The most sought after and, by far, most popular IT security certification in India is the Certified Information Systems Security Professional, or CISSP. This cert is awarded by (ISC)² – the International Information Systems Security Certification Consortium. (ISC)² specializes in information security education and certifications and CISSP is their most renowned certification — considered the “gold standard” for IT security.
CISSP is meant for skilled and experienced IT security professionals looking to verify their skills as leaders in the domain. It’s typically a required credential to work for government, military and most private security positions. In the United States, CISSP is formally approved by the Department of Defense and the baseline for the National Security Agency’s ISSEP program. CISSP is also the first security certification to achieve the ANSI ISO/IEC Standard 17024:2003 in 2004.
The high regard accorded to CISSP is due to the effort and study required to achieve it, and the broad and in-depth coverage of 10 different security knowledge domains:
- Access Control Systems and Methodology
- Business Continuity Planning
- Applications and Systems Development
- Law, Investigation, and Ethics
- Physical Security
- Operations Security
- Telecommunications, Network, and Internet Security
- Security Architecture and Models
- Security Management Practices
This is not an easy certification to earn. The exam alone is quite daunting — an exhaustive six hour marathon of 250 questions (a meager 86.4 seconds per question). Add in checking in for the exam and instruction time, and you are in for a long, hard day. Make sure you are well rested and drink plenty of water.
While most of the questions are multiple-choice, there are a number of drag-and-drop questions that require candidates to sort answer choices as appropriate. To pass the exam you will need to achieve a scaled-score of 70 percent — 700 out of a possible 1,000.
While passing the exam is an achievement, it’s not the end of your CISSP road. You also have to prove a minimum of five years of experience working in at least two of the above mentioned domains. Happily, a four-year college degree, or a qualifying IT certification, will allow you to waive one year of required experience, but you’ll still need to have the other four years.
Candidates without the required experience, who pass the CISSP exam, earn the coveted title “Associate of (ISC)².” You will then have six years to complete the experience requirements. During that time you still have to pay annual maintenance fees and complete the continuing professional education credits (CPE). You will also need an endorsement from a certified CISSP professional, in good standing, who can validate your professional experience.
Recertification is required every three years and includes the annual maintenance fees and CPEs. Be careful not to let your certification lapse — if it does you’ll have to take and pass the exam again.
For CISSP certified professionals who possess extraordinary drive, they can pursue additional “concentration” programs that enable them to demonstrate superior knowledge in any of the three specializations. These specializations are referred to as merit badges, and are very rare and valuable — less than 3,000 certified individuals worldwide to date. The three concentrations are:
Architecture Concentration (CISSP-ISSAP) — CISSP-ISSAP provides candidates with advanced knowledge and experience in security architecture. The exam covers six security architecture domains:
- Access Control Systems
- Communications and Network Security
- Physical Security
- Security Architecture
- Technology Related Business Continuity Planning and Disaster Recovery
Engineering Concentration (CISSP-ISSEP) — This cert qualifies certified individuals with the ability to implement security practices into real-world projects, and business and information systems. The CISSP-ISSEP exam focuses on four engineering domains:
- Systems Security Engineering
- Technical Management
- Certification and Accreditation/Risk Management
- U.S. Government Information Assurance Policies
Management Concentration (CISSP-ISSMP) — This is a great for IT professionals working in enterprise leadership positions of information, information security, technology, and senior security. The CISSP-ISSMP certification and exam focuses on five management domains:
- Security Leadership
- Security Lifecycle
- Security Compliance
- Law, Ethics, and Incident
There are, of course, additional work-experience requirements before earning any of the three CISSP concentrations — candidates must have at least two years of experience in the respective concentration, maintain good-standing of their CISSP certification, pass the required exam and submit a resume for review by (ISC)2 member Services. Hey, if it was easy everybody would do it.
Obtaining a CISSP credential is a big decision, requiring significant investments in time and effort. Candidates should give careful consideration before going for this certification. Still given its reputation and worldwide acceptance, you can’t deny its value or importance. It will definitely move your career forward.
Many well-known companies pay premium salaries to attract CISSP holders. Certified professionals in India can expect an annual salary range of ₹ 789,062 to ₹ 3,243,758 ($12,433 – $51,111 USD) based on experience and any additional concentrations.
If you’re working in security, this is a certification in high demand with great potential. Best of all the competition is less than you would expect — presently, there are just under 100,000 certificate holders worldwide — just 1,540 in India. So, if you have the desire and ability sign up and take the CISSP exam.
Who knows? You might be lucky number 100,000.