How to become an ISC2 CISSP

The Certified Information Systems Security Professional (CISSP) certification from ISC2 is a global standard widely recognized as the Information and Cyber Security benchmark certification.

This advanced certification demonstrates a wealth of IT security knowledge and experience and can be an incredibly valuable asset for rising through the ranks to Chief Information Security Officer (CISO).

ISC2 CISSP also shows you have a proven record of ethics and a solid reputation for professional conduct, which is crucial for a business leader and anyone striving for senior-level positions.

The journey to becoming a CISSP takes hard work and dedication. If it didn’t, this certification wouldn’t be so valuable.

Here is how to become a CISSP.

1. Meet the experience requirements 

To register for your CISSP exam, you need to prove you have 5+ years of professional experience in Information Security.

At the same time, your professional experience must have involved at least two of the following 10 domains present in the CISSP Common Body of Knowledge (CBK):

1. Access Control
2. Telecommunications and Network Security
3. Information Security Governance and Risk Management
4. Software Development Security
5. Cryptography
6. Security Architecture and Design
7. Operations Security
8. Business continuity and Disaster Recovery Planning
9. Legal, Regulations, Investigations and Compliance
10. Physical (Environmental) Security 

If you possess one of the following, ISC2 can reduce the required professional experience by one year:

• a four-year college degree
• a credential from the ISC2 approved list, such as:
  • Amazon Web Services (AWS) Certified Security Specialty | SCS-C02
  • Cisco Certified Network Associate Security (CCNA Security)
  • CompTIA Advanced Security Practitioner (CASP+)
  • CompTIA Cybersecurity Analyst (CySA+)
  • CompTIA Security+
  • CSA Certified Cloud Security Knowledge (CCSK)
  • EC-Council Certified Ethical Hacker (CEH)
  • EC-Council Computer Hacking Forensic Investigator (CHFI)
  • EC-Council Certified SOC Analyst (CSA)
  • ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
  • ISC2 Certified Cloud Security Professional (CCSP) course
  • ISC2 Certified in Governance, Risk and Compliance (CGRC)
  • ISC2 Systems Security Certified Practitioner (SSCP)
  • ISACA Certified Information Security Manager (CISM)
  • ISACA Certified Information Systems Auditor (CISA)
  • ISACA Certified in Risk and Information Systems Control (CRISC)
  • Microsoft Cybersecurity Architect | Exam SC-100
  • Microsoft Security Operations Analyst Associate | Exam SC-200
  • Microsoft Identity and Access Administrator Associate | Exam SC-300
    
    
• an advanced degree in Information Security from the U.S. National Centre of Academic Excellence in Information Assurance Education (CAE/IAE).

You cannot combine these qualifications because, regardless how many you possess, you can only receive a maximum reduction of one year. 

2. Pass the exam

So you’ve accumulated 5 years of experience and your work encompasses 2 of the 10 CISSP CBK domains: Congrats!

Before you can sit the exam, you need to complete the Candidate Agreement, confirming your experience and legally committing to the Code of Ethics. You’ll then be required to successfully answer four questions regarding your criminal history and related background.

Now you just need to pass the exam, right? Well, as you can imagine, passing the CISSP exam is going to take some serious preparation. In the words of ISC2, "The vast breadth of knowledge and experience required to pass the CISSP is what sets it apart."

The CISSP exam will test your knowledge of all CISSP domains. Many CISSP holders recommend taking up to 15 days off work just to round off your 4-month revision journey. 

The CISSP exam is a test of endurance – you’ll have 6 hours to answer as many of the 250 multiple-choice questions as you can.
 

3. Obtain an endorsement

Congratulations, you passed your exam! But you’re not done yet. You’ll now have to proposition an active ISC2 credential holder to attest to your industry experience.

They’ll have to fill out an endorsement form for you. Once ISC2 receives and approves the endorsement, you can finally take up the mantle of a fully qualified CISSP.

4. Prepare for an audit

ISC2 randomly submits some of its CISSP professionals to audits. It’s never a good idea to skew the facts on your application, especially so if you’re singled out for an audit.

If you are found to have incorrect or falsified data on your application, you’re going to lose your CISSP. Honesty really is the best policy. 

5. Maintain your certification 

To remain a member of ISC2 and keep your CISSP certification, you must:

• Abide by the ISC2 Code of Ethics
• Obtain and submit the required Continuing Professional Education credits (CPEs)
• Submit Annual Maintenance Fees (AMFs) upon receipt of annual invoices

The information security landscape is constantly in flux, perhaps no more so than information security. As a result, your CISSP must be maintained with CPEs – a minimum of 20 CPEs every year for the first two years of the three-year cycle.

Even if you satisfy the CPE requirements of your first or second year, your tally must still equal 120 by the end of the third year.

CPEs can be gained through live educational events and online seminars available to ISC2 members.

If your certification is terminated, you’ll need to retake the examination before you can return to being CISSP certified. You’ll also be charged a $35 reinstatement fee upon recertification (though this pales in comparison to working through the 6-hour exam once more).