Friday, 24 October 2014

How to become a CISSP


By 


CISSP is a global standard, widely recognized as the information and cybersecurity benchmark certification.

It’s an advanced cert that demonstrates a wealth of IT security knowledge and experience. If you want to ascend the ranks of information security, a CISSP can be an incredibly valuable asset.

The CISSP is a demonstration of your information security acumen and fundamental step for the senior role of Chief Information Security Officer (CISO). With the CISSP, you’ll have a common baseline and standardisation of knowledge, a proven record of ethics and a solid reputation of professional conduct (crucial for a business leader and any striving for senior level positions).

How to become a CISSP

The journey to becoming a CISSP takes hard work and dedication. If it didn’t, this certification wouldn’t be so valuable.

There are five steps to becoming (and maintaining a) CISSP:
  1. Meet the experience requirements
  2. Pass the exam 
  3. Obtain an Endorsement
  4. Prepare for an Audit
  5. Recertification

Don't let the bad guys in.
morguefile / larryfarr

1. Meet the experience requirements 

In order to even register for your CISSP exam, you’ll need to prove you possess five (or more) years of professional experience in information security. 

Plus, you’re history of professional experience must have involved at least two of the following 10 domains present in the CISSP Common Body of Knowledge (CBK):

  1. Access Control
  2. Telecommunications and Network Security
  3. Information Security Governance and Risk Management
  4. Software Development Security
  5. Cryptography
  6. Security Architecture and Design
  7. Operations Security
  8. Business continuity and Disaster Recovery Planning
  9. Legal, Regulations, Investigations and Compliance
  10. Physical (Environmental) Security 

(ISC)2 provide one-year reductions in professional experience if you possess on of the following:

  • A four-year college degree
  • You hold a credential from (ISC)2’s approved list. Examples include: MCSE, MCSA, MCITP CompTIA Security+, the CISA / CISM and the CCNP (to name just a few)
  • An advanced degree in information security from the U.S. National Centre of Academic Excellence in Information Assurance Education (CAE/IAE)

It’s worth noting that you cannot combine these qualifications, regardless of how many you possess, you can only receive a maximum reduction of one year.


2. Pass the exam

So you’ve accumulated 5 years of information security experience (or 4 years with the 1 year waiver) and your work embraces two of the 10 CISSP CBK domains.

But before you can even sit the exam you’ll also have to complete the Candidate agreement, confirming your aforementioned experience, and legally committing to the Code of Ethics. You’ll then be required to successfully answer four questions regarding your criminal history and related background.

Now you just need to pass the exam, right? Well, as you can imagine, passing the CISSP exam is going to take some serious preparation.

In fact, in the words of (ISC)2 – ‘The vast breadth of knowledge and experience required to pass the CISSP is what sets it apart.’

The CISSP exam will test your knowledge of the 10 CISSP domains. Achieving the standard of knowledge you need to pass the exam takes time and dedication.

Many CISSP holders recommend taking up to 15 days off work, just to round off your 4 month revision journey. If you can’t afford to take this much time off work, there are always more efficient ways to achieve your CISSP, like training courses or varying speeds.

Now, book the exam – do it early and you’ll save money. But, please note: some training providers do include the exam cost in their training package.

Either way, it’s time for your exam. Be ready for a test of endurance – you’ll have 6 hours to answer as many of the 250 multiple choice questions as you can. 
 

3. Obtain an Endorsement 

Congratulations, you passed your exam! But you’re not done yet. You’ll now have to proposition an active (ISC)2 credential holder to attest to your industry experience.
They’ll have to fill out an endorsement form for you. Once (ISC)2 receives and approves the endorsement, you can finally take up the mantle of a fully-qualified CISSP.


4. Prepare for an audit

(ISC)2 randomly submits some of its CISSP professionals to audits. It’s never a good idea to skew the facts on your application, especially so if you’re singled out for an audit.

If you are found to have incorrect or falsified data on your application, you’re going to lose your CISSP. Honesty really is the best policy.


5. Maintaining your certification 

To remain a member of the (ISC)2, and to keep your CISSP certification, you must:

  • Abide by the (ISC)2 Code of Ethics
  • Obtain and submit the required Continuing Professional Education credits (CPEs)
  • Submit Annual Maintenance Fees (AMFs) upon receipt of annual invoices

The information security landscape is constantly in flux, perhaps no more so than information security. As a result, your CISSP must be maintained with CPEs – a minimum of 20 CPEs every year for the first two years of the three-year cycle.

Even if you satisfy the CPE requirements of your first or second year, your tally must still equal 120 by the end of the third year.

CPE’s can be gained through live educational events and online seminars (available to (ISC)2 members only).

If your certification is terminated, you’ll need to retake the examination before you can return to being CISSP certified. You’ll also be charged a $35 reinstatement fee upon recertification (though this pales in comparison to working through the 6 hour exam once more).



Got what it takes?

If you’ve got the experience, determination and drive to crush the CISSP but don’t want to take several weeks off work – try an accelerated course. You could be certified in only 5 working days.

Related articles:


About the Author:        
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, training, certification trends, project management, certification, careers advice and the industry itself. Sarah has 11 years of experience in the IT industry.