Security experts are in demand as organizations look to bolster their ranks; current predications suggest a shortfall of nearly 1.5 million trained professionals over the next few years.And despite employer efforts from booming salaries to new post-secondary programs supply can’t keep up1
. This creates a unique opportunity for technology staff: With the right qualifications, they can rise quickly through corporate ranks and land the IT job they’ve always wanted.
Begin FREE CISSP Course >>
With rapid growth across the security certifications market, the best path forward isn’t always clear. While designations such as the Certified Information Systems Security Professional (CISSP) offer big benefits for infosec operations, architecture, and engineering careers, is this the best place to start?Here’s what you need to know about CISSP training, necessary experience, and the right time to get certified.
What is CISSP?
The CISSP certification is nearly 30 years old but remains relevant across organizations and industries. Why? It prioritizes comprehension of key technical controls, proficiency in vital security skills, and the ability to manage infosec teams at scale. The critical trifecta needed for IT professionals to design, evaluate, and implement essential security frameworks and defend businesses against emerging threats.As noted by Dark Reading2
, this certification is often viewed as a “necessary benchmark” for careers and is used by C-suite members and HR staff to create shortlists of potential infosec candidates. Combined with the NIST NICE initiative which highlights key links between specific cybersecurity skills and key IT positions, CISSP certification offers substantial value for both IT professionals and prospective employers.
Experience and Expectations
While CISSP certification offers career advantages, it’s not a qualification that lends itself to completion after your first job in IT.To earn this designation, candidates must have five years of cumulative paid work experience across at least two of the CISSP common body of knowledge domains, which include:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security and Assessment Testing
- Security Operations
- Software Development Security
A paid and unpaid internship also qualifies as experience, so long as IT pros have official documentation to prove internship status.CISSP certification requires the successful completion of a 250 question exam. Students have three hours to complete the exam and must achieve a minimum score of at least 700/1000.You can also choose to sit for the exam without the required experience. If successful, you’ll be granted Associate status for six years — during which you must complete the five-year experience requirement to earn full certification.
Training for CISSP
CISSP has earned a reputation as the “gold standard” of operational security certifications. As a result, the exam is both complex and in-depth, containing multiple choice and written questions designed to test your knowledge of key processes, controls, and management skills.Here, training courses offer a way to shore up any knowledge gaps and ensure you’re fully prepared to take on the CISSP exam. If you can convince managers to part with some of their limited IT budgets, you can opt for in-person courses. These courses often carry substantial price tags and offer high-volume information delivery over several days of class.Free resources are also available in the form of an online CISSP
training course that let you tackle critical concepts at your own pace. Need more help? Upgrade to premium experiences that include virtual labs and practice tests to ensure you’re on the right track to success.
Forging Your Own Path
While CISSP offers big benefits for IT pros and is a top priority for many C-suite executives looking to hire infosec experts, it’s not an entry-level certification. The depth of knowledge and experience required to complete the exam and earn the CISSP designation successfully make it a long-term goal rather than a short-term victory.But just because you can’t achieve CISSP certification right out of the gate, it doesn’t mean you’re out of infosec options. To help forge your path in IT and open career options along the way, consider alternatives such as: