IT certifications are now an integral part of long-term career success. While companies still prioritize traditional four-year degrees and require hands-on industry experience for infosec professionals, organizations also recognize the value of cybersecurity certifications — reputable and accredited courses that demonstrate competence and confidence in specific areas of information security.
While the market for cybersecurity certifications is rapidly growing, the certified information systems security professional (CISSP) remains one of the most in-demand to help advance cybersecurity careers.
Let’s break down this certification — what is it? What does training look like? Who’s hiring? Where? And how much are they willing to pay?
Building a Better Network
As noted by Forbes, 74 percent of businesses now say that the IT skills shortage is impacting their business — and making it more difficult to keep information secure. The result? Organizations are looking for skilled IT managers capable of going beyond basic threat identification and analysis to design and implement company-wide security practices and policies that boost overall defense and reduce total risk.
It’s this drive for defense by design that’s driving the uptick in comprehensive security certifications such as CISSP: Businesses now need IT professionals with the right combination of practical skills and earned certifications to develop C-suite trust, bring front-line staff on board and build secure networks that can both handle current challenges and evolve to meet emerging threats.
As one of the most popular and widely-recognized security certifications, CISSP is a great starting point for infosec pros looking to level up their IT career.
What is CISSP?
CISSP was created by the Information Systems Security Certification Consortium (ISC)2 and is designed for seasoned IT professionals with three to five years of infosec experience. According to Business News Daily, there are approximately 10,000 IT careers available day-to-day, which includes a requirement for CISSP certification.
So what’s the big deal with CISSP? Put simply; this certification demonstrates that IT pros have the critical skills necessary to design and manage corporate infosec environments from the ground up. CISSP includes everything from creating access and permission policies to developing incident response plans, implementing key controls such as IAM and monitoring solutions, and ensuring all infosec frameworks are consistently applied across corporate networks at large.
It’s a big job, one that comes with substantial responsibility and demands the ability to apply high-level security knowledge on-demand to effectively manage emerging risks and respond to critical events.
CISSP Training Basics
If you’re looking for CISSP training, make sure you meet the minimum requirements — at least five years of security experience across at least two of eight Common Body of Knowledge (CBK) domains covered by CISSP, which include:
- Security and Risk Management
- Asset Security
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
While CISSP training is not required to take the exam, it is highly recommended to help prepare infosec pros for fundamental concepts and questions found on the 6-hour, 250-question test. A score of 700 out of 1000 is required to pass, and students must then subscribe to both the (ISC)2 Code of Ethics and complete an endorsement signed by another CISSP to obtain full certification. You are also required to recertify every three years.
If you don’t have the work experience necessary for CISSP, it’s worth considering other entry-level certifications to help boost your infosec abilities and streamline the CISSP process. Some of the most popular include Security+, the Systems Security Certified Practitioner (SSCP), and the Certified Information Security Manager (CISM).
Potential Job Opportunities
Once you’ve obtained a CISSP certification, what type of opportunities are available?
Some of the most in-demand jobs include:
- Security Manager — Responsible for overseeing the implementation and effectiveness of company-wide security policies and processes.
- Security Auditor — In charge of auditing current security systems for potential weaknesses and vulnerabilities and implementing critical upgrades.
- Security Consultant — This rapidly-growing job field speaks to the increasing corporate use of independent contractors; consultants are often brought on board for specific, high-level security projects and given substantial autonomy to complete their work.
- Chief Information Security Officer (CISO) — CISO roles are now in high demand as companies look for technology professionals with the ability to manage both boardroom demands and deliver best-in-class security solutions.
With substantial job growth over the past five years and demand only increasing as the cybersecurity skills gap widens, many jobs which require the CISSP pay $90,000 or more per year.
Who’s Hiring CISSP Professionals?
While companies across the United States now prioritize CISSP-certified professionals for top-tier infosec jobs, Clearance Jobs notes that CISSP also meets the requirements of the U.S. Department of Defense (DoD) Directive 8570.1. This opens an entirely new subset of jobs focused on government cyber defense, incident readiness, and policy implementation for CISSP holders.
If you’re interested in government infosec work, it’s worth considering areas which house multiple federal agencies — such as Washington DC — along with nearby locations such as Maryland and Virginia which are now becoming tech hubs in their own right.
The takeaway? CISSP certification is ideal for experienced IT pros looking to expand their IT knowledge, design network defense at scale and improve their infosec career outlook.