While the Certified Information Systems Security Personnel (CISSP) certification has been touted as the gold standard for IT professionals for a long time, that longevity can seem to work against you. Is CISSP certification still relevant in today’s world? Is it still an ideal option for your needs? If you do complete the exam successfully and earn your credentials, what might you expect in terms of advancement and earnings in your professional career?

The CISSP in 2018 remains not only relevant, but increasingly important for hirers across all industries, and even government agencies and branches of the military. As information security threats continue to grow, so does the importance of having highly-trained, credentialed professionals in place to combat those threats.

CISSP 2018 Relevance

Despite the fact that CISSP certification has been around for a very long time, it remains not only relevant, but crucial. Yes, there are other credentials out there that might be worth your time, but most of those are vendor specific, whereas CISSP certification is vendor neutral. That means it provides you with the means to apply your skills and knowledge to virtually any environment, rather than pigeonholing you into a particular environment or system type.

According to CIO magazine, “People who hold this certification have the skills and knowledge to complete high-level tasks involving architecture, design, management, and/or controls that assure the security of business environments.” Today’s employers have begun to demand this level of skill and knowledge.

Of course, CISSP is not the only vendor neutral certification out there. You might immediately think of CompTIA A+ certification, which is a good example. However, it’s not really the same thing. You’re not comparing apples to apples here. CompTIA A+ is an entry-level certification, while CISSP certification is an advanced credential.

For instance, the Department of Defense has three levels of information assurance professionals (Level I, Level II and Level III). While CompTIA A+ is acceptable for Level I, you MUST have CISSP certification to become a Level III IAT. Not only does this apply to actual DoD personnel, but to vendors and contractors working with the DoD.

Questions of CISSP 2018 relevance also apply to the material covered during training, and on the exam. Considering the fact that the credential has been around for a long time, it’s natural to wonder just how relevant the material covered in the test is to today’s security world. After all, threats evolve and grow, with new ones surfacing all the time. Just how well can this certification prepare you for what you’ll face in the real world?

Actually, the CISSP CBK is regularly updated to ensure that it is always up to date with the latest threats. (ISC)2 says, “Maintaining the relevancy of those credentials amidst the changes in technology and the evolving threat landscape occurring in this industry is a core strategy upon which this organization was built … We conduct this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.”

The most recent update for the CISSP CBK introduced changes to ensure that the most current topics were covered. Many topics were expanded to include new information, while other topics were actually realigned “under different domains”, according to the organization.

CISSP 2018 Considerations

So, why should you consider earning your CISSP in 2018? Actually, there are quite a few different reasons, and one or more may apply in your individual situation. Let’s consider a few of the possibilities below.


One of the most important reasons to consider earning your CISSP certification is because it is universally recognized. The recognition it carries and the prestige that comes with it can be significant motivators for information security professionals to earn their certification.

It has become the “gold standard” for higher level information security professionals, sought after by a wide range of employers, from the Department of Defense to Fortune 500 companies. These organizations require that the information security professionals they hire have this particular qualification for many positions. Despite the fact that it is one of the oldest certifications out there, CISSP remains one of the most in-demand certifications by employers.

Earning Potential

Finding a rewarding career is equal parts personal enjoyment and challenge, and ensuring that you have the best earning potential possible. While there are still entry-level information security positions that require little or even no training, you can bet that your earning potential in these positions will be very low. However, earning your CISSP ensures that you’re able to earn much more per year.

For instance, Payscale.com says that the average annual salary for a CISSP holder is between $68,594 and $128,338. Indeed.com pegs the average at $99,000 per year. No matter where you fall in that pay range, it will be substantially more than what you’d earn if you did not have this credential. In fact, a Global Information Security and Workforce study found that earnings for CISSPs were roughly 25% higher than for professionals without this certification.

Advancement Potential

Let’s face it – you want to move up through the ranks within an employer and advance your career. Earning your CISSP in 2018 is an excellent way to do just that. You’ll find a tremendous amount of advancement potential here, allowing you to move from an entry or mid-level information security position to a more advanced one with greater responsibilities and duties (and commensurately better pay, of course).

According to (ISC)2, CISSP certification is an excellent option for:

  • Chief information security officers
  • IT security engineers
  • Senior IT security consultants
  • Principal cyber security managers
  • Information assurance analysts
  • Information security assurance analysts
  • And many others

Requirement for Some Roles

Depending on the role you play in your organization, or the role you want to move up towards, having your CISSP certification may actually be a requirement. As mentioned, Level III IATs working with the Department of Defense are required to have their CISSP certification.

Many employers also require this certification for high-level information security roles ranging from analysts to system architects and more. By earning your CISSP in 2017, you are able to ensure that you meet those requirements and maximize your ability to advance either within your current employer’s structure, or with another employer.

Most employers today see CISSPs as being very knowledgeable and possessing a high degree of expertise in information security. Almost 70% of respondents to the Global Information Security and Workforce study noted that possessing CISSP certification told them the potential hire was very competent, while others responded that certification indicated high work quality, an ability to meet regulatory requirements, and a dedication to ethical conduct.


While earning the standard CISSP is an excellent option, there is also the ability to specialize in one of the three concentration areas within the overall CISSP framework. These are ISSAP, ISSEP and ISSMP. ISSAP deals with architecture, ISSEP deals with engineering, and ISSMP deals with management.

Each concentration requires that you take another exam (120-150 questions depending on the concentration), which will take three hours. You’ll also need an additional two years of real-world work experience prior to taking the test (making a total of seven years of experience with the five required to take the CISSP exam itself).

Membership in (ISC)2

Earning your CISSP certification entitles you to the benefits of being a member in good standing of (ISC)2. These benefits are significant, and include the following:

  • Digital Badges: Along with your physical certificate of earning your CISSP in 2017, you’ll also earn digital badges. These are ideal for use on professional websites (if you’re a self-employed consultant, for instance). However, they can also be attached to email signatures, and used on social networks, allowing employers to view your credentials.
  • Access to Vulnerability Central: Vulnerability Central is a members-only resource that allows you to track and research risks and vulnerabilities. You can also customize the feed via keywords, technology types and even vendors to meet your needs.
  • Common Controls Hub: Created through a partnership with The Unified Compliance Framework, the Common Controls Hub gives you access to more than 90,000 individual mandates and regulations from around the world.
  • Access to Online Events: (ISC)2 members are able to access a wide range of free online events that range from security briefings to webinars, e-summits and symposiums designed to further build your expertise, provide important new information, and more.

Note that you must maintain your membership, and meet ongoing training and education, as well as recertification requirements.

CISSP Instant Pricing – InfoSec

CISSP CBK Discussion

The CISSP exam is based on a specific body of knowledge, called the CISSP CBK. There are eight “domains” here, and they are refreshed on a regular basis to ensure that the certification and training remain relevant to the challenges faced by information security professionals in today’s world. The current domains are as follows:

  • Security and risk management, which deals with security, risk, compliance, law, regulations and business continuity. This domain is all about fundamental security principles, including confidentiality, availability and integrity.
  • Asset security, which deals with protecting the security of an asset, including how information is collected, handled and protected throughout its lifespan.
  • Security engineering, which deals with engineering and management of security. It is based on how information systems are built, as well as related architecture that manages to deliver both safety and functionality in a world of increasing threats.
  • Communications and network security, which deals with designing and protecting network security. Topics covered include transport protocols, transmission methods, control devices, security measures and more.
  • Identity and access management, which deals with controlling access to information and managing identities. It is centered on provisioning and managing identities and access “used in the interaction of humans and information systems.”
  • Security assessment and testing, which deals with designing, performing, and analyzing security testing. It is based on the evolution of information assets and the infrastructure that must be in place within an organization, including hardware, design flaws, vulnerabilities and more.
  • Security operations, which deals with foundational concepts, investigations, incident management and disaster recovery. This domain focuses on the application of information security concepts and best practices within the realm of enterprise computer systems.
  • Software development security, which deals with understanding, applying and enforcing software security. The focus here is on “the application of security concepts and best practices to production and development software environments.”

Note that there are now eight domains, but there were ten previously. (ISC)2 states that no information was removed. It was simply reorganized and realigned, refreshed “to include the most current information and best practices relevant to the global information security industry.”


When everything is said and done, not only is CISSP in 2018 still relevant, but it remains one of the most crucial professional certifications available to information security professionals. From enhancing your earning potential, to meeting mandatory credential requirements by employers, to the benefits found with membership in (ISC)2, there are quite a few advantages on offer.

Simply stated, CISSP certification can help ensure that you are the most qualified candidate for a position with virtually any employer, while ensuring employability around the world in a myriad of different information security positions. It will remain not only relevant, but essential in the coming years as well, as information security threats continue to proliferate and evolve.











Be Safe

Section Guide


View more articles from Ryan

Earn your CISSP the first time with Infosec and pass your exam, GUARANTEED!

Section Guide


View more articles from Ryan