What is CISSP Certification?

CISSP or Certified Information Systems Security Professional is a certification created by International Information Systems Security Certification Consortium, or shortly ISC2.

Its main purpose is to manage the overall information security program in order to protect organizations from the uprising sophisticated attacks.


Recognition: CISSP certification is widely recognized by the related industry (Information security).  The CISSP is an extremely valued certification for a lot of professionals and is well respected by majority of large, global companies such as Google, IBM etc. The US ISSEP has acclaimed this very certification as a baseline for the NSA. 

 Popularity:  Based on reports issued by ISC2, from May 2014, well over 93,000 individuals have claimed the Certified Information Systems Security Professional certification in over more than 145 countries worldwide. Since its creation back in 1989, the Certified Information Systems Security Professional has been the most-popular Information Technology security certification for over 25 years, which shows just how worthy It is.

Aging: CISSP is the oldest Information Technology certification in the world. It is considered the dinosaur of certifications and has had over 2 decades to grow, resulting in being a very powerful certificate.

Wage: Based on the Global Information Security and Workforce report, professionals that acquired the CISSP certificate are earning a worldwide average wage that is 25% higher than those without the certificate. Tech Republic survey has ranked jobs for CISSP owners at number 4 in the top 15 ladder of highest paid jobs. The InfoSec Institute claims  that the average wage for a female CISSP owner is roughly   in-between $73,000 and $111,000, while the average wage for a male CISSP owner is roughly in- between $79.000 and $119,000,  making this certification  the highest paying credential in the Information Technology industry.  

I Know you need More Reasons!

  • Overall Stability of IS(Information Security) Positions: By taking a look at SC2’s Global Workforce Survey in 2013, Information Security  is arguably one of the most stable professions in Information Technology, which can be further proved by the fact that more than 80% of IS employees haven’t had little to no change in their employment status.
  • Important Qualification for Some Roles: Many of the major organizations have CISSP certificate as a primary qualification requirement. This is mainly due to the depth of the CISSP training. It prepares the professional individual to wrestle with any security threats to the Information Technology infrastructure of an organization.

  • Prioritizing the CISSP holders: The Global Workforce Study  also suggests  that  certification of knowledge heavily impacts the job placement and  further advancement – having a huge amount of knowledge of the specific security field was the primary factor in contributing to career prosperity, followed by communication skills.

  • Highly appreciated in the IT environment: CISSP professionals are believed to be more effective than IT professionals that specialize in other areas: hardware and software experts are being perceived as the lower part of the ladder, rather than security professionals, in terms of overall effectiveness.

  • Technological Development and CISSP Correlation: With new trends appearing, such as Bring Your Own Device or BYOD, and Social Media Arrangement, the need for CISSPs is even greater – besides security flaw prevention they can also manage large quantities of operations in an environment that is not risk-averse.

  • Access to ISC2’s Members Area: With the CISSP certification, you will have the access to Member’s Area on an International Information Systems Security Certification Consortium (ISC)2 website. Members can exclusively enjoy in the benefits of free access to the variety of useful materials. It also gives you an opportunity to share knowledge and ideas with other security professionals.

  • Simply the Best: The CISSP certification is the most wanted and popular certification in the IT Security world. Strict training process, high ROI, makes CISSP the indisputable champion, irresistible to any serious IT security individuals

How to become a CISSP through (ISC)2?

Have at least Five Years of Security Work Experience: You must prove that you have at least 5 full time paid years of work experience behind in at least 2 out of 8 CISSP CBK domains, which are Software Development Security, Security Operations, Security Assessment and Testing, Identity and Access Management, Communications and Network Security ad Security Engineering.  On the job experience is mandatory for both the certification and exam process.

Prepare Yourself For the CISSP Exam: You must score at least 700 out of maximum 1,000 points. Though Now They Introduced CAT Testing which allow you to pass the Exam in just 1-3 Hours and around 120 Questions, Earlier This exam consists of a mix of multiple choices and advanced questions. You were given a time frame of 6 hours to complete the exam.

But Now it’s CAT

The exam is not free of charge, your wallet will suffer a casualty of $699, so be well prepared as It is non-refundable. The (ISC)2 CISSP webpage is offering a pre-exam practice outline that is free of charge  alongside Study Application that costs around $10. You can download it through Google Play or App Store. If you are in need of more than self-study materials, you can consider other options such as online class and training. Training costs vary from party to party. To get an approximate number, official (ISC)2 self-paced course costs around $2,750. Training in-class will cost you more.

CISSP Endorsement: Once CISSP is completed, you will have to accept (ISC)2’s Code of Ethics and fill in an endorsement form to officially claim the CISSP certification. Furthermore, your endorsement form will be signed by another (ISC)2 certified individual, the one that will verify your professional work experience. You will have to submit the endorsement form within the 9-month time frame of passing your exam, otherwise the certification will not be issued to you even If you’ve passed the exam.

CISSP Maintenance: After being fully certified, you’ll be in an obligation to pay the $85 maintenance fee reoccurring each year for 3 years ($255 total).

Is CISSP Worth the Pain?   You may ask yourself, what does this exam prove? Confirm that you know the sufficient information on organization’s information system security? – The answer to that question is a double-edged sword. Yes, It means that you know how to get an organization to face the ISS challenge. Then again, this is fairly different from being experienced and skilled in required technical roles, therefore lies the considerable amount of confusion, and for some, frustration.

Let’s say that you’ve learned how to execute the penetration testing on Kali Linux, you’ve coded some witty tools of your own making in Python. And now you’re seeking for a job where you can put this knowledge to the test, full time. You go ahead and check craigslist and find an interesting job, just a few blocks away from you. Awesome, right? You keep scrolling and you reach the bottom of the listing just to see that CISSP is MANDATORY REQUIREMENT. Final conclusion? Whilst CISSP certification is not a skill and experience measurement tool, It Is still going to going to impact your hiring process. It’s like a University certificate, without the paper you can’t get hired on certain places.

Some Attack Types to Focus in Exam...

  • Passive Attacks: Monitor unencrypted traffic – resulting in disclosure of sensitive information.
  • Distributed Attacks: Malicious code forced into trusted software during the distribution.
  • Exploit Attacks: Zero-day Attack – Existing vulnerability in code further exploited
  • Password Attacks: Passwords of accounts cracked using wordlist or brute force techniques.
  • Phishing Attacks: Sensitive user information stolen by creating fake web-pages mimicking the original ones.
  • Insider Attacks: Employees or saboteurs manipulating the networks from the inside.
  • Hijack Attacks: Information exchanged between two users interrupted and rerouted.
  • Buffer Attacks: Overloading the system by spamming It with huge amounts of data.