CISSP job outlook [updated 2022]
The Certified Information Systems Security Professional (CISSP) from (ISC)² is one of the most respected and in-demand cybersecurity credentials available. Businesses and organizations often struggle to find staff with the skills and knowledge needed to design, implement and manage the security programs that assure the protection of information assets. Having this certification is often one of the features that employers look for in job candidates.
The CISSP exam was revised on May 1, 2021, to better align it to the knowledge required in today’s professionals and is now more than ever verifiable proof of proficiency in the field, as well as a vector for growth for security talents in a fast-expanding job market. (ISC)²’s objectives in shaping the information security profession are tackling the skills shortage plague and strengthening career prospects.
CISSP job outlook
Certifications are used in many different industries today to mark those who have completed training that sets themselves apart from others. CISSPs denote expertise, in-depth knowledge and an understanding of critical components to a particular process or area. That explains why certified holders are standing out from their peers, in terms of increased salary and career advancement.
According to (ISC)², the originator and certifier, the CISSP certification is ideal for professionals working in a number of different fields, including:
- Security consultants
- Cybersecurity specialists
- Security managers
- Cybersecurity engineers
- Security analysts
- Cybersecurity architects
- Chief information security officers
- Security auditors
Of course, before opting for this type of certification, it’s critical to know the CISSP jobs outlook. What sort of positions are good fits, other than those listed above? What is the job market like for those who’ve earned their CISSP certification? Once certified, what should you know about creating an effective resume and what should you know about interviews?
While (ISC)² does provide a list of professionals for whom CISSP certification is a good fit, that list is not exhaustive. It’s also important to understand that job titles are not the same across all industries.
Two positions might have very similar responsibilities and requirements but have completely different names. So, this makes it crucial for information security professionals to understand the most common CISSP positions on the market, and that means knowing at least a significant number of the myriad names used to market these jobs.
Common job positions for CISSPs
Below we’ve compiled a list of the most common job positions that may require CISSP certification. We say “may” because requiring this certification is up to the employer, and while some require it, others will say they prefer it but it is not mandatory.
Note that (ISC)² offers a way for members to search for positions that specifically require the CISSP through its job board.
The most common job positions for CISSP holders include the following:
- Chief information security officer
- Security systems administrator
- Information assurance analyst
- IT security engineer
- Senior IT security consultant
- Senior information security assurance consultant
- Information security assurance analyst
- Chief information security consultant
- Principal cybersecurity manager
- Senior IT security operations specialist
- Senior information security risk officer
As you can see from the (non-exhaustive) list above, job positions in the real world are similar to those highlighted by (ISC)², but they are also different. What does this mean for your job hunt? Simply this: you’ll need to have an open mind, as employers may use a very broad range of terms to describe information security positions within their organization.
CISSP job market
As more companies develop innovative solutions to current cybersecurity challenges, research shows how there are more job openings than qualified workers ready to fill them.
Employers are often looking for talents to match more targeted job descriptions, and the (ISC)² CISSP certification can help professionals ensure they are equipped with the latest skills and knowledge to help safeguard organizations’ information and technology assets against cyberthreats while also providing compliance with regulations.
Demand for certification holders is high and is only going to grow stronger. Consider what the U.S. Bureau of Labor Statistics (BLS) has to say about the outlook for information security analysts (just one of the many subsets in the wider world requiring CISSP certification). According to the BLS:
- Annual median pay of over $103,590 per year
- Over 141,200 jobs in 2020
- Expected to grow by 33% from 2020 to 2030, which is rated as “much faster than average”
Because CISSP certification is used by so many different professionals in many different industries, it is impossible to provide BLS information for all of them.
What is the current job market like for CISSPs?
According to Burning Glass Technologies, demand for certified professionals is high as “nearly 6 in 10 (59%) of all cybersecurity positions request at least one certification. By comparison, only 20% of overall advertised IT jobs request an industry certification.” Experienced workers that acquire a CISSP credential can see “an average salary premium of $26,000 over entry-level credentials.”
According to the Global Knowledge 2020 IT Skills and Salary Report, CISSP is the fifth top-paying certification in North America with its $138,647 average salary and the first one in Europe, Middle East, Africa (EMEA) and Asia-Pacific regions, making it the top-paying certification worldwide with its $119,170 average. CISSP was also the second most-pursued certification of 2020.
When in the UK, Specops Software analyzed 843 cybersecurity job listings on the recruitment website Indeed to identify not only the skills needed for cybersecurity roles in the current job market but also which certifications and programming languages are most desirable to employers, it found that CISSP appeared as a requirement in 279 out of the 843 positions, a 33% rate.
As the (ISC)²’s Cybersecurity Workforce Study shows, the worldwide cybersecurity gap in 2020 is still at 3.1 million positions, and in the U.S. at least 359,000 available positions in the field are vacant (compared to 879,157 filled). Of the surveyed professionals worldwide, 63% mentioned they were in the process or planning to pursue a security-related certification as a critical step to take for professional and career growth. Furthermore, 70% of U.S. cybersecurity professionals (78% worldwide) affirmed to be required to have some kind of certification for their job. Almost half (43%) identified CISSP as one of the credentials they possessed.
What are some resume and interview tips for CISSPs?
The first step toward landing that job you want is to create a compelling, evocative resume that gets looked at rather than scanned. Considering the demand for CISSP credentials in the workforce, you need to ensure that your certification is front and center. How are you supposed to do that, though?
One option is to include your experience directly under your contact information and name, and then put your education directly beneath that. Since CISSP certification requires education, as well as ongoing training and recertification, a mention of it belongs here. Monster.com shows how to create this type of resume. Note that while the example is for an entry-level systems administrator, it could be adapted for many other positions.
Passing the interview
Getting your resume noticed is only the first step. If you’re able to make a compelling case for your employment, you’ll then be called for an interview. How do you pass one? We have a few interview tips that will help.
We’re going to gloss over some of the most obvious tips that do pertain specifically to CISSP certification holders, and mention that, of course, you will need to be ready to answer several technical questions. Be prepared for questions similar to those you answered in your CISSP certification exam, covering not only the major topics and subtopics within the domains on which you were tested but also how you would apply that knowledge in the real world.
Tips to stand out in a cybersecurity job interview: know the reason they’re looking to bring you on board. Do they need to address a skills gap or have they recently been breached? Maybe they’re about to embark on a large project or have a new client with very specific needs. Tailor your interview performance towards those needs.
Furthermore, make sure you’re a good fit for the industry in question. If you’re applying in a healthcare organization, are you up to speed on HIPAA? If you’re applying to a finance company, are you familiar with PCI-DSS requirements? And if you’re in any corporate activities defined by the Internet, ensure you are aware of the cybersecurity laws.
CISSP job prospects
With the increase of cyberthreats around the world, companies in all industries need the expert help and solutions only a CISSP holder can provide. And since the demand for outstanding information security experts is growing and shows no signs of slowing down, this is a good time to take the first step toward embarking on a very rewarding and lucrative career in just about any industry. Becoming a certified CISSP can be the right move thanks to its being vendor-neutral and covering knowledge and skills that are valuable to any industry and position worldwide.
- Information security analysts, BLS
- 2020 IT Skills and Salary Report, Global Knowledge
- (ISC)²’s Cybersecurity Workforce Study, (ISC)²