HOW TO BECOME A CISSP (CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL)
The Certified Information Systems Security Professional (CISSP) is an information security certification for cyber security analysts. It was created by the International Information Systems Security Certification Consortium (ISC).
The certification was created to ensure professionals in computer security have standardized knowledge of the field. Earning a Certified Information Systems Security Professional certificate can help you have a successful career as a computer security professional.
WHAT IS THE CISSP?
The Certified Information Systems Security Professional (CISSP) exam is a six-hour exam consisting of 250 questions that certifies security professionals in ten different areas, namely:
- access control systems and methodology,
- business continuity planning and disaster recovery planning,
- physical security,
- management practices,
- telecommunications and networking security.
Other areas important to the CISSP certification are cryptography, security architecture application and systems development, law, investigation, and ethics.
HOW TO EARN CISSP CERTIFICATION
REQUIREMENTS & WAIVERS
To become certified as a CISSP, you will need at least five years of full-time, paid work as a security analyst in two or more of the eight domains covered in the CISSP, such as cryptography and software development security.
There are experience waivers available for those with college degrees and additional credentials if these are approved by the (ISC). You also can become an Associate of the (ISC) and earn the CISSP when you meet your experience requirement.
CISSP EXAM & ENDORSEMENT
The next step is to prepare for and pass the exam. You will need to have scored a minimum of 700 out of 1000 points to pass the exam. After passing the exam, you will need to have an endorsement in subscribing to the (ISC) Code of Ethics and you will have to have an endorsement from another (ISC) professional who can verify your professional experience requirements such as length of employment, professional reputation, and continuing education as a security analyst.
Obtaining a professional endorsement from a current member is the reason it is important to belong to professional organizations and to participate in professional seminars and events. These are useful career moves that are useful for networking with potential endorsers of your CISSP application.
ANNUAL FEES & CONTINUING EDUCATION
A CISSP certification requires an annual maintenance fee of $125 at the end of each certification year, and you must take the test every three years to remain a member in good standing with the certification.
You must earn at least a minimum of 20 Continuing Professional Education (CPE) credits each year within the three-year certification cycle. You can re-certify by completing 40 annual CPEs and paying the annual maintenance fee. These classes can be taken at a university or through online courses dedicated to security issues.
HOW TO PREPARE FOR THE CISSP EXAM
STUDY ARCHITECTURE AND ACCESS CONTROL
Security professionals who study for the CISSP should be able to explain issues such as architecture and access control for protecting information system assets. In being able to explain these issues to clients and other stakeholders, the analyst must know how to assess the business or organization's current operations policies for incident response and make recommendations to those concerned for improvements to business or organization security.
UNDERSTAND DISASTER RECOVERY POLICIES
Knowing how to explain the importance of disaster recovery policies and demonstrate multiple and effective strategies to clients and stakeholders is a key skill tested in the CISSP. As part of the communication process, security analysts must compare and contrast different cryptographic protocols and be able to make recommendations based on this analysis of security needs. Creating systems of policies, standards, procedures, and guidelines with clients and stakeholders in mind should be the end goal of a CISSP analyst who earns certification.
DEMONSTRATE TECHNICAL PROFICIENCY
In terms of technical knowledge, CISSP analysts must demonstrate proficiency in a number of areas. Proficiency in network security architecture and design, being able to implement network architecture to anticipate threats and best use given sometimes limited resources.
This includes demonstrating a clear understanding of software security applications' life cycle effectiveness. CISSP analysts also should have the ability to collect digital forensic evidence while maintaining the integrity of the evidence gathered. They also must demonstrate knowledge of physical security systems and how they add value to network security systems.
WHY GET CISSP CERTIFICATION?
A Certified Information Systems Security Professional (CISSP) may be helpful for security professionals. Many employers value the CISSP for its designation as a standard for security professionals.
Burning Glass Technologies, a career site, reports that nearly one-fourth of cyber security job postings in 2020 requested the CISSP. According to the (ISC), "certified information security professionals earn a worldwide average of 25% more than their non-certified counterparts."
Being a CISSP professional may lead to more opportunities within the security analyst field. Security professional positions such as network security specialists, senior security engineers, information security manager, or chief security officers may benefit from CISSP certification training.
Note: Certificate vs Certification
- Certificate: A certificate is awarded by an educational institution, and signifies that a student has satisfactorily completed a given curriculum. Certificate programs can help students prepare for certification exams.
- Certification: A certification is generally awarded by a trade group after an individual has met certain professional requirements (e.g. earned a specific degree, worked professionally in a given field for a set amount of time, etc.) and passed a certification exam.
In short, a certificate is evidence that someone has completed an educational program, while a certification denotes that someone has met a certain set of professional criteria and/or passed an exam.
Not all programs offered are designed to meet state educator licensing or advancement requirements; however, it may assist candidates in gaining these approvals in their state of residence depending on those requirements. Contact the state board of education in the applicable state(s) for requirements.