How to get your CISSP, and why it’s worth it

The Certified Information Systems Security Professional certification, also known as the CISSP, is what many consider the gold standard when it comes to cybersecurity certifications. In this article, I’ll break down why the CISSP matters, what the requirements are, and how you can achieve it. 

Qualifying for your CISSP certification

1. You need five or more years of relevant cybersecurity experience

The CISSP is well respected because it not only requires that you pass a very lengthy and tough certification examination, but you also have to meet the experience requirements. 

You need to have five or more years of full-time work experience in at least two of the eight CISSP domains, and this requirement for actual work experience is what separates the CISSP from many other cybersecurity certifications. You can't simply have the cybersecurity knowledge, take the test, and be certified—you actually have to have work experience and be sponsored by an active CISSP holder or by ISC2 themselves. 

Now, I do want to note that this experience requirement does not stop you from registering and taking the exam. In fact, you can do just that! The only difference is that if you pass the exam and do not have the experience, you become an Associate of ISC2 instead, and can’t put the CISSP post-nominals on your resume or LinkedIn profile (but nothing’s stopping you from telling people you passed it.). After this, you have six years from the date you passed the certification exam to obtain the necessary work experience, and then you can apply to officially get your CISSP.

You can reduce the five year requirement down to just four years by obtaining a cybersecurity certification such as the CompTIA Security+ or by obtaining a Bachelor's or Master's degree in a computer science related field. However, you can’t waive all of the experience requirement by doing this: it only takes a little bit off. Be sure to check ISC2's website for a full list of the approved cybersecurity certifications that will count toward your five year requirement. 

2. Passing the actual CISSP exam (which is rough!)

The CISSP examination is one of the toughest examinations I've ever taken in my whole entire life, and I'm not exaggerating. It requires hours of dedicated practice, properly reading through exam questions to properly understand what the question is asking, having a wide breadth of cybersecurity knowledge from all eight of those CISSP domains, as well as leveraging your real world experience.

On top of that, the test $749 US dollars per attempt, with a maximum of 4 attempts per year. So whenever somebody tells me that they want to sit for this exam, I always recommend that they spend at least six months preparing, with special focus given to taking practice exams like the ones found on Pluralsight. These mimic the 3 hour, 150 question exam experience that you'll have on the actual day.

With the actual exam, it’s actually up to 150 questions because it’s an adaptive test that analyzes your performance. So, if you’re doing really poorly, they'll actually cut the exam early so that you don't get to see any more questions and possibly share them with your friends. On the flip side, if you’re doing really well, your exam could end at question 100 or 150. 

Once you’ve shown competence in all eight of the CISSP domains, the test will stop. So, if you’ve made it up to 100 questions, you’re doing really well.

Is getting your CISSP worth it?

Yes. The CISSP opens doors, especially to leadership and senior positions. And while it’s not the only way to get there, it sure helps. 

Few certifications offer the international recognition, prestige, as well as return on investment as a CISSP. And I'll be real with you here: once I obtained my CISSP, I personally saw about a $50,000 increase in my salary. So to me, it's definitely worth it. 

Start studying for your CISSP here

Pluralsight offers a dedicated CISSP certification path that can help you ace your exam in the first go. It covers all eight domains on the exam outline and includes practice exams tailored by cybersecurity experts as well as hands-on learning labs. Outside of passing the exam, it provides you with the foundational knowledge needed to effectively design, engineer, manage, and lead the security posture of an organization.