CISSP Certification: Experience Counts (What Experience Do You Need to Have Before You Take the CISSP Certification Exam?)
Pursuing the CISSP certification is more than just booking the exam and calling it a day. You must have a good deal of work and education experience to become eligible for the CISSP exam. After all, the whole point behind attempting the exam is to assess your knowledge and showcase your skills. You can't evaluate something that you don't have enough of.
But what experience do you exactly need to have to take the CISSP certification exam? That’s what we’re going to find out in our in-depth guide.
But what experience do you exactly need to have to take the CISSP certification exam? That’s what we’re going to find out in our in-depth guide.
What Is CISSP?
The Certified Information Systems Security Professional (CISSP) certification is a reputable certification that many cybersecurity professionals aspire to get at some point in their careers.
What Is CISSP?The Certified Information Systems Security Professional (CISSP) certification is a reputable certification that many cybersecurity professionals aspire to get at some point in their careers. The certification is globally recognized, and a limited number of IT security professionals have it. In other words, the demand for CISSPs highly exceeds the supply, which means that the certification can make getting your dream job way easier. |
According to a recent survey published on (ISC)²’s website, the CISSP certification is the most valuable security certification for 2021. The certification is granted by (ISC)².
The History of (ISC)²
The International Information System Security Certification Consortium or (ISC)² is a pioneering non-profit organization in the cybersecurity industry. There are over 140,000 members, making it the most prominent IT security organization in the world. (ISC)² members come from various parts of the world, but a good percentage of them are American. The organization is responsible for training and awarding certificates to security professionals. It’s also concerned with setting the working standards in the industry. |
Who Is the CISSP Certification Suitable For?
The CISSP certification is tailored for experienced cybersecurity professionals who are looking for a way to validate their skills and climb the ladder to better job positions. It’d be a great path to take if your job title is any of the following:
- Security Systems Engineer
- Security Consultant
- Chief Information Security Officer
- Director of Security
- Security Analyst
- Network Architect
- Security Auditor
- IT Director/Manager
- Chief Information Officer
- Security Manager
- Security Architect
What Experience Do You Need to Have Before You Take
the CISSP Certification Exam?
(ISC)² has rigorous CISSP requirements when it comes to work and education experience. If you don’t meet all of the criteria, your application won’t be accepted.
You’ll also have to provide all the necessary documents that prove that you meet the prerequisites, so ensure that you don’t make any claims without submitting supporting documents to prevent your application from getting rejected.
Without further ado, here’s the experience you need to have as a CISSP candidate:
You’ll also have to provide all the necessary documents that prove that you meet the prerequisites, so ensure that you don’t make any claims without submitting supporting documents to prevent your application from getting rejected.
Without further ado, here’s the experience you need to have as a CISSP candidate:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Software Development Security
- Communication and Network Security
- Security Assessment and Testing
- Identity and Access Management (IAM)
- Security Operations
Both full-time and part-time work experience count, but they’re not calculated the same way. For instance, to gain one month of work experience, you need to work 35 hours/week as a full-timer for 4 consecutive weeks.
On the other side of the coin, working for 1040 hours in a part-time job counts as 6 months of full-time work experience, while 2080 hours of part-time work experience is similar to working for 12 months as a full-timer.
Additionally, keep in mind that your part-time work experience should be somewhere between 20 and 34 hours per week.
Internships count, too. However, you must provide the documents that prove you've worked as a security intern in one of the 8 CISSP domains. It’s also worth noting that both paid and unpaid internships count. Also, if your internship is part-time, it’ll be calculated similarly to other forms of part-time jobs.
On a side note, it’s essential to clarify that you need a minimum of 4 years of work experience to become eligible for the CISSP exam. Even if you have a college degree and dozens of certificates, you’re only able to substitute your education experience with one year of work experience.
The easiest and most straightforward way to get the required experience is to work as a full-timer for 5 consecutive years (or 4 years if you already have a college degree) in two of the 8 security domains. A certificate can make the road shorter, too.
On the other side of the coin, working for 1040 hours in a part-time job counts as 6 months of full-time work experience, while 2080 hours of part-time work experience is similar to working for 12 months as a full-timer.
Additionally, keep in mind that your part-time work experience should be somewhere between 20 and 34 hours per week.
Internships count, too. However, you must provide the documents that prove you've worked as a security intern in one of the 8 CISSP domains. It’s also worth noting that both paid and unpaid internships count. Also, if your internship is part-time, it’ll be calculated similarly to other forms of part-time jobs.
On a side note, it’s essential to clarify that you need a minimum of 4 years of work experience to become eligible for the CISSP exam. Even if you have a college degree and dozens of certificates, you’re only able to substitute your education experience with one year of work experience.
The easiest and most straightforward way to get the required experience is to work as a full-timer for 5 consecutive years (or 4 years if you already have a college degree) in two of the 8 security domains. A certificate can make the road shorter, too.
Education
Work experience isn’t the only factor that’s taken into consideration in the CISSP prerequisites. Your educational background can also make it easier for you to get accepted. For instance, college graduates can substitute one year of work experience with their degrees. It must be a 4-year program, though. The same goes for holding an information security degree from the U.S. National Center of Academic Excellence in Information Assurance Education (CAE/IAE). |
Academic education isn’t the only training type that counts, either. Many certificates can make your CISSP preparation journey shorter.
Some of them are granted by (ISC)², while others are awarded by Cisco, CompTIA, GIAC, and Microsoft. Here’s a complete list of the accepted credentials:
Some of them are granted by (ISC)², while others are awarded by Cisco, CompTIA, GIAC, and Microsoft. Here’s a complete list of the accepted credentials:
- Certified Authorization Professional (CAP)
- Certified Business Continuity Professional
- Certified Cloud Security Professional (CCSP)
- Certified Computer Examiner (CCE)
- Certified Ethical Hacker v8 or higher
- Certified Forensic Computer Examiner (CFCE)
- Certified Fraud Examiner (CFE)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified Internal Auditor (CIA)
- Certified Penetration Tester (GPEN)
- Certified Protection Professional (CPP) from ASIS
- Certified in Risk and Information Systems Control (CRISC)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Wireless Security Professional (CWSP)
- Cisco Certified Internetwork Expert (CCIE)
- Cisco Certified Network Associate Security (CCNA Security)
- Cisco Certified Network Associate - Cyber Ops (CCNA Cyber Ops)
- Cisco Certified Network Professional Security (CCNP Security)
- Cisco Cyber Security Specialist Program
- CIW – Security Analyst
- CIW Web Security Professional
- CIW Web Security Specialist
- CompTIA Advanced Security Practitioner (CASP)
- CompTIA Security+
- CompTIA CySA+
- CyberSecurity Forensic Analyst (CSFA)
- GIAC Certified Enterprise Defender (GCED)
- GIAC Certified Firewall Analyst (GCFW)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensics Examiner (GCFE)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Continuous Monitoring Certification (GMON)
- GIAC Cyber Threat Intelligence (GCTI)
- GIAC Global Industrial Cyber Security Professional (GICSP)
- GIAC Information Security Fundamentals (GISF)
- GIAC Information Security Professional (GISP)
- GIAC Mobile Device Security Analyst (GMOB)
- GIAC Penetration Tester (GPEN)
- GIAC Security Essentials Certificate (GSEC)
- GIAC Security Leadership Certification (GSLC)
- GIAC Strategic Planning, Policy, and Leadership (GSTRT)
- GIAC Systems and Network Auditor (GSNA)
- HealthCare Information Security and Privacy Practitioner (HCISPP)
- Juniper Networks Certified Internet Expert(JNCIE-SEC)
- Information Security Management Systems Lead Auditor (IRCA)
- Information Security Management Systems Principal Auditor (IRCA)
- Master Business Continuity Professional (MBCP)
- Microsoft 365 Certified Enterprise Administrator Expert
- Systems Security Certified Practitioner (SSCP)
Training
Apart from the official CISSP requirements, you need to study very well if you want to pass from the first attempt. When you book the CISSP exam, you’ll get access to some self-study materials, including a study guide, a link to download the official Study app, and other valuable resources. You can rely on these self-study materials to prepare for the exam. However, in most cases, they’re not enough. You’ll need to participate in a CISSP training program to secure a passing score in the exam. |
You can enroll in (ISC)²’s official training program, but it might be off-budget for many people since it costs $2,795. Luckily, many third-party training providers offer CISSP training at much lower prices.
The training program you pick can have a massive impact on your chances of successfully passing the CISSP exam, so make sure that you take the time to know your options and pick the best one out of them based on the instructor(s), student reviews, curriculum, and assessment methods.
Also, there are official training providers accredited by (ISC)². They’re pretty trusted, but don’t limit yourself to them because many good training providers aren’t accredited. Additionally, you’ll need to get a CISSP ebook to use as a reference alongside (ISC)²’s common book of knowledge.
The training program you pick can have a massive impact on your chances of successfully passing the CISSP exam, so make sure that you take the time to know your options and pick the best one out of them based on the instructor(s), student reviews, curriculum, and assessment methods.
Also, there are official training providers accredited by (ISC)². They’re pretty trusted, but don’t limit yourself to them because many good training providers aren’t accredited. Additionally, you’ll need to get a CISSP ebook to use as a reference alongside (ISC)²’s common book of knowledge.
CISSP Exam Details
Being aware of how the CISSP exam goes can help you identify the experience you need when preparing for it. Here’s a detailed breakdown of the exam’s structure:
Each of the 8 security domains has a fixed weight in the exam, and many questions are situation-based, which makes them tricky to answer. You must familiarize yourself with these questions before the exam by practicing with some mock tests.
This step is actually very important, and many CISSP ignore it for god knows why. Why would you attempt such an expensive exam that has a 6-hour duration without practicing for it first?
Costs
The exam costs $699, but it varies based on your location. If you decided to take the exam later after booking it, you’d have to pay an additional $50 fee. Also, if you had to cancel it, you’d pay a $100 fine.
This step is actually very important, and many CISSP ignore it for god knows why. Why would you attempt such an expensive exam that has a 6-hour duration without practicing for it first?
Costs
The exam costs $699, but it varies based on your location. If you decided to take the exam later after booking it, you’d have to pay an additional $50 fee. Also, if you had to cancel it, you’d pay a $100 fine.
CISSP Benefits
There are countless benefits of becoming a certified CISSP, which include:
Validation As we’ve discussed earlier, the CISSP certification is a great way to showcase your skills to potential employers and colleagues. It’s more than just a piece of paper that you hang on the wall; it’s the result of years of hard work and preparation. |
Having such certification in your CV will make you stand out among your peers, which takes us to the next benefit.
Better Career Prospects
Certifications drastically boost salaries, period. This is especially true for valuable ones like CISSP. The CISSP certification will enable you to have better job opportunities and higher salaries. According to glassdoor.com, CISSPs earn an average annual salary of $102,688 in the United States, making it one of the highest-paying certifications across all fields. It’s not just about the money, either. The certification will make you more favorable for managerial-level positions at your company. |
Even if you’ve decided to run your own IT security consultancy business, listing this certification in your professional history will help you earn your clients’ trust.
(ISC)² Membership
Once you pass the CISSP exam and get endorsed by a CISSP holder, you’ll automatically become a member of (ISC)². Being a member of such a large organization can benefit you in many different ways. For starters, it’ll be an excellent choice for you to expand your professional network. Also, you’ll get the chance to take part in free or discounted training programs and earn PCEs easily. You also get other lifestyle perks alongside the professional benefits, like discounts in car rentals, pharmacies, travel agencies, and gyms. |
Frequently Asked Questions
Why Does the CISSP Exam Require So Much Experience?
The primary reason (ISC)² has set strict requirements for professionals to apply for the CISSP certification is to make it more valuable. Imagine a world where everyone can apply for and get the CISSP certification; it'd be less valuable.
The whole point of getting certified as a CISSP is to establish credibility, which can only be done if the certification is challenging to apply for and acquire.
What Certification Should I Take Before CISSP?
As we've mentioned earlier, many certifications can make it easier for you to apply for the CISSP certification down the line.
If you’re an entry-level IT security specialist, consider opting for the (ISC)² Associate certification. You don’t need long years of work experience to get accepted in this one, making it easier for junior-level professionals to pursue. Not to mention, some of the topics covered are similar to those in the CISSP’s common book of knowledge.
Alternatively, you can check out (ISC)²’s Systems Security Certified Professional (SSCP) certification if you have a year or two of work experience up your sleeve.
How Do I Prove My Work Experience for CISSP?
To prove your work experience for CISSP, you need to provide these documents:
However, keep in mind that these documents are only required if you request (ISC)² to be your endorser. If you already have a CISSP holder as an endorser, you don't need to prove your employment.
Generally speaking, having an endorser other than (ISC)² may increase your chances of getting your application to pass through the screening process.
Is the CISSP Exam Difficult?
Yes, the CISSP exam is pretty hard, which is precisely why you must have sufficient experience before attempting it. According to previous CISSP candidates' historical data, the pass rate is just 20%, making it one of the most challenging exams in the world of cybersecurity.
However, don’t make the low pass rate deceive you. While the exam is by no means easy, if you prepare really well, you’ll be able to pass it from the first attempt.
Does the CISSP Certification Expire?
Yes, the CISSP does expire, but you can keep your certification if you dedicate enough time to it. To maintain your credential, you must earn 40 PCEs (Continuing Education Units) per year every 3 years. You also need to pay $85/year.
You can earn PCEs through volunteering, taking security-related training programs and academic courses, teaching others about CISSP, attending seminars and security conferences, and becoming an active member of an association chapter.
All in all, maintaining your CISSP certification is an excellent opportunity for you to develop your skills and knowledge continuously.
How Much Time Do I Need to Prepare for the CISSP Exam?
Provided that you already meet the submission criteria, preparing for the CISSP exam should take you somewhere between 3 and 6 months. It all depends on how much time you’re willing to dedicate to studying.
The primary reason (ISC)² has set strict requirements for professionals to apply for the CISSP certification is to make it more valuable. Imagine a world where everyone can apply for and get the CISSP certification; it'd be less valuable.
The whole point of getting certified as a CISSP is to establish credibility, which can only be done if the certification is challenging to apply for and acquire.
What Certification Should I Take Before CISSP?
As we've mentioned earlier, many certifications can make it easier for you to apply for the CISSP certification down the line.
If you’re an entry-level IT security specialist, consider opting for the (ISC)² Associate certification. You don’t need long years of work experience to get accepted in this one, making it easier for junior-level professionals to pursue. Not to mention, some of the topics covered are similar to those in the CISSP’s common book of knowledge.
Alternatively, you can check out (ISC)²’s Systems Security Certified Professional (SSCP) certification if you have a year or two of work experience up your sleeve.
How Do I Prove My Work Experience for CISSP?
To prove your work experience for CISSP, you need to provide these documents:
- A letter from the company (or companies) that confirm your employment dates
- Offer and termination letter combination
- Paycheck stubs - 3/year for each year you worked at the company
- W2s - 1/year for each year worked at the company, in addition to an extra one for the following year
- Any certificates that you can substitute for work experience
However, keep in mind that these documents are only required if you request (ISC)² to be your endorser. If you already have a CISSP holder as an endorser, you don't need to prove your employment.
Generally speaking, having an endorser other than (ISC)² may increase your chances of getting your application to pass through the screening process.
Is the CISSP Exam Difficult?
Yes, the CISSP exam is pretty hard, which is precisely why you must have sufficient experience before attempting it. According to previous CISSP candidates' historical data, the pass rate is just 20%, making it one of the most challenging exams in the world of cybersecurity.
However, don’t make the low pass rate deceive you. While the exam is by no means easy, if you prepare really well, you’ll be able to pass it from the first attempt.
Does the CISSP Certification Expire?
Yes, the CISSP does expire, but you can keep your certification if you dedicate enough time to it. To maintain your credential, you must earn 40 PCEs (Continuing Education Units) per year every 3 years. You also need to pay $85/year.
You can earn PCEs through volunteering, taking security-related training programs and academic courses, teaching others about CISSP, attending seminars and security conferences, and becoming an active member of an association chapter.
All in all, maintaining your CISSP certification is an excellent opportunity for you to develop your skills and knowledge continuously.
How Much Time Do I Need to Prepare for the CISSP Exam?
Provided that you already meet the submission criteria, preparing for the CISSP exam should take you somewhere between 3 and 6 months. It all depends on how much time you’re willing to dedicate to studying.
Final Thoughts
The CISSP certification can open new doors for you and advance your career forward. Hopefully, our guide has developed a clear picture of the experience you need before taking the CISSP exam. That’s actually the first step in your preparation journey.
No matter your current career stage, it's always a good idea to start preparing for the CISSP certification as early as possible. Even if you're a junior IT security professional, think of the CISSP credential as a long-term goal that’ll definitely pay off.
We understand that the requirements can be a bit hard to achieve and make you feel overwhelmed, but they’re strict for a reason – making the certification much more valuable.
No matter your current career stage, it's always a good idea to start preparing for the CISSP certification as early as possible. Even if you're a junior IT security professional, think of the CISSP credential as a long-term goal that’ll definitely pay off.
We understand that the requirements can be a bit hard to achieve and make you feel overwhelmed, but they’re strict for a reason – making the certification much more valuable.
Thinking about CISSP certification? Take the next step and sign-up for your free CISSP NOW! ebook study guide!