CISSP — Certified Information Systems Security Professional

In 2017, the English version of the CISSP exam moved to a Computer Adaptive Test (CAT) format, which changes the difficulty of the questions based on your previous answers. This allowed (ISC)² to cut the test from six hours and 250 questions to a much more manageable three hours and 100–150 questions. In addition to multiple-choice questions, the CISSP exam may include some questions in the drag-and-drop or hotspot format.

Non-English versions of the exam are available in the six-hour linear exam format. However, both versions of the exam feature the same content, which is aligned to the CISSP CBK (Common Body of Knowledge).

The CISSP exam has been described as a mile wide and an inch deep, and you need to score “above proficiency” in each domain to pass. That breadth of knowledge may make it difficult for those with more specialized knowledge and experience. Also, the adaptive nature of the CAT exam can make the exam feel more difficult, as each question is designed to be challenging.

CISSP pass rates vary depending on an individual’s experience, study habits and test-taking strategies. Those who take an Infosec CISSP Boot Camp average a 93% pass rate. For more advice on passing the CISSP exam, check out our 8 tips for CISSP exam success, or download our free ebook, CISSP exam tips from students and instructors.

Pearson VUE is the global administrator of all (ISC)² exams, and all CISSP exams must be taken in person at a Pearson Vue test center. To take your CISSP exam, create a Pearson VUE account, find a test location near you and schedule your exam. If you have a CISSP voucher or exam payment included with your CISSP training, you can redeem it during this process.

The CISSP exam costs $749 in all regions except the U.K. (585 pounds) and Europe (665 euros). Person VUE charges $50 (35 pounds and 40 euros) to reschedule your exam and $100 (70 pounds and 80 euros) to cancel your exam. If you do not take your exam within one year of your initial exam scheduled date, you will not be refunded for canceling your exam.

CISSP renewal is required or your CISSP certification will expire. This involves two steps:

• CISSP annual maintenance fee (AMF): A $125 fee must be paid upon certification and every year after (by the anniversary date of getting certified). If you hold more than one (ISC)² certification, only one fee is required to maintain all your (ISC)² certs.
• CISSP CPEs: (ISC)² requires 120 continuing professional education (CPE) credits over a three-year period, with a recommended goal of 40 CPEs each year. Of those, at least 30 must be from Group A activities, which are directly related to the CISSP domains, and up to 10 can be from Group B activities, which are general professional development activities.

Learn more about CISSP renewal requirements and earning CISSP CPE credits — or download the (ISC)² CPE Handbook.

The CISSP is useful for a variety of mid- and advanced-level roles due to its broad range of material and five-year experience requirement. Common CISSP titles and job roles include:

• Chief information security officer (CISO)
• Chief information officer (CIO)
• Director of security
• IT manager or director
• Security systems engineer
• Security manager
• Security analyst
• Security auditor
• Security or network architect
• Security consultant

For better or worse, the CISSP is often used by HR and hiring managers as an easy way to validate a candidate’s knowledge and experience. While the CISSP can help open doors and land an interview, it’s your knowledge and skills that will help you land the job. The CISSP also satisfies several DoD 8570 requirements (IAT Level III, IAM Level II, IAM Level III, IASAE I and IASAE II) for those working for or contracting with the Department of Defense (DoD).

The average CISSP salary in the U.S. is $124,000, but it varies depending on job role, location, experience and other factors. Those who also hold a CISSP concentration earn even higher average salaries:

• Average ISSAP salary (U.S): $145,490
• Average ISSEP salary (U.S): $131,720
• Average ISSMP salary (U.S): $140,340

After becoming a CISSP, you have the option of building on your certification by earning a CISSP concentration. These specialized skill sets and credentials can help you further stand out and advance your career.

• Information Systems Security Architecture Professional (ISSAP): Earning your CISSP-ISSAP validates your expertise in how to develop, design and analyze security solutions.
• Information Systems Security Engineering Professional (ISSEP): Earning your CISSP-ISSEP validates your expertise in how to apply systems engineering principles and processes to develop secure systems.
• Information Security System Management Professional (ISSMP): Earning your CISSP-ISSAP validates your expertise in how to establish, present and govern information security programs.

As of July 2021, there are 149,174 CISSP holders worldwide — 92,976 of which are in the U.S. Only a fraction of those also holds a CISSP concentration:

• ISSAP: 2,158 worldwide (1,318 in the U.S.)
• ISSEP: 1,272 worldwide (1,233 in the U.S.)
• ISSMP: 1,324 worldwide (972 in the U.S.)

CISSP is the most requested certification in job listings, and general job boards like Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder all allow you to search by keywords like “CISSP” for CISSP jobs. There are also cybersecurity-specific job boards, such as the CISSP Job Board, ClearedJobs, infosec-jobs.com and others. Another great way to find CISSP job openings is by joining local and national cybersecurity groups — such as ISSA or Women in Cybersecurity — joining local meetups or engaging in other cybersecurity forums and websites.

To prepare for your job interview, download our free ebook of cybersecurity interview tips, “How to stand out, get hired and advance your career.” Also, check out the Top 10 CISSP interview questions.