Published in CYB3R IT Security Magazine, February 2014 Issue
Information Security is in Critical Demand: To CISSP or not to CISSP?
Edward Snowden may have tipped the iceberg, but the recent, highly visible security breaches have propelled awareness of hacks into our personal data. With the latest security breach of 110+ million Target customers, 1.1 million Neiman Marcus customers — plus other unnamed retailer’s customers, widespread worldwide fear is fueling the fire for personal data and identity theft protection, creating an increased need for certified information security (IS) professionals.
Admittedly, we have a problem. It’s a huge problem, and we may very well be on the forefront of a massive crisis. What can be done to divert such a crisis, especially with the challenge of ongoing technology advances? One way is to ensure IS professionals are properly trained and certified. Hence, the urgent requirement for certified information security professionals is on the rise, and very much in demand. This article discusses the CISSP® (Certified Information Security Systems Professional), considered to be one of the top recognized security certifications worldwide, and my personal perspective of its real benefits.
Facts about the CISSP
Certified Information Systems Security Professional (CISSP) is an independent IS certification governed by the International Information Systems Security Certification Consortium, known as the (ISC)². According to (ISC)², approx. 93,000 members hold the CISSP worldwide in 135 countries. Additionally, it has been formally approved by the U.S. Department of Defense (DoD) in their Information Assurance Technical (IAT) and Managerial (IAM) categories for the DoDD 8570 certification requirement.
2013 IT Skills & Salary Report® from Global Knowledge reports salaries of CISSP at $103,229, and rates it as number two of the top 15 paying certifications in the industry. PayScale.com also conducted a select survey and reported salaries of up to $152k for CISSPs. Depending on personal experience level, job title, company and location.
Experts in the Field of Information Security
CISSP® certification has become the information security profession’s globally recognized “gold standard” of achievement in IS certifications. In 1994, the CISSP credential was established and the first exam launched. Today, it is one of the most highly sought after security certifications, and proves an individual’s proficiency in several security disciplines. Organizations worldwide regard the CISSP certification as a pre-requisite for key technical and management IT positions, and it is required by many government, military and civilian organizations for security positions. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. CISSP was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.
The CISSP certification examination is based on a Common Body of Knowledge (CBK) as defined by the (ISC)².
The CISSP exam consists of ten domains:
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security
- Security Architecture and Design
- Operations Security
- Business Continuity and Disaster Recovery Planning
- Legal, Regulations, Investigations and Compliance
- Physical (Environmental) Security
CISSP Examination Facts
Offered globally, as of January 2014, the CISSP standard examination fee is $599 USD (US, Middle East & Africa), $520 EUR (Europe, Middle East, Africa) and $415 GBP (UK). The exam consists of 250 multiple choice questions with four (4) choices each, and candidates have up to 6 hours to complete. The passing grade required is a scale score of 700 out of a possible 1000 points on the grading scale. The exam is quite difficult.
CISSP candidates must possess a minimum of five years of experience in two of the ten domains, and work full-time in security. One year may be waived for having either a four-year college degree, a Master’s degree in Information Security, or for possessing one of a number of other certifications from other organizations. Other qualifications include: no criminal background, and candidates must have their qualifications endorsed by another CISSP or other qualified IS professional.
The CISSP credential is primarily intended for security managers and professionals.
Job titles for candidates include:
- Security Consultant
- Security Manager
- IT Director
- Security Auditor
- Security Architect
- Security Analyst
- Security Engineer
- Chief Information Security Officer
- Director of Security
- Network Architect
CISSPs are in demand in a range of public and private organizations, including: Fortune 500 companies, start-up’s, government agencies, health care institutions, military contracts and the Department of Defense. Any organization requiring a highly-qualified, verified information security professional is fortunate to hire a CISSP.
Congrats on achieving the CISSP! CISSP maintenance requires paying yearly dues ($85) and renewing every 3 years, which can be done by submitting Continuing Professional Education (CPE) credits (120 CPUs over 3 years, with a minimum of 20 CPUs per year), in lieu of retaking the written exam. CPEs can be earned by attending seminars and conferences, taking and/or teaching classes, volunteering, engaging in professional writing, or other professional training activities in areas covered by the CBK.
My Personal Experience as a CISSP
For me personally, the CISSP advantage proves IS technical competency and verifies my expertise. The CISSP is the most well-known and respected IS certification, and adds credibility to my portfolio. It provides the edge in a hiring situation, and carries substantial weight in assuring job security. The CISSP is the security certification most hiring managers recognize and recruit. It validates my commitment and years of experience I’ve gained in the industry. I use my CISSP knowledge in my day-to-day business activities. I mentor others pursuing the CISSP, and teach the Megamind CISSP Prep Exam Training classes to help prepare other CISSP candidates to successfully pass the CISSP exam. I have no doubt that my CISSP was well worth the investment.
During the late 90s and early 2000s, I noticed the trend of outsourcing and offshoring in IT — so I decided to focus my career in a select field where I was good at, and least likely to be outsourced. Information Security was on top of the list. With my Linux firewall and system administration experience, it just a matter of validating my security knowledge. I’m glad I did that career switch! In the last five years alone, I have been on three continents conducting security audits for multiple client engagements and having a great time as well. Even in our current economy, I have the assurance I can switch employers if I wanted to, and without taking a pay cut like in other industries. All thanks to the decision of becoming a CISSP. Information Security is in demand. With all the US government security projects and all the recent credit card hacking activities… we are going to be very busy in the next few months, and for years to come!
CISSP Demand Continues to Grow
According to a recent, global survey conducted by the (ISC)² — demand for information security professionals is set to double by 2015, due to data breaches and online attacks. The demand for competent IS professionals has never been higher, and it will only continue to grow. The CISSP can be a door opener to many career opportunities, and it can serve to showcase your skills and your know-how. It can be your key to a long and prosperous IS career.
About the authors:
Adrian Mikeliunas, CISSP, CISA is a expert security consultant practitioner, and an expert trainer. In addition to teaching for Megamind and George Washington University, he has helped organizations achieve results and become more productive while reducing costs, with the proper use of technology for more than 25 years. Adrian’s broad computer systems experience includes serving as a project leader, security engineer, systems analyst, database designer, programmer, and a technical instructor. For the past 6 years, Adrian has worked for AT&T (formerly VeriSign) as the Principal of Technology Security in the Network Operations Division of AT&T, where he is responsible for security services for the public and private sectors. Previous experience includes serving as the Technology Risk Management Professional for Jefferson Wells International where he conducted both internal and external vulnerability assessments for a number of clients, including the government, and The World Bank Group as an independent computer consultant for 12 years.
Deb Murray is the Managing Director, VP-Professional Training & Development for the Megamind Training Institute. Founded in 1997, MEGAMIND serves as the training subsidiary to the UniForum Association (www.uniforum.org), a not-for-profit, vendor-neutral association with organizational offices worldwide. The Megamind Training Institute (www.megamindtraining.com) educates thousands of IT professionals worldwide annually about the advances of information technology, specializing in computer security training, and IS certification prep exam training (including CISSP prep training).
Megamind provides CISSP Prep Exam Live, Online Training available to the general public, and onsite for group training.
Learn more: email@example.com
To view the complete CISSP course outline, and to register securely online visit:
CISSP® is a registered trademark and certification of the (ISC)² organization.