{"id":4910,"date":"2025-09-17T15:48:19","date_gmt":"2025-09-17T15:48:19","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=4910"},"modified":"2025-09-17T15:48:19","modified_gmt":"2025-09-17T15:48:19","slug":"cissp-certification-requirements-training-exam-and-cost","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=4910","title":{"rendered":"CISSP certification: Requirements, training, exam, and cost"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

CISSP certification: Requirements, training, exam, and cost<\/h2>\n

The Certified Information Systems Security Professional \u2018gold standard\u2019 certification demonstrates your skills, testifies to your experience, and opens career advancement opportunities, including higher salary.<\/p>\n

What is CISSP? \u00a0<\/strong><\/h2>\n

Certified Information Systems Security Professional (CISSP)\u00a0is an advanced certification for IT and cybersecurity professionals that demonstrates their ability to design, implement, and manage an enterprise cybersecurity program.<\/p>\n

The CISSP is offered by the International Information System Security Certification Consortium ISC2, a nonprofit focused on certification and training for cybersecurity professionals. The most widely known certification offered by ISC2 with more than 20 years of history behind it, CISSP is perennially among the most valuable IT certifications<\/a>.<\/p>\n

To achieve this certification, candidates must build up relevant industry experience and demonstrate competence across a range of technical areas, as well as management.<\/p>\n

Who should get a CISSP certification?<\/strong><\/h2>\n

CISSP has been called the \u201cgold standard<\/a>\u201d of security certifications. \u201cFrom the hiring side, the CISSP remains one of the most valued certifications I look for,\u201d says Ankit Gupta<\/a>, senior securitye at Exeter Finance. \u201cIt shows a candidate has a firm grasp of security principles across multiple domains, and more importantly, that they\u2019ve put in the experience required to earn it. When I see CISSP on a r\u00e9sum\u00e9, it signals credibility and usually moves a candidate up the shortlist.\u201d<\/p>\n

Many cybersecurity jobs list CISSP as a prerequisite, or at least highly recommended. For those interested in a career path in the US federal government, CISSP certification is of particular benefit. Because of the broad technical knowledge required for CISSP certification, it\u2019s the mark of an advanced infosec generalist who would be useful in many roles.<\/p>\n

CISSP, however, isn\u2019t for everyone. The technical depth and work experience it requires means it isn\u2019t a cert for early career professionals, for whom a CompTIA Security+ certification might be more appropriate. The CISSP exam also covers management skills as well as technical know-how \u2014 another reason you\u2019ll need some experience under your belt before you embark on your CISSP journey.\u00a0<\/p>\n

Benefits of CISSP certification<\/strong><\/h2>\n

Earning a CISSP credential can have several beneficial impacts on your career, including:<\/p>\n

Career advancement and recognition:<\/strong> CISSP certification validates your prowess as a cybersecurity professional and can open up opportunities to higher-paying positions with greater responsibilities and increased prominence in the organization. \u201cCISSP has recently become easier to obtain and thus lost a little bit of its weight within hiring. However, it still holds itself as a standard for individuals in IT security leadership from program manager up to CISO related roles,\u201d says Bryce Johnson<\/a>, Senior Recruiting Manager at The Judge Group. \u201cMost candidates seeking those types of positions become more desirable when they hold the certification versus those that don\u2019t.\u201d<\/p>\n

Improved job candidacy: <\/strong>CISSP certification signals to potential employers your prowess with and commitment to the craft of cybersecurity. The fact that the CISSP requires five years of hands-on experience will also help you stand out in your job search.<\/p>\n

Increased knowledge and skills:<\/strong> The training process involved in achieving CISSP certification will expose you to a wide range of technical skills, thereby elevating your knowledge as a security pro, including areas such as security architecture, risk management, and cryptography.<\/p>\n

Additional job security:<\/strong> By demonstrating your commitment to IT security and validating your skills are up-to-date, CISSP certification can not only make you a more valuable member of your security team but also ensure you are perceived as one, thereby improving your job security longer term.<\/p>\n

Networking opportunities: <\/strong>By achieving your CISSP and joining the various communities for CISSP certification holders, including the ISC2 community, you will gain access to opportunities for knowledge sharing, collaboration, mentorship, and employment.<\/p>\n

CISSP exam cost<\/strong><\/h2>\n

Registration for the CISSP is $749 in the United States<\/a>, and the same price or a close equivalent in local currency elsewhere. ISC2 also charges a reschedule fee of US$50 (or local equivalent), with a cancellation fee of US$100 (or local equivalent). But that is just for the exam. Most study guides and training courses for the CISSP exam are not free and should be considered when weighing whether to pursue the certification.<\/p>\n

To maintain their certification, CISSP holders must pay an\u00a0annual maintenance fee<\/a>\u00a0of US$135, due on the anniversary of your certification date. (Those with multiple ISC2certifications pay that fee once per year for all of them.) If you\u2019ve passed the exam but haven\u2019t met the work experience requirement yet, you\u2019re considered an \u201cAssociate of ISC2\u201d and pay only US$50 a year until you do achieve the experience requirements.<\/p>\n

Is CISSP worth it? CISSP salary\u00a0<\/strong><\/p>\n

Not all certs are created equal, but the nearly universal assessment is that the not-insignificant costs associated with the CISSP certification will come back to those who are certified in the form of higher compensation<\/a>. According to ZipRecruiter,\u00a0CISSPs make on average $112,000 a year<\/a>. SkillSoft, however, pegs the average salary of a CISSP holder at $156,669 in its IT Skills and Salary Report<\/a>, among the top 15 for certifications across IT. \u201cCISSP is recognized worldwide, and it shows your efforts to stay current,\u201d says Amy Mortlock,<\/a> Vice President of Marketing at ShadowDragon. \u201cThese credentials can help you get roles with better pay and better responsibilities, and I\u2019ve often seen candidates with them getting interviews faster.\u201d<\/p>\n

Beyond salary, CISSP certification is the most popular certification requirement<\/a> for cybersecurity job postings, thereby opening avenues of employment to CISSP holders that would otherwise not be available without the credential.<\/p>\n

Anecdotally, many CISSP holders feel like the certification validates a career\u2019s worth of hard work, demonstrating not just their knowledge but their experience. Especially if you\u2019re trying to break into infosec from an adjacent field elsewhere in IT, that can go a long way.<\/p>\n

CISSP vs. CISM<\/strong><\/h2>\n

Because CISSP covers some management-related material, you may be wondering about the difference between it and Certified Information Security Manager (CISM)<\/a>, another popular infosec certification. In a nutshell, a CISSP certification demonstrates in-depth technical knowledge over a broad range of security domains, along with an understanding of managerial responsibilities. CISM, on the other hand, is more strongly oriented towards managers, with an emphasis on understanding infosec incentives from a business point of view.<\/p>\n

How to earn CISSP certification<\/strong><\/p>\n

To earn the CISSP, candidates must meet specific work experience requirements and pass the exam. Once the exam has been passed, candidates are qualified to apply for the certification. As part of this process, candidates must have their required work experience endorsed by a CISSP-certified professional in good standing. If they do not know such a person, ISC2 can perform the endorsement instead.<\/p>\n

CISSP certification requirements\u00a0<\/strong><\/h2>\n

As noted above, CISSP is a not certification aimed at entry-level IT and cybersecurity professionals, as mandated by ISC2. To receive CISSP certification, you need have five years of full-time work experience in at least two of eight CISSP domains tested in the exam (see below). You may also apply internships and part-time experience toward this requirement, and a college degree or another ISC2-approved certification can substitute for a year of experience. The\u00a0ISC2\u00a0website has the nitty-gritty details<\/a>. Candidates must also pass the CISSP exam.<\/p>\n

Candidates who do not have the requisite work experience can apply to be an Associate of ISC2. Under ISC2\u2019s guidelines<\/a>, Associates have up to six years to gain the work experience necessary to quality for the CISSP<\/p>\n

CISSP exam<\/strong><\/p>\n

The CISSP exam covers eight domains from the CISSP Common Body of Knowledge, with the following average exam weights:<\/p>\n

Security and risk management (16%)<\/p>\n

Asset security (10%)<\/p>\n

Security architecture and engineering (13%)<\/p>\n

Communication and network security (13%)<\/p>\n

Identity and access management (13%)<\/p>\n

Security assessment and testing (12%)<\/p>\n

Security operations (13%)<\/p>\n

Software development security (10%)<\/p>\n

The English-language version of the CISSP exam uses\u00a0computerized adaptive testing\u00a0(CAT). In this format<\/a>, the test is taken on a computer that keeps track of your performance and adjusts the questions it asks you accordingly. In all other languages, the exam is conducted in a linear, fixed form, in which candidates answer the same set of questions no matter how they answer.<\/p>\n

Exam length:<\/strong> 3 hours<\/p>\n

Number of questions:<\/strong> 100-150<\/p>\n

Question format:<\/strong> multiple choice and advanced innovative items<\/p>\n

Passing grade:<\/strong> 70% (700 of 1000 points)<\/p>\n

Languages:<\/strong> Chinese, English, German, Japanese, Spanish<\/p>\n

Note: \u201cAdvanced innovative items\u201d consist of identifying elements of diagrams and dragging-and-dropping answers from one side of a screen to boxes on the other.<\/p>\n

ISC2\u00a0offers a resource page<\/a>\u00a0with practical information about how to schedule your exam, what to expect in terms of formats, and what taking the exam is like. If you\u2019re interested in getting real-world reports of how the test-taking experience played out, you might want to check out this\u00a0LinkedIn post from Dex Yuan<\/a>, as well as pseudonymous reports from\u00a0the ISC2\u00a0community forums<\/a>\u00a0and\u00a0Reddit<\/a>. One great thing about the test: You get a preliminary score at the testing site, so you know whether you passed.\u00a0<\/p>\n

CISSP training courses\u00a0<\/strong><\/h2>\n

If you\u2019re looking for formal training for the CISSP, ISC2offers an\u00a0official self-paced CISSP training course<\/a>\u00a0as well as authorized instructor-led training both\u00a0online<\/a>\u00a0and in\u00a0classrooms<\/a>. The self-paced ISC2 options costs $995, giving you access to the course materials for 180 days. ISC2 members received a 20% discount. Online courses come in 5-day intensive and 8-week versions, and are led by an instructor who holds a CISSP. Classroom-based courses are offered in-person as 6-day intensives, taught by an ISC2 authorized instructor. Both online and classroom training options include applied scenarios, interactive exercises, quizzes, and a 180-question post-course assessment with feedback. Pricing for online and classroom training is available through ISC2, but is considerably more than the self-paced option.<\/p>\n

Numerous third-party training courses and bootcamps are also available, too many to list here. These range from online MOOCs to in-person classroom training from ISC2 approved training vendors. Popular CISSP instructors online include Thor Pedersen whose courses are available via Udemy<\/a>, Mike Chapple on LinkedIn Learning<\/a>, and Kelly Handerhan on Cybrary<\/a>. Alpine Security provides a guide for\u00a0figuring out if a CISSP training course is a good fit for you<\/a>.<\/p>\n

How long should I study for the CISSP?<\/strong><\/p>\n

If you\u2019re an infosec pro with lots of experience, you\u2019ll have a wealth of real-world know-how to draw from in answering questions on the CISSP exam. That said, few people will be equally experienced in all the test domains, and just about everyone needs a refresher before taking a big test like this.<\/p>\n

The amount of time you\u2019ll need to put into studying for the test will of course depend on your own preparedness and study style. In an essay on LinkedIn, cloud architect Sujith Prasad recommends\u00a0putting most of your free time towards studying for a few months<\/a>\u00a0leading up to the exam. An ISC2\u00a0community forums poster<\/a>\u00a0said they put in around 150-160 hours in total preparing in the months leading up to the exam. Saaz Rai,\u00a0writing on Quora,<\/a>\u00a0says he passed after studying 6 to 7 hours a day for about three weeks. On the other hand, a\u00a0poster on the Infosec Institute\u2019s community forums<\/a>\u00a0says they passed after studying for a \u201ccouple of weekends.\u201d<\/p>\n

CISSP certification study guide\u00a0\u00a0\u00a0\u00a0<\/strong><\/h2>\n

Many test takers will want a guide to structure their preparation. ISC2puts out\u00a0an official study guide to help you<\/a>, but that\u2019s by no means your only option. The\u00a0CISSP All-in-One Exam Guide<\/a>\u00a0is widely beloved, and has a\u00a0companion set of practice exams<\/a>. SSI Logic has book with\u00a01,000 practice questions<\/a>\u00a0and detailed solutions you can grind your way through. And if that\u2019s not enough, check out the Netwrix blog for\u00a0more study guide options<\/a>. \u00a0\u00a0<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

CISSP certification: Requirements, training, exam, and cost The Certified Information Systems Security Professional \u2018gold standard\u2019 certification demonstrates your skills, testifies to your experience, and opens career advancement opportunities, including higher salary. What is CISSP? \u00a0 Certified Information Systems Security Professional (CISSP)\u00a0is an advanced certification for IT and cybersecurity professionals that demonstrates their ability to design, […]<\/p>\n","protected":false},"author":0,"featured_media":4635,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4910","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4910"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4910"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/4910\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/4635"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}