CISSP Job Outlook

July 2, 2019 by Infosec

CISSP Job Outlook

Certification is used in many different industries today to mark those who have completed training that sets themselves apart from others. Certification denotes expertise, in-depth knowledge and an understanding of critical components to a particular process or area. The Certified Information Systems Security Professional (CISSP) certification is an ideal option for information security professionals. In fact, it has become perhaps the single most sought-after credential on the part of employers.

According to the International Information System Security Certification Consortium or (ISC)2, the originator and certifier, CISSP certification is ideal for professionals working in a number of different fields, including:

  • Security consultants
  • Security managers
  • Security analysts
  • Security systems engineers
  • Network architects
  • Security architects
  • IT directors and managers
  • Directors of security
  • Chief information security officers
  • Security auditors

Of course, before opting for this type of certification, it’s critical to know the CISSP jobs outlook. What sort of positions are good fits, other than those listed above? What is the job market like for those who’ve earned their CISSP certification? Once certified, what should you know about creating an effective resume, and what should you know about interviews?

CISSP Positions

While (ISC)2 does provide a list of professionals for whom CISSP certification is a good fit, that list is not exhaustive. It’s also important to understand that job titles are not the same across all industries and positions.

Two positions might have very similar responsibilities and requirements, but have completely different names. So, this makes it crucial for information security professionals to understand the most common CISSP positions on the market, and that means knowing at least a significant number of the myriad names used to market these jobs.

Common Job Positions for CISSPs

Below we’ve compiled a list of the most common job positions that may require CISSP certification. We say “may” because requiring this certification is up to the employer, and while some require it, others will say they prefer it but it is not mandatory. For example, as of the time of this writing, Redspin has a job posting for a security engineer with a description that states “OSCP/OSCE and/or CISSP is a plus, although not required.” A similar position with Rivera Group does require CISSP certification.

The most common job positions for CISSP holders include the following, in descending order of commonality:

  • Chief information security officer
  • Security systems administrator
  • Information assurance analyst
  • IT security engineer
  • Senior IT security consultant
  • Senior information security assurance consultant
  • Information security assurance analyst
  • Chief information security consultant
  • Principal cyber security manager
  • Senior IT security operations specialist
  • Senior information security risk officer

As you can see from the (non-exhaustive) list above, job positions in the real world are similar to those highlighted by (ISC)2, but they are also different. What does this mean for your personal job hunt? Simply this – you’ll need to have an open mind, as employers may use a very broad range of terms to describe information security positions within their organization.

CISSP Job Market

Ensuring that you’re entering a rising job market is a crucial consideration if you want to make sure that your professional skills are in demand both today and tomorrow. When it comes to information security professionals, you can rest easy.

Demand for certification holders is high, and is only going to grow stronger. Consider what the US Bureau of Labor Statistics has to say about the outlook for information security analysts (just one of the many subsets in the wider world requiring CISSP certification). According to the BLS:

  • Annual median pay of over $90,000
  • Over 82,000 jobs in 2014
  • Expected to grow by 18% between 2014 and 2024, which is rated as “much faster than average”

Because CISSP certification is used by so many different professionals in many different industries, it is impossible to provide BLS information for all of them. Therefore, we’ll cover the current job market as a whole, noting major trends that span most industries in an attempt to highlight just how quickly the job market has grown, and where it is going in the future.

What is the Current Job Market like for CISSPs?

According to Burning Glass Technologies, demand for CISSP certified security professionals has seen significant growth recently. A study conducted by the organization found that the average annual salary for employees with CISSP certification was $93,010, which is $17,000 more than what professionals without certification might earn. In addition, the report found that 21% of all cybersecurity job postings across the US were specifically targeting CISSP holders, with a total of almost 50,000 postings.

To back that up, the report highlights that while there were 65,362 CISSP holders in the United States at the time of the study, there were 49,493 job postings for certificate holders. While that might seem imbalanced, it’s crucial to know that most certificate holders were employed, meaning that there were actually many jobs that went unfilled.

In fact, CISSP certification is the most in-demand credential from employers, outstripping CISA, CISM, GIAC/GSEC, SSCP, CIPP, GIAC/GCIH, and GIAC/GCIA by tens of thousands of job postings in most instances. CISA certification came in second, with 34,000 job postings. The next highest was CISM certification, with fewer than 16,000 job postings nationwide.

Looking for our recommended CISSP training? Fill out the form below for pricing details.

What are the Fastest Growing in-demand Industries for CISSPs?

Demand for CISSP holders is high, but it’s not the same across all industries. You’ll find some areas where demand is exceedingly high, those where it is growing quickly, and others where demand is relatively low. Knowing the key industries for employment now is crucial, but it’s also important that you track demand as it grows and evolves across other industries.

Today, the industries with the highest demand for CISSP credentialed information security experts are:

  • Finance
  • Professional services
  • Manufacturing
  • Defense

With that being said, the areas where demand is growing the most quickly are:

  • Retail
  • Health care
  • Finance

Let’s dig into each of those industries a little more in order to see what the demand and growth factors are.

Finance and Insurance: The finance and insurance sector has seen immense growth in terms of demand for CISSP holders (and other information security professionals to a lesser extent). Overall, demand grew by 131% from 2010 to 2014, with 17,873 jobs, accounting for 13% of all cybersecurity job postings.

Professional Services: The professional services industry had the most job postings of all, with almost 50,000 job postings in 2014 alone, accounting for 37% of the job market all on its own. That marks a 57% increase from 2010 to 2014.

Manufacturing and Defense: Note that this sector includes companies ranging from HP to Raytheon. However, growth was 57% from 2010 to 2014, with almost 18,000 job postings, which accounted for 13% of all job offerings in this sector.

Health Care: With the increased targeting of health care companies by hackers and phishers, it’s only natural that demand for credentialed information security professionals would also grow. From 2010 to 2014, demand grew by 118%, with almost 8,000 job postings accounting for 6% of all open positions.

Retail: While the retail industry is a relatively recent addition to the list of industries needing the assistance of information security professionals, growth has been significant. From 2010 to 2014, growth was 120%, with more than 3,500 job openings, accounting for 3% of job postings in the US.

With that being said, not all job openings are created equal. Some will require no certification, while others will require an entry level education (such as Security +). Others will require CISSP, and yet others (a growing percentage, particularly in finance and insurance and health care) will require CISSP as well as skills related to the industry itself, rather than to information security specifically.

For instance, if you’re interested in applying in a health care-related company, you might need skills such as accounting, financial reporting, HIPAA expertise, or HITECH knowledge. You will most likely also need skills in PCI-DSS.

If you were interested in a position in the finance and insurance sector, be prepared to prove your skills in financial reporting and accounting, PCI-DSS, and Sarbanes-Oxley.

What are some Resume and Interview Tips for CISSPs?

The first step toward landing that job you want is to create a compelling, evocative resume that gets looked at rather than scanned. Considering the demand for CISSP credentials in the information security world, you need to ensure that your certification is front and center. How are you supposed to do that, though?

You have a couple of options depending on the length and style of your resume. This will hinge on things like work experience, publication status, degree of education and much more. However, remember to keep your resume as clear, brief and readable as possible.

One choice is to include your experience directly under your contact information and name, and then put your education directly beneath that. Since CISSP certification requires education, as well as ongoing training and recertification, a mention of it definitely belongs here. has a great example of how to create this type of resume. Note that while the example is for an entry level systems administrator, it could be adapted for many other positions.

Another option is to mention your CISSP certification in several places. For instance, it definitely belongs in your executive profile (along with any other certifications and credentials you’ve earned). You can then mention it again under the “certifications” heading if you’ll be using one. Finally, make sure it appears in your education section. Note that this example is useful for longer resumes used by experienced professionals with years in the trenches.

Passing the Interview

Getting your resume noticed is only the first step. If you’re able to make a compelling case for your employment, you’ll then be called for an interview. How do you pass one? We have a few tips that will help.

We’re going to gloss over some of the most obvious tips that don’t pertain specifically to CISSP certification holders going for their interview, such as being early, dressing to impress and the like. Those should be common sense.

Know your technical stuff: Yes, you’ll be asked a lot of technical questions, ranging from whether an open-source project is less secure than a proprietary one, to being asked to describe rainbow tables, salting, and the difference between symmetric and public-key cryptography. Know your technical stuff.

Be prepared for questions similar to your CISSP exam: Remember the six-hour exam you had to sit for to earn your CISSP credentials? Be prepared to answer questions similar to those asked there. They’re not only about your technical knowledge, but about how you would apply that knowledge in the real world.

Know the company’s pain points: If a company is hiring information security staff, there’s a reason. Perhaps they’ve had a recent breach. Maybe they’re about to embark on a large project, or have a new client with very specific needs. Know their pain points – the reason they’re looking to bring you onboard – and tailor your interview performance towards those needs.

Be prepared for industry specifics: As mentioned previously, the need for CISSP credentialed professionals spans industries with very different needs. Make sure you’re a good fit for the industry in question. If you’re applying in a health care organization, are you up to speed on HIPAA? If you’re applying in a finance company, are you familiar with PCI-DSS requirements?

In Conclusion

The demand for outstanding information security experts is growing and shows no signs of slowing down. With the increase of threats around the world, companies in all industries need the expert help and solutions only a CISSP holder can provide. Earning your certification is the first step toward embarking on a very rewarding and lucrative career in just about any industry you might want.


Posted: July 2, 2019
Articles Author
View Profile