A Certified Information Systems Security Professional Certification (CISSP) is considered the gold standard of certifications within the information security industry.
It is awarded by the International Information Systems Security Certification Consortium.
As the first technology-related certification to become ANSI/ISO/IEC Standard 17024 accredited, those within the industry strive to get CISSP-certified.
If you’ve been thinking about getting the credential to further your career and prove your understanding of the industry, there’s a lot to learn about the process. Here’s our comprehensive guide regarding the requirements to take the CISSP exam.
How To Become CISSP-Certified
There’s a lot that goes into becoming CISSP-certified that doesn’t include simply passing the exam. Here’s how you can earn your certification.
Understand the Exam Format
One of the biggest mistakes people make when taking any exam is not understanding the exam format. Knowing what to expect can help you feel more prepared, along with your knowledge from studying and working.
When you sign up for the CISSP exam, you’ll take it on a computer. When you first start the exam, you’ll answer 50 pretest questions that don’t count toward your overall score.
They do use these questions to determine how many scored questions you’ll answer afterward. You’ll either need to respond to 100-150 or 125-175 questions.
You’re given three hours to complete the exam, but if you have to answer more questions, you’ll get four hours to complete the exam.
You can finish the exam before the allotted time is up, but three to four hours is deemed adequate time to finish, and finishing the exam before time is up won’t improve your score.
Meet the Prerequisites
Even if you’re ready to take the CISSP exam, if you haven’t met the prerequisites, you won’t be able to take the exam. The requirements involve professional best practices and work experience surrounding different aspects of the information cybersecurity industry.
Undergo Training
If you haven’t met all the prerequisites for the CISSP exam, you’ll want to become familiar with those and then go through training or obtain the work experience you need to fulfill these requirements.
Create an Exam Schedule
The key to passing any exam is committing to studying. You’ll want to create an exam schedule that works with your work and personal schedule. Taking a specified amount of time per day or per week to study that won’t overwhelm you and won’t have you cramming days before the exam is vital.
How often you’ll study per day and week will depend on how far away your exam date is. If yours is coming up quickly, you’ll probably be studying more often than someone who has months to prepare and can study a little bit per day.
Study and Pass the CISSP Exam
Once you make your study schedule and gather your study materials, you’ll need to study. You’ll know your test date so you can study up until two days before.
Research shows studying the night before an exam doesn’t help you retain new information.
Have Someone Endorse Your Application
Once you pass the CISSP exam, the work isn’t over. You’ll need IT professionals who are in good standing to endorse your application. Essentially, they’re vouching for your work experience and knowledge.
If you cannot find a CISSP professional in good standing for an endorsement of your application, you can contact ISC at examadministration@isc2.org.
Experience Requirements
Security professionals who want to apply to take the CISSP exam need to have at least five years of full-time security work experience.
These years need to be in two or more of the ten domains of CISSP, four years of full-time security work experience in two or more domains with a four-year college degree, or you can become an Associate of ISC by passing the exam. If you do the last option, you’ll earn your experience in six years to become a CISSP.
Ten Domains of CISSP
There are ten domains, also known as the common body of knowledge (CBK), in CISSP. These are the main things you’ll need to know about when working in the industry and when you’re trying to get CISSP-certified. The ten domains are:
- Asset Security
- Communication and Network Security
- Cryptography
- Identity and Access Management (IAM)
- Security Architecture and Engineering
- Security Assessment and Testing
- Software Development Security
- Security in the Cloud
- Security Operations
- Security and Risk Management
Don’t worry if you’re not as knowledgeable about certain domains. While you only have to have experience in at least two of these domains to sit for the exam, your studying materials will cover all ten domains in depth.
As you study, if you feel like there are specific components that you’re struggling with, you can alter your study plan to focus more on those than the ones you seem to understand easier.
Professional Experience Requirements
You’ll also need professional experience to sit for the CISSP exam. There are a lot of things that can be considered professional experiences for this certification exam. CISSP professional experience includes the following:
- Holding job titles that include chief information officer, professor, security analyst, supervisor, information security manager, CISO, chief information security officer, security architect, computer scientist, etc.
- Doing research and development and disaster recovery
- Supervising the work of others
- Teaching and mentoring others
- Creative writing and effective communication
- Doing work that requires habitual memory
- Doing work that requires using ethical judgment and management to make decisions
- Doing work that requires special education
- Managing projects and employees
How To Get an Experience Waiver
Holders of several certifications can get an experience waiver. A few of those certifications are:
- CCSP (Cisco Certified Security Professional)
- Certified Business Continuity Planner
- Certified Forensic Computer Examiner (CFCE)
- Certified Computer Crime Investigator (Advanced) (CCCI)
- Certified Internal Auditor (CIA)
- CIW Web Security Associate
If you’re seeking an experience waiver, you must provide proof of any of the above certifications or other applicable ones when signing up to take the exam.
Their code of ethics means that they won’t allow you to sit for the exam unless they have proof of an information security certification that qualifies for a professional experience waiver.
How To Find Online Training
You can find the best CISSP training courses and a detailed comparison of their pros and cons right on our website. Alternatively you can see top rated CISSP books here. You’ll find a variety of training options that is suitable for almost everyone.
The vast majority are online and self-guided, so you can train and study on your terms without needing to catch up with others. Self-study does not work for everyone.
If you prefer to learn in a more traditional style with guided courses, online and in-person instructor-led courses are also available.
You’ll need to search for a training course in your area if you’re looking for in-person CISSP exam preparation.
Frequently Asked Questions
It can be nerve-wracking learning everything there is to know about preparing for the CISSP exam. Here are a few questions other people who are interested in getting the CISSP credential are asking.
Whether the exam is challenging is relative, but generally, it is challenging. As long as you have the prerequisites, did the practice exams, and have a passion for the industry, it won’t be as hard as you think.
The fail rate is between 40-50% on average. Compared to other online examinations, this is a pretty high fail rate, but as long as you study and have experience working in the industry, you shouldn’t have too much trouble passing the exam.
Yes, as long as they’re in good standing, you can be related or married to the person endorsing your application.
If you fail the CISSP exam on your first try, you can retake the exam as soon as 30 days later. After you take it for the second time, if you fail again, you have to wait 90 days before trying again. If you fail the exam for a third time, you must wait 180 days, but you cannot take the exam more than three times within 12 months.
How much CISSPs will make depends on how long they’ve been in the industry and where they live, but on average, they earn just over $130,000 per year.
Yes, they are valid for three years. Still, you can renew your certification by retaking the exam or submitting 40 continuing professional education credits over the three years your certification is valid. Most people choose to retake the exam rather than present the continuing professional education credits, but it’s your choice.
Final Thoughts
Earning your CISSP certification is one of the best ways to continue a successful career in IT security. Obtaining this certification is a little more challenging than others, but those who have it would tell you it’s worth it.
You’ll need to meet all the prerequisites, study, pass the exam, and then have someone who is also a CISSP in good standing endorse your application. By following this guide, you should be on your way to earning your CISSP certification in no time.
James Edge
James is on a mission to uncover the greatest study guides and prep courses to ensure you pass your exam on your first attempt. He has personally assessed hundreds of study materials and developed courses himself.
