From the CISSP Exam to the CISSP Certification: An A-Z Guide


What is CISSP?

The Certified Information Systems Security Professional certification is the world’s gold standard cybersecurity certification

Who should pursue a CISSP certification?

Anyone who is seriously interested in becoming a cybersecurity professional should                                             pursue and obtain the CISSP certification.

Benefits of a CISSP certification

For employers
Employers who hire a CISSP certified cybersecurity professional knows that the employee understands how technical and management aspects of cybersecurity work together to form the organization’s security management plan and can integrate this into the business strategy.
For employees
The CISSP certification provides the critical key to opportunities across federal, military, and commercial cybersecurity professions and positions. The CISSP is the gateway to a career in cybersecurity allowing an expert to further define their roles and responsibilities.

How to gain a CISSP certification?

1. The CISSP candidate can pursue the certification through several means:
a. A live classroom experience, called a bootcamp, where the candidate is exposed to the 8 domains of the CISSP over a 5-day period of time. Benefits of a live classroom experience is the ability to have an instructor tailor the course to the class, answer questions, and bring scenario-based experiences to better understand the concepts.
b. A virtual classroom experience where the candidate is exposed to the 8 domains of the CISSP through an internet connection. Benefits of a virtual classroom experience is the ability to take the course from the comforts of where you wish to attend (at home, at a coffee shop, etc), travel and dress code are at your discretion, and breaks are when you desire. Some virtual classrooms have a live instructor to discuss and tailor the class, but the instructor is limited compared to the live classroom experience.
c. Webinar classroom experience is similar to the virtual classroom, except the instruction is normally recorded by a live instructor. Benefits of a webinar-based classroom experience is the ability of the candidate to stop and start the session when they choose depending on the time available. The webinar also allows the candidate to repeat various lessons or segments to better understand the materials.
d. Self-study is the final means to prepare for the CISSP exam and is normally combined with a live, virtual, or webinar method. Benefits of a self-study experience is the vast amount of books, practice exam test banks, and training tools available to the candidate to support their way of learning the CISSP domains.
2. Register for the CISSP exam with Pearson Vue
3. Take and pass the CISSP exam at a Pearson Vue testing center
4. Once notified by (ISC)2 that the exam is officially passed, obtain a sponsor who has already been certified by (ISC)2 in one of (ISC)2’s certification programs
5. Obtain the required experience needed for the CISSP certification, or ensure that a full-time position is available to obtain the experience after receiving the certification
The CISSP certification costs $699 per attempt.

What are the pre-requisites and eligibility criteria?

(ISC)2 requires that a CISSP candidate have at least 5 years of experience in 2 or more of the CISSP domains. The experience is needed to both understand the concepts covered within the CISSP and to demonstrate to employers the ability to integrate experience with knowledge.
(ISC)2 allows the CISSP candidate to waive 1 year of the experience requirement by having a degree from a higher learning institution that meets the criteria specified by (ISC)2. Normally, this degree should be in a technical or science field of study – engineering, computer/ information sciences, mathematics, but a candidate can submit their request to (ISC)2 and obtain a decision regardless of degree program area.
(ISC)2 allows the CISSP candidate to take the exam without the requisite experience, and if the candidate passes the exam, (ISC)2 issues the CISSP certification to the candidate and notifies the candidate that they are an ‘Associate of (ISC)2’ until they obtain the required 5 years of experience. The candidate has 6 years to obtain the 5 years of experience.

How hard is it to get CISSP certified?

The CISSP certification is a difficult certification to obtain. For some candidates, they are able to take a class, study the materials and pass the exam the first time. For other candidates, they need to retake the class, and continue to study the materials for a second exam attempt. The most important point to remember – stay focused and pursue your goals and you will obtain the CISSP certification.

How to prepare for the CISSP exam?

Most of the successful CISSP candidates prepare for the exam in the following way:
01 Self-study – obtain books, practice exams, and training tools to begin their preparation of the CISSP domains. Many will spend 1-2 months preparing.
02 Bootcamp – after completing a self-study exam preparation, they register for a bootcamp to maximize their ability to understand and retain the information learned. The bootcamp instructor is normally able to highlight and tailor the training materials to fully allow the CISSP candidate to understand difficult areas.
03 Continue to self-study until taking the exam (normally within 1-2 weeks of completing the bootcamp).

How long does it take to get CISSP certification?

1. A CISSP candidate is notified at the Pearson Vue testing facility of their pass or fail score. If a passing score is obtained, you will be informed that you “Provisionally Passed”. This means that you passed the exam and now (ISC)2 will review the exam you took, the answers provided, and ensure no anomalies or errors are found. Rarely are there any complications in this process.
2. The CISSP candidate will be notified within 1-2 weeks that they officially passed the exam and may apply for the CISSP certification.
3. The CISSP candidate must identify a (ISC)2 certified member (someone who is currently an (ISC)2 certification holder) to sponsor them for the certification – the sponsor is attesting to the candidate’s experience and has met the requirements.
4. The CISSP candidate applies for the CISSP certification through the (ISC)2 website portal.
5. The CISSP candidate will normally receive notification from (ISC)2 within 4-6 weeks that they are a CISSP and a full member of (ISC)2 or that they are an Associate of (ISC)2 if they still need to obtain some of the experience requirements as outlined for the CISSP.

How to add CISSP to your resume ?

The CISSP candidate may add the CISSP certification to their resume, place the ‘CISSP’ after their name, and download the (ISC)2 CISSP badge from the (ISC)2 website after they have been officially notified by (ISC)2 that they are ‘Certified’ as a CISSP. Passing the exam does not constitute the ability to use CISSP on a candidate’s resume.


How long is CISSP valid?

The CISSP is valid for 3-years and is renewable through Continuing Professional Education (CPE) units.

What is the re-certification process?

A CISSP member enters into their (ISC)2 portal the CPEs earned during a year. As long as a CISSP member obtains the required CPEs each year and pays their annual CISSP maintenance fee ($85/year), the CISSP member is not required to retake the exam.

A CISSP member must obtain 120 CPEs over a 3-year period of time.
A CISSP member must obtain 40 CPEs per year.


1. The CISSP exam is a 100-150 question, adaptable exam.
2. A CISSP candidate has 3-hours to complete the exam.
3. The adaptable exam does not permit the ability to flag or return to previous questions to review and/or change answers.
4. The CISSP exam will finish when either the candidate completes 150 questions or when the exam determines that the candidate has either passed the exam or failed to achieve the required 70% (700 out of 1000) pass rate for the exam.
CISSP Syllabus
The CISSP syllabus consists of 8 domains, each covering subjects related to various areas of cybersecurity or information security
When does the CISSP exam changes
The CISSP course and exam change approximately every 3-years, or when the cybersecurity and/or information security domain changes enough to warrant a curriculum and exam change.
How many questions in CISSP exam
The CISSP has 100-150 questions, depending on how the CISSP candidate is performing on the exam. There is no way to know how many exact questions each candidate will receive.
Exam Time
The CISSP exam is a timed exam of a maximum of 3 hours. The exam may stop early if the candidate has demonstrated that they have either passed the exam or failed the exam beginning after question 100.
Passing marks
The CISSP exam has a passing score of 700 out of 1000. The questions all have the same value towards the exam score. Each exam may have up to 25 questions which are for evaluative purposes and are not scored – the candidate will not know which questions these are while taking the exam.

Link to the practice tests ($99/year)
Numerous Online question banks – be careful as some are not valid – stick to reputable sites backed by (ISC)2

Jobs and trends

The job market has hundreds of different titles for positions related to cybersecurity and/or information security. Depending on a candidate’s experience, a candidate with a CISSP can pursue Analyst, Forensics, Malware, Information Assurance, Security Control Assessor, Engineer, or Director-level positions.
The numbers of positions demanding cybersecurity and/or information security expertise is dramatically increasing with more positions needing filled than experts to fill them.

Salary with survey

Depending on where a CISSP member chooses to work (location, employer, position), will have significant impacts on salary ranges.
 $60,000 CISSP experts have salary ranges in an entry-level positions.
$175,000+ CISSP experts have salary ranges in an entry-level positions.

Career Roadmap


CISSP Expert Conversation

The need for security experts…

expert-2The past 30 years has seen explosive growth in technology and the use of these advancements into our workplace, our homes, and into every aspect of our lives. Smart devices, artificial intelligence, quantum computing, medical technology, and industrial control systems are completely interlaced into our society, our culture, and our relationships. As fast as we have embraced these technologies into our lives, threats have been devising and embracing ways to use these same technologies to gain access to resources that we have – our privacy, our financial instruments, our reputations, our security. It’s too easy to say, ‘reverse our dependence’, but that’s like saying ‘stop breathing’.
Businesses, governments, academia are all seeking employees who are experts in understanding how to translate security concerns and solutions into critical business decisions allowing senior leaders to allocate limited resources to protect those informational assets vital to their mission. Around the world, information security and cybersecurity experts turn to the (ISC)2 Certified Information Systems Security Professional (CISSP) certification as the gold-standard, indicating a level of competence and knowledge to support these senior decision leaders in finding critical solutions.

Why CISSP certification?

certification-2The CISSP signifies an information security expert has over five years of experience, the technical knowledge needed to understand engineers and analysts dealing with information technology (IT) infrastructure both internal and external to the organization, and the management level requirements dealing with governance, legal, and financial impacts and how risk and security management must play a pivotal role in every business decision. The CISSP is the key translator, expert, and leader to support any organization across the information spectrum in any career field – health, industry, government, finance, academia, and services. Anywhere that information is critical to the business, the CISSP can translate security requirements into business decision recommendations.
As an employer, you seek experts who can rapidly understand your requirements, your resources, and your business direction. You seek an expert who can engage at all levels – technical, operational, and managerial, to arrive at a solution, then translate that solution into actionable intelligence for you as a business leader to make those strategic decisions. Seeking and hiring a CISSP certified information security expert ensures you have an expert who can support what you need – bridge the gap between technical and management, understanding the technical jargon and data and provide clear, logical data to you the business leader in terms that you clearly understand and can use to make decisions.

How to become CISSP certified?

become-2Gaining the CISSP certification is not easy – it shouldn’t be. It takes months of study, even for those who are on the technical side of information security – system or network engineers, analysts, forensics, and scientists. The CISSP is not just a technical certification, it is a management level certification as well. It took time, study, and dedication to get to where you are today – devote that same attention to the CISSP and you will be successful. The good aspect of the CISSP is that it builds upon what you already know whether you’re in a technical or management career field; therefore, it won’t take you years to obtain. Seek out a superb training organization and engage with an expert instructor who can bring to reality all of the concepts and terms associated with the CISSP – the instructor will challenge you over a week of class, but you will gain an enormous appreciation for the broad scope of the CISSP and the details required to pass the exam and obtain the CISSP.
When you pass the exam and obtain the CISSP certification, you have a right to celebrate for you earned a pivotal, career certification. Employers are seeking you to support them and the career positions are vast and prevalent.
Remember – “Your choice. Your career.”
James R. Beamon, Colonel (ret), USAF