The CISSP – the Certified Information Systems Security Professional (CISSP) from the International Information Systems Security Certification Consortium (ISC)2 – was the spark for my desire to grow into a leadership position. For most of my career I “knew” I wanted to be 100% on the technical side. I wanted to become the expert on… everything! In a twist of fate though, with the CISSP being more focused on cybersecurity leadership, it convinced me that my career path wasn’t so straightforward anymore. Overall, the CISSP gave me the confidence to believe I could expand out from the technical side, and to take that knowledge and utilize it in management and leadership positions. Before that, I never would have considered leadership as a career option. This is how the CISSP has advanced my career, starting at the ground level with desktop support to an eventual cybersecurity leadership position with the U.S. Government.
Besides career growth, you may be asking what additional benefits there are in being a CISSP. Perhaps the most paramount benefit is the credibility gained in earning this certification. Because the CISSP is an internationally recognized certification, it validates and confirms you are a cybersecurity expert. The CISSP exam is not an easy one by any means. It also requires five years of experience in at least two of the eight domains:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
In order to earn the CISSP, you not only need to have hands-on experience in some of the domains listed above, you also need to have “common knowledge” in the other domains. Therefore, when someone earns a CISSP, this is proof the individual not only has hands on experience but is also proficient in a wide range of cybersecurity concepts, best practices, and understanding.
From a DoD standpoint (Active Duty, Contractor, Federal Employee, etc…), holding a CISSP means you are certified for Information Assurance Management Levels I-III or as Information Assurance Technical Levels I-III in accordance with DoD 8570 (and the upcoming DoDD 8140). Consequently, this means you can perform cybersecurity related activities in any environment in the DoD (limited by clearance of course). From the federal civilian side, the CISSP also aligns with requirements set in the Federal Information Security Modernization Act (FISMA) of 2002. I have noticed with my recent move to the federal civilian side of the house that cybersecurity certifications are becoming more prevalent compared to a few years ago, and senior level executives are placing more emphasis on a credentialed and certified workforce.
The Increasing Necessity of Certifications
For contractors, having a certified workforce on staff is becoming more important too, even if you want to bid on a Request for Proposal (RFP). As I’ve noticed in a little over a year of business development, most – if not all – federal agencies are now adding contract requirements that state all cybersecurity management or leadership positions MUST be filled by someone with a CISSP (and PMP too). The same is also true for most information technology leadership positions for federal employees, as well, regardless of if they’re DoD or not.
There are other tangible and intangible benefits of holding a CISSP, such as networking with other CISSPs, career advancement, and a significant confidence booster. But let’s talk salary as the final benefit from a CISSP.
(ISC)2 performs an annual survey of all their credential holders, and the average salary for a CISSP has hovered around $130,000 annually on a constant basis. Granted, geographical location, experience, education, and security clearance all need to be taken into consideration. It needs to be noted the survey is taken from CISSPs all over the United States and in a multitude of positions in the private and federal service areas. In other words, at a minimum, holding a CISSP more than likely will get you more money in your paycheck.
Overall, a CISSP helps career advancement by providing the verification that you are a cybersecurity expert, providing opportunities to grow within your field, allow you to expand upon existing knowledge, build upon technical expertise, and quite possibly earn a larger paycheck. Good luck!