Training / Certification Paths

Is the CISSP Worth It?

by Team Nuggets
Is the CISSP Worth It? picture: A
Follow us
Published on April 27, 2022

The internet can be a scary place. Every year, all around the world, billions of dollars get spent in the hopes of preventing hundreds of millions of dollars worth of cyber attacks. With all that money, attention and expertise getting invested in it, cybersecurity is serious business. It's also a broad, deep and complicated business. True mastery of cybersecurity principles includes physical security, information technology, and digital safeguards – all of which are covered in the CISSP.

Companies and businesses who need to remain safe online depend on trained and certified men and women. The CISSP is one of the certifications that companies look for when hiring cybersecurity professionals into positions of authority for their networks. 

Earning the CISSP proves much more than being able to design and implement a cybersecurity program, it also means you've committed yourself to being a member of an organization that represents the best in digital security practices and principles.

What is the CISSP?

The CISSP is an advanced cybersecurity certification issued and maintained by ISC2. The non-profit International Information System Security Certification Consortium, or ISC2, is a professional organization committed to identifying cybersecurity best practices and disseminating them to professionals and businesses worldwide. The CISSP is one of eight certifications that ISC2 offers cybersecurity professionals with some of the industry's best knowledge, skills, and abilities.

The Certified Information Systems Security Professional or CISSP ISC2 is a certification of a cybersecurity professional's ability to design, implement, and manage an advanced cybersecurity system. There are many factors of cybersecurity tested by the CISSP, including proving your ability to manage security and risk procedures and asset security. The certification focuses on designing security architectures and providing network security for communication and information networks. Identity and access management is a key part of CISSP, as is assessing security postures and testing for vulnerabilities. Last, having a CISSP proves competence in managing security operations and software development security.

Earning the CISSP requires a few different things: first, you have to pass the CISSP Exam. You must also apply for membership to the ISC2 and prove five years of cumulative paid work experience in two or more of the eight domains of the CISSP body of knowledge.

What are the CISSP Exam Objectives?

The ISC2 Certified Information Systems Security Professional (CISSP) exam is a 3-hour exam with 100-150 multiple choice questions and what ISC2 calls "advanced innovative items." There are eight exam objectives for the ISC2 CISSP exam, which they refer to as domains:

  • Domain 1. Security and Risk Management

  • Domain 2. Asset Security

  • Domain 3. Security Architecture and Engineering

  • Domain 4. Communication and Network Security

  • Domain 5. Identity and Access Management (IAM)

  • Domain 6. Security Assessment and Testing

  • Domain 7. Security Operations

  • Domain 8. Software Development Security

The CISSP exam is one of the most wide-ranging and thorough cybersecurity certification exams available. As can be seen from the domains, the CISSP exam covers fundamentals of cybersecurity theory through advanced and specialized implementations like maintaining security for teams who develop applications. 

How Much Does the CISSP Exam Cost?

The CISSP exam costs USD 499, but additional costs must be considered. Earning the CISSP is not as simple as passing the exam – although that's necessary. You must also be a member in good standing with ISC2, and that's not free. You must pay $125 to become a member and pay it again as an annual maintenance fee for as long as you hold the certification. You only pay the annual fee once, regardless of how many certifications you hold. That means that, in total, earning the CISSP will cost at least $624 and $125/year after that.

What Experience Do You Need for the CISSP?

There are two answers to how much experience you need for the CISSP. There's the CISSP exam itself, and then there's the credential. Passing the CISSP exam will be very hard without plenty of real-world experience and preparation, but ISC2 also has specific work requirements you must prove before you can actually earn the CISSP.

The CISSP exam is challenging and requires deep technical and managerial knowledge in designing, engineering, and managing an organization's overall security posture. The CISSP is relevant across all disciplines in the field of information security because it tests technical subjects like implementing secure design principles in network architectures and broad managerial subjects like applying the right risk management concept to an organization's security posture.

But ISC2 requires that anyone who plans to earn the CISSP demonstrate at least five years of paid work experience in at least two of the eight domains that are on the test. There are some small exceptions and ways to shave off a year (with a bachelor's degree or equivalent certification) here or there. But ultimately, earning the CISSP requires proving that you've worked a minimum of 35 hours/week for five years in a related cybersecurity field.

Who Should Take the CISSP?

The list of IT professionals who should take the CISSP is long. The CISSP itself is a broad certification that applies to many different disciplines within cybersecurity. Managers of cybersecurity teams will advance their careers just as much as technical experts. Junior security analysts should earn the CISSP, and so should Chief Information Security Officers.

Is CISSP Worth It for Directors of Security or IT Directors/Managers?

The CISSP is worth it for high-level administrators and managers like Security Directors, Directors of IT or IT Managers. Technical aspects of the exam and certification aside, the CISSP covers important topics for IT and security managerial professionals to know like aligning the security function of a cybersecurity strategy with a business strategy, goals, mission, and objectives.

Or maybe you're a manager or director who provides governance oversight. The CISSP is worth it because of its emphasis on understanding the legal and regulatory issues, standards, and requirements that pertain to information security programs in a holistic way. Earning the CISSP demonstrates that you know how to determine and comply with formal requirements and achieve business objectives, which is key for directors and managers of IT and security.

Is CISSP Worth It for Network Architects or Security Architects?

Yes, the CISSP is worth it for most network architects and security architects. The CISSP can only be earned by security professionals who understand how to plan, implement and maintain a security strategy. Network and security architects who plan and design their business' security posture from the ground up can use the CISSP to prove familiarity with vulnerabilities and strengths of security architectures, designs and solution elements.

Security and network architects are responsible for determining the right cryptographic solutions to deploy under different circumstances, and the CISSP is perfect for proving your knowledge of that. Whether you want to emphasize how to identify cryptanalytic attacks or design site and facility security controls, the CISSP is the best way to prove your expertise.

Is CISSP Worth It for a Security Administrator?

Yes, the CISSP is definitely worth it for security administrators who know they want to continue in the career field. Not only that, but because it's an intentionally broad certification that applies to eight different cybersecurity domains, it's perfect for helping guide you to the parts of the job that you like the most and that you're the best at.

Managing identification and authentication of people, devices and services is a common job responsibility for security administrators early in their career, and earning the CISSP proves a profound understanding of the principles of IAM. Or maybe you'd like to move away from technical configurations and want to emphasize a career in assessing, testing, and validating security strategies. The CISSP is worth it for anyone who wants to conduct security control testing or reporting on test outputs.

Is the CISSP Worth It?

The CISSP is worth it for practically any cybersecurity professional. Even IT professionals without direct contact with traditional cybersecurity implementations and configurations should consider doing the prep work necessary to earn the CISSP. $624 is a hefty price tag for the CISSP, and paying $125/year might be discouraging, but the value you'll get from the CISSP will almost certainly make it worth it. 

Using CISSP to Learn Skills

Maybe you've read this far, and you're starting to think that the CISSP is too advanced a certification for you at this point in your career. But the great thing is that you can still take it even if you don't have five years of paid work experience in two of the eight domains the CISSP covers. After that, you can become an Associate of ISC2, which is like a junior version, which means you have the cybersecurity skills, abilities, and knowledge and are still working on the experience part.

And since the CISSP is such a thorough test of cybersecurity skills, there are tons of ways to prepare for it and learn all the skills you'll need to pass the test. No other cybersecurity certification covers all eight domains like CISSP does. Suppose you want to prepare for your career in security and risk management, asset security, security architecture, and engineering, or any of the five other domains on the test. In that case, preparing for the CISSP is a great way to learn those skills. 

Using CISSP to Validate Skills

For anyone who's already spent five or more years working in cybersecurity and wants to prove that you're familiar with everything that goes into designing and implementing an excellent security posture for a company, the CISSP is an excellent way to validate your skills. ISC2 is a respected name throughout the IT industry, and earning the CISSP says to employers that you're a well-rounded security professional who's broadly capable and highly trained. Get started with CBT Nuggets today!


Ultimate Security Cert Guide

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.


Don't miss out!Get great content
delivered to your inbox.

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2024 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522