The CISSP certification is one of the most in-demand cybersecurity credentials. But is the CISSP the best choice for your career? And if so, do you know how to get the certification or where to find CISSP exam prep? Therefore, I’ll answer these questions and more in this ultimate guide to becoming a Certified Information Systems Security Professional. Plus, I’ll give my reviews on CISSP bootcamp programs and tell you where to find a good CISSP study guide.
The Certified Information Systems Security Professional (CISSP) certification was created by (ISC)2 in 1994. As a result, you may already know that (ISC)2 is the world’s foremost non-profit organization for security professionals. Therefore, the CISSP credential proves professionals have skills in the design, implementation, and management of effective cybersecurity systems. Plus, CISSP professionals control risks by executing security policies that keep their companies safe. And you can only become a member of (ISC)2 once you have your CISSP in hand.
The CISSP meaning is clear to anyone who reads it on your resumé. After all, it signals that you have a high level of skills needed to oversee an organization’s security systems. So really, the CISSP certification is for anyone who wants to sharpen their skills through CISSP test prep.
But mainly, the CISSP certification is intended for high-achieving professionals who already have experience in security systems. For example, if you fill any of the following roles, you may want to consider the CISSP:
If you reach your goal of a CISSP certification, you can expect several benefits to your career:
You can get the certification through the following CISSP prerequisites:
The CISSP exam covers everything you must know to be a successful information systems security professional. In the section below, you’ll find more information about the CISSP exam, including the exam format and information about the 8 domains (content areas) of CISSP.
The CISSP exam has two types of questions:
You can sit for the CISSP exam once you have met the work experience requirements. Basically, you must have worked in at least 2 of the 8 content domains. (In a section below, you’ll find more information about the domains and the CISSP Common Body of Knowledge, or CBK.)
Here are your options:
However, you can actually take the exam before you have all of the needed CISSP requirements for experience. (ISC)2 will allow you to take the CISSP exam. Upon passing, you have 6 years to meet the experience requirement and become certified.
Once you think you’re ready to prove yourself as a CISSP professional, it’s time to register for a prep course and start studying for the exam. You’ll find some course reviews below.
You will take the exam at a Pearson VUE testing center. Luckily, there are Pearson centers all over the globe. So you can take the CISSP exam from just about anywhere. You must start by creating an online account with Pearson. Once you do that, you can find a test center near you and see when you can take the exam. Then, you can schedule or reschedule your test. (*Hint: When you’re searching the program list on the Pearson website, find the CISSP exam under ISC2.)
When you create your Pearson VUE account, you’ll find a list of what to bring to the testing center. For instance, you’ll see information about acceptable forms of ID. Moreover, the CISSP passing score is 700 out of 1,000 scaled points. So depending on which version of the exam you take, you’ll have to answer 100 to 250 CISSP exam questions. If you failed a CISSP exam, don’t worry. Just re-focus your study efforts, take more CISSP practice tests, and re-schedule your exam.
After you pass the CISSP exam, the next step in your journey is to complete the CISSP endorsement process. The (ISC)2 will direct you to an online portal where you can verify your work experience and agree to the (ISC)2 Code of Ethics. Next, you’ll have 9 months from the date of your exam to complete the endorsement process. Then, you need to become a CISSP (ISC)2 member by paying your $125 annual maintenance fee. You can only join the elite group of (ISC)2 members after you’ve passed the CISSP exam. In fact, the organization only has about 141,600+ members, so you’re becoming part of an exclusive cohort of cybersecurity professionals.
To maintain your membership, you need to complete 120 CPE (continuing professional education) hours every 3 years. However, you have several options for your CISSP CPE hours. You could enroll in education opportunities like approved webinars, take an online course, or attend a conference, for instance. Or, you could publish an article, book, or even a whitepaper on topics related to information security systems. (ISC)2 also grants CPE hours for volunteering for charitable organizations.
(ISC)2 uses the term “domain” to refer to the broad topics that are tested on the CISSP exam. Therefore, you should master these topics before you sit for the exam. In the list below, you’ll find the 8 domains and the weight of each in the CISSP exam.
According to the (ISC)2, each domain covers the following sub-topics.
The CISSP exam is available in 7 different languages: Brazilian Portuguese, Chinese (simplified), English, French, Japanese, Korean, and Spanish. In addition, a version is available for visually impaired candidates. Moreover, the non-English versions use linear, fixed-form exams that have 250 items to answer. You can take up to 6 hours to finish the exam.
However, if you take the exam in English, you’ll take the CISSP CAT or Computerized Adaptive Testing exam. The CISSP CAT has 100-150 questions that tailor the difficulty of each question to your individual ability. Your first question will be of a difficulty that is below the passing standard. Based on your answer, a scoring algorithm starts to estimate your skills and gives you questions accordingly. The best part of a CAT exam is that it allows you to prove your knowledge with fewer questions. So you’ll finish the exam sooner, maybe as little as half the time as a standard, fixed-form exam. But unlike the fixed-form version that gives you 6 hours to complete, the CAT exam must be completed in 3 hours.
So depending on which version you take, you’ll see between 100 and 250 questions.
The exam results are scaled to a range between 0 and 1000 points. CISSP questions are assigned a different number of scale points based on their difficulty, so it’s important not to skip the hard questions because they can be worth many points. The passing score, also referred to as a “cut score,” is 700.
When it comes to studying for the CISSP exam, you have three choices:
In theory, you could go to the bookstore or library, read material recommended by (ISC)2, and study for the CISSP exam on your own. After all, you may have confidence in your abilities because you’ve already worked in the field for several years. But keep in mind that the CISSP exam covers 8 domains. Most security systems positions don’t require you to work in all 8 domains, so it’s likely that you have some content gaps. But if you don’t follow a CISSP study guide or take any CISSP practice exams, the CISSP difficulty might surprise you on exam day.
(ISC)2 delivers training programs to get you ready for the CISSP exam. They have also partnered with other companies to provide official training materials like a CISSP official study guide and CISSP official (ISC)2 practice tests. Some candidates prefer the official training programs. However, others feel that the (ISC)2 programs present too much information. That is, they give equal weight to all concepts and topics, even though they aren’t equally covered on the exam.
Several review providers on the market offer CISSP training courses that teach you everything you need to pass the exam. The prices and coverage of the study materials, so I’ve included some reviews of popular courses below. Although they’re all a little different, most training courses come with CISSP sample questions, CISSP notes, and timed practice exams. Students may have the option of in-person training or CISSP online training. Plus, you will find that some companies have CISSP boot camp programs that provide intense study sessions over a relativity short amount of time.
Before you take the CISSP exam, you should download and review the Certification Exam Outline from (ISC)2.
However, be careful with sites that claim to have a free CISSP practice exam or sites that advertise a CISSP test dump. The exam changes from time to time, so I wouldn’t waste my time with this outdated content.
If you’re looking for some recommendations about CISSP training programs, look no further! When you’re narrowing down your choices, think about the following:
Our #1 Pick? | Access Length | In-Person Training Available? | Practice Exams Available? | Free Trial Available? | Price (before discounts) | |
Certified Information Security 2023 CISSP SuperReview | Yes | 180 days | No | Yes – includes 8 timed mock exams | Yes – free Lesson 2 from CISSP Domain 3 | $1,795.00 |
Infosec Institute CISSP Certification Boot Camp + Infosec Skills | No | 90 days | Yes | Yes | Yes – 7 days | $5,368.00 |
Official (ISC)2CISSP Self-Paced Training with Exam Voucher | No | 180 days | No | Yes | No | $1,260.00 |
CISSPExam Practice.com CISSP Certification Bootcamp On-Demand Course + Professional CISSP Practice Exams | No | 180 days | No | Yes, but only with CISSP Practice Exams package (practice exams not included with bootcamp) | No | $698.00 for CISSP Certification Bootcamp On-Demand Course = $698; Professional CISSP Practice Exams = $59 |
Eleventh Hour CISSP Study Guide – 3rdedition | No | N/A | No | No | N/A | $29.95 |
If you’re looking for a top-notch CISSP training course that is available online and on-demand, I urge you to consider the Certified Information Security 2023 CISSP SuperReview. Furthermore, you can be confident of their expertise because the company has been offering this training since 2006. And the online content is updated twice per year, so you know it’s always relevant.
Certified Information Security makes studying for the CISSP exam easy because they only teach you what you need for the exam. So don’t expect extra material that you don’t need to master to pass the CISSP test.
With the 2023 CISSP SuperReview package, you’ll get the following:
Allen Keele prepares and narrates all of the video lessons. What is more, Keele is a security systems expert with a long list of credentials, including CISSP, CFE, CISM, and CRISC. I subsequently suggest that you only review with professionals like Keele.
Plus, I really appreciate the personal support you get with the 2023 CISSP SuperReview. For instance, the course includes a one-on-one coaching videoconference with Allen Keele. Therefore, this feature allows you to get help with those tough concepts that you haven’t quite mastered.
And in the event that you fail the CISSP exam, the Certified Information Security training comes with a guarantee. Moreover, f you don’t pass the exam within 6 months from the time of your purchase, you can extend your training for another 6 months for free. You can’t beat a guarantee like that.
Like I said before, you can choose to study with a third-party provider or directly from the (ISC)2 itself. The Official (ISC)2 CISSP Self-Paced Training provides an in-depth review of information security topics and best practices. It also gives you an intense review of all 8 domains on the CISSP exam. And just as importantly, all of the instructors are CISSP-holders and are experts in the field.
The Official (ISC)2 CISSP Self-Paced Training includes:
Plus, if you get the bundle that includes an exam voucher, the price of the CISSP exam registration fee (a $699 value) is included in the purchase price.
The Infosec Institute is another option to consider for CISSP training. After all, the institute’s CISSP Certification Boot Camp is a popular choice for CISSP candidates that can afford the price tag. The program is geared toward information security officers, security systems administrators, security engineers and consultants, and anyone who manages security strategies.
The Infosec Institute Boot Camp has two main components: live CISSP training plus access to Infosec Skills.
The Infosec Institute’s live training is taken over 6 days. Experts lead students through learning modules that teach you everything you need to know for the CISSP exam. On the 7th day of the boot camp, students are given time to take the exam.
Plus, all Infosec Institute boot camp students get access to Infosec Skills:
If you might be interested in the Infosec Institute boot camp, check out the company’s free 7-day trial of Infosec Skills. If you are someone who thrives on in-person, classroom-style instruction, check out their CISSP boot camp.
Another review provider to consider is CISSPExamPractice.com from SSI Logic, which offers a CISSP Certification Bootcamp On-Demand Course and a Professional CISSP Practice Exams package. They are both available online, and candidates don’t need to download additional software or plug-ins.
The on-demand CISSP boot camp is an intense and comprehensive self-study course. It comes with the following:
The boot camp was created by subject matter experts who understand what it takes to pass the CISSP exam. Candidates benefit from interactive training lessons, which incorporate real-world situations to reinforce concepts. Plus, the instructors are all veterans in their field with many years of experience.
The entire boot camp course is available online. What’s more, you can access it on your computer or even mobile devices. However, you must be connected to the internet to use the course. The lessons are self-paced, so you can start and stop as needed. Therefore, this type, of course, is good for CISSP candidates with busy schedules who need on-demand learning.
Once you reach each milestone in the interactive lessons, you’ll have the opportunity to take a quiz that tests your knowledge. However, the boot camp itself does not include any practice exams. Therefore, I suggest purchasing the Professional CISSP Practice Exams from CISSPExamPractice, too.
In addition to the boot camp, you can also purchase the Professional CISSP Practice Exams package, which is offered separately. This package includes the following:
With this package, you get access to hundreds of sample CISSP questions that have been structured into practice exams. Or, you can take targeted practice exams focusing on specific CISSP domains, in case you only need to practice certain content. And finally, you can even create your own practice exams based on the unique material you want to drill. Additionally, all of the practice CISSP questions include detailed answer explanations. Without this feature, it’s hard to learn the exam content by practicing MCQs. And the questions are designed to be a little harder than the ones you’ll see on the real CISSP exam.
This online platform, which allows you to answer over a thousand practice questions, mimics the look and functionality of the real testing environment. That is, not only does it have the types of questions as the real exam, but the mock tests are also timed. This way, you can master the critical pacing of exam questions and won’t feel rushed on exam day.
One of the most important features of the CISSPExamPractice platform is that it tracks and analyzes your performance. So you can see your strengths and weaknesses and study accordingly.
Finally, I want to give my review of the Eleventh Hour CISSP Study Guide books. Author Eric Conrad and his team of experts have prepared this CISSP study guide for students who prefer self-study. Moreover, the guide reviews the content of each of the CISSP domains and reviews what will be on the CISSP exam. You can subsequently purchase it online and from major booksellers.
However, if you go this route, make sure you purchase the most up-to-date edition. For example, the 1st edition goes over the ten domains…but there are only eight now. And the books don’t come with any practice exams, which are critical to a successful study plan. Plus, some candidates have complained that the Eleventh Hour material does not go in-depth enough to pass the exam. Therefore, you might want to consider it as a final review right before exam day. But otherwise, I recommend that you stick to a more comprehensive review provider.
Although there are several good CISSP review providers on the market, the winner today is Certified Information Security. The course has plenty of material to study but doesn’t burden you with content that won’t be on the CISSP exam. The timed mock exams, each with 150 unique questions, are additionally a great study tool. Plus, the one-on-one coaching session with the course author can be the last study push you need to pass the exam. And you can’t go wrong with the company’s guarantee, so you can extend your access for 6 months if you happen to fail the CISSP exam.
I urge you to take advantage of the 2022 CISSP SuperReview free trial. Once you sign up, you’ll get to access Lesson 2 from CISSP Domain 3 for free.
CISSP = Certified Information Systems Security Professional
“CISSP” refers to an information systems security professional who has passed the CISSP certification exam offered by the non-profit membership organization (ISC)2.
If you want to challenge yourself, consider a CISSP concentration. (ISC)2 offers three of them:
To qualify for these exams, you must first be a CISSP in good standing and have at least two years of paid work experience in these specific fields. You can find more information from (ISC)2.
The (ISC)2 does not publish the pass rate of the CISSP exam. However, some experts think the pass rate is only about 20%.
The following is the list of CISSP exam fees:
Your overall certification cost will depend on the study materials you choose. However, here’s a basic breakdown:
If you prefer self-study and are looking for some good books to purchase, (ISC)2 keeps a list online. In short, these books explain the content you need to master to pass the CISSP exam.
You can sit for the CISSP exam at a Pearson test center that has been approved by (ISC)2. Click here for a searchable database to find a test center near you.
Once you create a Pearson VUE account, you’ll be able to log in and see the CISSP exam schedule.
If you fail a CISSP exam, you can retake it. Log into your Pearson VUE account to reschedule a failed exam after paying the additional registration fees.
No—(ISC)2 does not tell you what questions you missed or the correct answers to those questions. In fact, you don’t even get your raw score. Therefore, you don’t know how many questions you answered correctly or your overall percentage of correct questions. Instead, the (ISC)2 only sends your scaled score.
However, if you fail your exam, (ISC)2 will at least send you a ranked order of how you did in each domain. Most importantly, this will help you focus your studies as you plan to retake the exam.
Companies and exam review providers can purchase bulk CISSP exam vouchers. After that, the exams can be transferred to individual candidates after purchase. This exam voucher is, therefore, an easy method for companies to pay for their employees’ exam fees.
You’ll get an official score onsite right after you finish your exam. Later, you’ll receive an email from (ISC)2 with your official results.
According to (ISC)2, the average CISSP salary is about U.S. $131,030.
CISM, or the ISACA Certified Information Security Manager credential, is another IT security certification. In some ways, they are similar. For instance, they both require 5 years of relevant experience. In addition, they aren’t specific to any particular vendor and require CPE hours to maintain.
But to clarify, the certifications do differ in their focus. In other words, the CISM credential emphasizes management principles. The CISSP has both managerial and technical aspects, on the other hand. Plus, the CISSP certification is more widely known.
Some CISSP candidates also consider the CISA certification or the ISACA Certified Information Systems Auditor credential. After all, CISSP is best for candidates who want a certification that covers a wide range of cybersecurity issues. Besides, if you have the CISSP, you’ll be eligible for many different jobs in the field. The CISA, however, only focuses on IT audits. So really, your intended career path will inform which certification is best for you.
I’m not going to lie: The CISSP is a lot of work. In other words, between needing 5-6 years of relevant experience and passing a tough exam, getting your certification is a long journey. However, if you’re serious about your career in information security systems, it might be worth it. After all, once you have that CISSP credential in hand, you’ll likely see more job opportunities and greater respect from your peers.
CIA vs CISA vs CISSP: 3 Respected Internal Audit Certifications