)2 information security domains.
Training Available for the CISSP
There are many CISSP training opportunities available both in person and live online. For the most accurate CISSP training, (ISC)2 offers direct training from their organization. Through their training you will learn from certified industry experts, get exam prep material, and have the most up-to-date content. (ISC)2 also offers an array of practice exams and real-world training scenarios so that you will be fully prepared for your exam. Another option for CISSP training is through the InfoSec Institute and their CISSP Certification Boot Camp.
InfoSec Institute will provide you with six days of intense CISSP training and one day to take the exam. Included in the training, you will receive 90 days of playback ability after the training is over – along with a paid CISSP exam voucher. Whichever route you decide to take, you will be learning the eight CISSP domains which include: Security and Risk Management, Asset Security, Security Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations and Software Development Security.
CISSP Exam Details
The CISSP exam consists of 100 to 150 exam items for the English Computer Adaptive Test (CAT) exam. You will have a total of three hours to complete the exam. You can schedule your exam through Pearson VUE. Upon passing the exam, you will have nine months from the date of the exam to complete the (ISC)2 endorsement process to complete the certification. A passing score of 700 out of a possible 1000 is required to be certified.
Once certified, you are given membership to (ISC)2 and will need to recertify every three years in order to maintain your certifications. This is accomplished by earning continuing professional education (CPE) credits and paying an annual maintenance fee (AMF). In terms of certification, there are other great (ISC)2 certifications to obtain.
A good next step would be the Certified Cloud Security Professional (CCSP). (ISC)2 describes the CCSP as follows, “Earning the globally recognized CCSP cloud security certification is a proven way to build your career and better secure critical assets in the cloud. The CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures established by the cybersecurity experts at (ISC)².”
If you are not interested in pursuing any further security certifications, other certification paths such as the VCAP exams from VMware, or the CCNP, or CCIE certifications from Cisco would be a good next step; they are in line with the same level of career experience needed for an exam like the CISSP.
Is the CISSP For Me?
If you are a security professional and you have had 5+ years of experience in the field, this would be a good next step for career progression. If you are just beginning to get security certifications, the CISSP is not for you. Beginners are better off starting with the Security+ exam and then working up to a CISSP as you gain years of hands on experience.