CISSP Certification Training

Being one of the world’s most instantly recognized and valued certifications in cybersecurity, yes, the Certified Information Systems Security Professional (CISSP), awarded by theInternational Information System Security Certification Consortium, Inc., or (ISC)², is a tough certification exam to pass. 

Well, the answer to this question depends on you. If you are willing to put in the extremely rigorous effort that will take at least 12-15 hours every day, it might be possible to face the CISSP exam in only 30 days. Be informed, however, that 30 days are a short duration of preparation for a tough exam such as the CISSP.

It is difficult to offer a single answer to this question. It depends on many variables, such as your level of experience and understanding of the domain of information security, how much preparation you make for the exam, and so on.

Generally, across the globe, cybersecurity professionals with five years of experience-the standard qualification for this certification-take between three and eight months of highly intense preparation to pass the CISSP and get certified in it.

As we just mentioned, it is possible to pass the CISSP in three months, but this is not assured.

Yes. The CISSP certification can only be taken up by professionals who have five years of cumulative experience having done fulltime work involving any two areas of information security specified by the CISSP Book of Knowledge (BOK).

On average, only one in five, i.e., 20% of the candidates who take up the CISSP certification exam pass it on their first attempt. Further, the pass percentage of those who make repeated attempts is estimated at between 50 and 60% globally.

The obvious answer to this question is that it is a tough exam. Having said that, it is also true that the most common reasons for which people fail the CISSP exam are:

-       Many are not focused on what to study. Too much online information usually confuses people who are preparing for this intense exam

-       Many professionals start on the wrong foot. They appear for the exam when they have five years of working experience, but this may not have built the readiness for this exam in many of them

-       Many professionals adopt a very academic approach to this exam. While theoretical knowledge is the base, the CISSP exam is impromptu, in the sense that every exam has a fresh set of questions. One needs to be intuitive to answer this type of exam.

Around 40 to 50 percent of those who take up this exam fail at multiple attempts.

The CISSP exam has its own, unique rule pertaining to the number of times you are allowed to fail and take it up subsequently:

-       You can attempt it no more than three times a year

-       You can take up your second retake a month after the first time you fail

-       There should be a gap of three months between the second failure and the third attempt

-       You can retest only six months after you have failed on your third attempt

Theoretically, you can. But you can start your career as a CISSP only when you have five years of experience as stated by CISSP. So, if you complete your CISSP exam as a beginner, i.e., without five years of experience, you will have six years from the date of certification during which to complete the required experience of five years. It is only after this is achieved that you become a full-fledged CISSP professional.

The exam costs need to be understood in their breakups:

-       The cost of the exam: $ 699

-       Cost of preparation (varies by whether you take up classroom training or online coaching and the duration for which you need it. We would recommend a learning platform such as SimplivLearning for highly professional training): can stretch from $ 1000 to $ 3500. This is exclusive of the cost of travel, refreshments, etc., if you choose classroom training outside your location

-       Cost of renewal: Like most such certifications, your CISSP certificate requires a renewal fee to maintain it. The annual cost of the CISSP certification is $ 85, and $ 225 for a three-year renewal if paid in full.

Although the credit points awarded by the (ISC)² to those who pass the CISSP are enough for this certification to be considered on par with a university-awarded Masters in the US and the UK, as well as a few other educational streams, the issue has become a contentious one. There are heated arguments, on either side of the divide, over the appropriateness and value of this position.

These controversies aside, legally, the CISSP is considered a master’s degree in some countries, the prominent among them being the US and the UK.

Many universities offer a master’s in cybersecurity, with the course content being more or less the same as that of the CISSP. However, the CISSP is considered the gold standard for a premier certification in information security. As of now, very, very few university master’s degrees carry the weight of a CISSP certification. So, CISSP is certainly better than a master’s. 

In many countries, it is the equivalent of a master’s degree.

The CISSP certificate is valid for three years. You can renew through either of these:

-       Earning 40 Continuing Professional Education (CPE) credits each year over three years, totaling 120 CPEs

-       Re-taking the exam.

The CISSP certificate can expire if a candidate fails to meet these requirements. To regain membership, she can take any of these steps:

-       Appeal to the (ISC)² within 90 days of the expiry of the certification, after which the (ISC)² will pronounce its final decision about renewal, which will be binding on the candidate

-       Retake the exam by paying the requisite fee again, and re-earn the certificate

CISSP expands to Certified Information Systems Security Professionals. It is a certification in information security, and is awarded by theInternational Information System Security Certification Consortium, Inc., or (ISC)²

Well, there are many uses that a professional who is CISSP-certified gets to enjoy. Among organizations across the globe, it is considered the benchmark for information security. A CISSP-certified professional is considered an organization’s asset because she secures its ultimate asset: data and other information systems.

A CISSP certification gives employers the assurance that the holder of this certification is qualified to absorb and implement the latest techniques and best practices relating to this domain. This indicates that the organization can safely entrust its core information to its CISSP-certified professional and focus on its core areas of business. So, in this sense, a CISSP-certified professional is a prime contributor to the organization’s data security, as well as business growth.

It is. If a certification offers a position of such primacy to its holder, it is to be understood that it is a big deal to get qualified for it. A CISSP certification should be preceded by five years of experience in accepted areas of information security, which itself is an indication that it is not a pedestrian qualification.

Further, just this level of experience does not guarantee certification. Not more than a fifth of the aspirants make it on their first attempt. Only about half the aspirants that take up this exam pass it on repeated appearances. So, yes, all these factors make the CISSP a big deal.

Technically and legally, nothing prevents a fresher from taking up a CISSP certification. But in reality, it doesn’t make life any easier for a beginner to take up CISSP certification first, because, even if she does earn a CISSP certification against heavy odds, she becomes qualified as a proper CISSP professional only after completing five years of working experience, which she should gain within six years of the certification.

Coding is not part of the CISSP certification examination. It is not needed at the entry and mid-levels once you get into a job that a CISSP earns for you. However, knowledge of coding is a bonus, because it could be required as you advance in your career in cybersecurity.

Absolutely. As we have seen, it is the certification that employers around the world value the most when it comes to information security. The reason is not difficult to seek: they are the protectors of the assets that define an organization. Nurturing or squandering this information could be the difference between an organization’s success and its failure.

The role of the information security professional is critical to the organization because a CISSP certification ensures that she has profound expertise relating to the 8 core areas of information security:

-       Security and Risk Management

-       Security Architecture and Engineering

-       Asset Security

-       Software Development Security

-       Security Operations

-       Security Assessment and Testing

-       Communication and Network Security

-       Identity and Access Management.

The way to answer this question is to understand what these certifications are. While the CISSP certification is for the experienced cybersecurity professional, the Security+ certification is aimed at the beginner. So, both these are useful for you, depending on which level of your career you are in and which path you want to grow in.

The Security+ certification may be considered the base on which you can grow into a CISSP. It familiarizes you with all the fundamental concepts in information security that you should know at the entry-level stage, and this certainly smoothens the entry into the higher certification that CISSP is, easier.

The next logical qualification after the CISSP is the CCISO-Certified Chief Information Security Officer. This certification is awarded by The International Council of E-Commerce Consultants (EC-Council), a US-based organization that offers certification in different e-business and information security skills.

Globally, there are more than 150,000 CISSPs. Of these, the US takes the lion’s share, accounting for almost two-thirds of the total, followed by the UK, a distant second with a little over 8,000 CISSPs. 

It is not appropriate to put this certification after or before your name. But yes, putting it after your name in your resume or LinkedIn profile can attract eyeballs.

The (ISC)² made a few changes to the CISSP exam starting 2022-23. Based on the recommendations of the Cybersecurity Workforce Study, there will be a small change in the weightage of marks awarded to the CISSP paper. Henceforth, the number of topics under Domain 4, namely Communications and Network Security, has gone up by 1%. From constituting 13% of the paper, this domain will now make up 14%. This 1% has been chopped from Domain 8, Software Development Security.

In one word, a big yes. And, globally.

These are two different kinds of certifications aimed at different levels of information security professionals. As of now, the CISM earns around $6,000 more annually than a CISSP with the correspondingly same levels of qualifications and experience.

Both the Certified Information Systems Auditor (CISA) and the CISSP are major credentials in the information security arena. While a CISA is concerned with auditing the organization’s information systems, the CISSP does a lot more.

As to the question of which of the two is better, that depends on the individual’s aptitude and ability. If auditing an organization’s IT systems is your cup of tea, the CISA is made for you. On the other hand, if you find implementing, operating, and maintaining a wide variety of IT functions exciting, you could choose CISSP. So, it is for the individual concerned to determine which is better between CISA and CISSP.

The Certified Information Security Manager (CISM) certification is offered by the Information Systems Audit and Control Association^®. It is sought after by experienced information security professionals who want to elevate themselves into a Chief Information Officer (CIO) or a Chief Information Security Officer (CISO) role.

A CISSP is a senior information security professional, too, but this certification does not lead to these roles automatically. So, this places the CISM above the CISSP. Moreover, getting a CISSP certification counts for two years of experience if you are considering attaining a CISM certification. This places the CISSP below the CISM.