Practice Exams:

Is It a Good Idea to Obtain (ISC)² CISSP Certification or Not?

The answer to the question whether you should pursue the CISSP certification or not depends on many things. To know the right answer, we should start by discussing the facts.

Actually, the individuals with this certificate usually receive a six-figure salary. And the job positions that require you to have this (ISC)² certification may differ. Thus, there are a lot of security positions available both in the United States and other countries. In fact, it is estimated that there will be about 2 million of them in the USA, and it will be more than the number of professionals available. This is a very exciting consideration when asking whether you should get your CISSP credential or not. But honestly speaking, only a person who is considering a security career will find these numbers interesting. For those individuals who are already working as security specialists, it is mostly about personal professional strengths and preferences.

Many people in the IT industry wonder whether earning this credential can help them in their career growth or not. Let’s take a look at some of the reasons why you should or should not become CISSP certified.

The choice depends mostly on a person’s work experience

It is important to note that you can try the certification exam even if you are new in the security role. You can possibly clear it but you will not be awarded the CISSP credential without having 5 years of working experience. Yes, you can shorten this time by a year in many ways, but 4 years is still a long period.

The good news is that trying to get the CISSP certification is very beneficial if you still don’t have 5 years of paid work experience. By passing the exam, you will become an (ISC)² Associate and get exclusive access to all the (ISC)² career networking groups as well as resources. The employers, especially the federal government, also prefer to hire the (ISC)² Associates.

To obtain the CISSP certificate as an Associate, an individual will have to gain the required paid experience within 6 years instead of 5, while meeting the CPE (Continuing Professional Education) requirements.

Starting with CISSP certification is not a good idea

Of course, you can get your CISSP as an Associate. But if your primary goal now is to break into your very first security job, then it’s not a good idea to start with pursuing this credential. Instead, you should begin with a certificate that validates the basics. There are two certifications that fit you well in this case: CySA+ and Security+. Both credentials are offered by CompTIA.

CompTIA Security+ is a great option for those who are new to IT security as this certificate has an entry-level cybersecurity exam. The test validates all the knowledge you will acquire in your first year as a security and IT professional. This certification exam is simpler than CISSP. CompTIA CySA+ is another excellent option if you are a newbie to IT security. Introduced in 2017, this credential bridges the skill gap between Security+, which is a foundational certificate, and CompTIA Advanced Security Practitioner (CASP+), which is an expert-level certification. It confirms everything else that you will earn during your first four years working as a security professional.

The next step that is greater than these two certifications is CISSP. If you earn one of these two CompTIA credentials, you will also reduce the required five years of work experience by one year. This also explains why these certificates may be good options to put into consideration. In case you already have wide experience, you can start with the (ISC)² CISSP credential. If not, you should consider starting with another certification going upward.

CISSP certification is great for government jobs

The federal government requires the CISSP certification for career advancement. The DoD Directive 8570.01-M requirements apply to all the members of the DoD Information Assurance employees. There are four tiers for the baseline certificates for all government recruiters:

  • Information Assurance System Architect and Engineer (IASAE);
  • Information Assurance Technical (IAT);
  • Cybersecurity Service Provider (CSSP);
  • Information Assurance Management (IAM).

On these baselines, CISSP appears a bit. Compared to other credentials, it satisfies more IA baseline certification requirements. So if you want to fulfill these requirements, then the CISSP certificate is the best choice. The next best option to opt for is CASP+, which is an advanced-level cybersecurity credential offered by CompTIA. This certification verifies all the levels of IAT, IASAE, and the first two levels of IAM positions.

CISSP certification requires renewal

You will need to recertify, and this is actually a good thing. The Continuing Professional Education (CPE) credits are easy to earn and they also help you get the things you should know and do in your career. Therefore, recertification should be a good reason for getting your CISSP credential.

How does it work? After every three years, the CISSP certification is required to submit at least 90 Group A CPE credits plus 30 more Group A or Group B credits in order to maintain this credential. Generally, you can earn credits for every hour you spend learning. For example, you can do any of the following educational activities:

  • Reading a magazine, whitepaper, or book.
  • Taking some higher academic courses.
  • Publishing an article, book, or whitepaper.
  • Performing a unique work-related project, which is not necessarily a part of your typical work duties.
  • Attending an educational course, presentation, conference, or educational course.
  • Volunteering for the public sector, government, and other charitable organizations.
  • Preparing for a presentation related to information security.

Typically, if you study any topic that is among the eight security domains, you are free to claim it as the continuing professional education credit hours. All you have to do is document all your CPE hours for those activities that (ISC)2 has not offered.


As you can see, it’s up to you whether you should obtain the CISSP certification or not. Any choice in our life may be difficult and can lead to huge changes but this is your personal choice, not someone else’s.