Considering earning your CISSP certification?
The Certified Information Systems Security Professional (CISSP) certification is considered by many to be the premier cybersecurity certification for IT professionals. According to the International Information Systems Security Certification Consortium (ISC)2, this certification validates an information security professional’s technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization.
Here are the steps we recommend you follow on your journey to becoming a CISSP.
Step 1: Learn About the CISSP Exam
If you want to earn the certification, you have to take the CISSP exam. This exam covers the following eight domains:
Security and Risk Management
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Software Development Security
While most languages provide a standardized linear format exam, the English version of the exam will be in a Computerized Adaptive Testing (CAT) format. In the linear form of the exam, candidates will answer 250 questions in 6 hours. However, in the CAT form of the exam, candidates will answer 100 to 150 questions in 3 hours. For more information on the CAT format, visit the (ISC)2 website.
Step 2: Review the Qualifications for Taking the Exam
(ISC)2 suggests you review the candidate background qualifications to ensure you meet the standards needed to become a CISSP. You should also make sure you have the job experience needed to qualify to take the exam: you need at least five years of cumulative, paid work experience in two or more of the eight domains of the (ISC)2 CISSP Common Body of Knowledge (CBK). The experience requirement details can be found here.
While you do not need to provide this information prior to taking the exam, understand that (ISC)2 randomly audits individuals who pass the exam. Those that are chosen for audit will need to provide an experiential resume to (ISC)2. If you fail to meet the minimum requirements, you will become an Associate of (ISC)2. You will then have six years to earn the five years required experience.
If you meet these requirements, you can go on to the next step.
Step 3: Obtain Your Study Materials
The first study resource that you need is the exam outline, which can be obtained here. As with any exam, you should then obtain your study materials. If you are able to take a course, use the provided courseware. However, we have found that because of the breadth of topics in the exam, most examinees will require a least two study resources. Finally, purchasing a practice test is also suggested, but make sure to purchase from a reputable practice test vendor.
Step 4: Prepare a Study Plan and Follow It
Because of the breadth of the topics covered in the CISSP exam, you should prepare a study plan. This study plan should include a study calendar that counts down the day until you plan to take the exam. While each person’s experience and knowledge level is different, we recommend that you study a minimum of six months for the exam.
During the first month, spend time familiarizing yourself with all eight domains of the exam. As you go through the content, make notes of areas in which you are particularly weak and create any tables that you need to memorize. As you complete a domain, take an assessment on the domain to determine your level of knowledge.
At the end of the first month, prepare a study plan for the next month to spend focused time on each of the eight domains, approximately three to five days per domain. Continue in this manner month-by-month, zeroing in more and more on the areas you are deficient in as you get closer to your projected exam date.
Step 5: Schedule the Exam
When you are two months out from your project date, schedule the exam. We encourage candidates to use this time-frame to help them keep the end goal in mind. Otherwise, it is tempting to procrastinate. Scheduling the exam also encourages you to buckle down and follow your study plan.
To take the exam, you will register with Pearson Vue. If you have not already done so, you will need to create a Pearson Vue user account. You will pay the examination fee of $699 at the time of registration. (You may be able to purchase an exam voucher from an authorized training provider for less.) You will also need to complete the Examination Agreement and review the Candidate Background Questions.
Step 6: Take the Exam (and Pass)
As with any test, be sure to get plenty of sleep and arrive at the test center at least 15 minutes prior to the scheduled time. Take time to review any flashcards and charts that you may have immediately prior to the exam. Remember that with the CAT format, you cannot go back and review any of your answers. Any breaks you take will count toward the three hours of exam time.
Step 7: Meet the Post-Exam Requirements
To become a full CISSP, just passing the exam isn’t the final step. You will also need to subscribe to the (ISC)2 Code of Ethics and have your CISSP application endorsed by a CISSP-certified individual or (ISC)2.
Even after becoming a full CISSP, your job still isn’t done. Now you need to work on those continuing professional education (CPE) units. The CISSP certification has both annual and three-year overall CPE requirements. You must pay $85 each year of your three-year certification cycle. Your payment is due before your certification or recertification annual anniversary date. Over the three-year CISSP certification cycle, you must earn and post a minimum of 120 CPE credits.
You Can Do This
As you can see, the steps to becoming (and maintaining) a CISSP is a bit more involved than most other IT certifications, but it is worth it. Remember to always consult the vendor’s website for the latest information on the CISSP.
Posted by: Robin Abernathy