Cybersecurity Guide

  • Bootcamps
  • Degrees
    • Associate in Cybersecurity
    • Bachelor’s in Cybersecurity
    • Master’s in Cybersecurity
    • Graduate Certificate
    • Computer science with cybersecurity emphasis
    • Cybersecurity Analytics Degree
    • MBA in cybersecurity
    • phd in cybersecurity
    • Cybersecurity law degree
    • AI and Cybersecurity Master's Degree
  • Online
    • Online Certificate in Cybersecurity
    • online bachelor’s in cybersecurity
    • online IT degree
    • online master’s in cybersecurity
    • Online master’s in information security
    • online phd in cybersecurity
  • CERTIFICATIONS
    • Certified Information Systems Auditor (CISA)
    • Certified Ethical Hacker (CEH)
    • Certified Information Security Systems Professional (CISSP)
    • Certified Information Security Manager (CISM)
    • Digital Forensics Certifications
    • Security+
    • CompTIA Advanced Security Practitioner (CASP+)
    • Certified Network Defender (CND)
    • OSCP
    • CRISC
    • Pen Testing
    • CTIA
    • Cryptography
    • Malware Analyst
  • CAREER GUIDES
    • Security Engineer
    • Chief Information Security Officer
    • Security Analyst
    • Computer Forensics
    • Security Consultant
    • Digital Forensics
    • Cryptographer
    • Security Administrator
    • Penetration Tester
    • Security Software Developer
    • Security Specialist
    • Security Code Auditor
    • Security Architect
    • Malware Analyst
    • Data Protection Officer
    • Cybercrime Investigator
    • Cryptanalyst
    • Security Incident Responder
    • Chief Privacy Officer
    • Risk Manager
    • Network Administrator
    • Business InfoSec Officer
    • Information Security Manager
  • States
    • Alabama
    • Alaska
    • Arizona
    • Arkansas
    • California
    • Colorado
    • Connecticut
    • Delaware
    • Florida
    • Georgia
    • Hawaii
    • Idaho
    • Illinois
    • Indiana
    • Iowa
    • Kansas
    • Kentucky
    • Louisiana
    • Maine
    • Maryland
    • Massachusetts
    • Michigan
    • Minnesota
    • Mississippi
    • Missouri
    • Montana
    • Nebraska
    • Nevada
    • New Hampshire
    • New Jersey
    • New Mexico
    • New York
    • North Carolina
    • North Dakota
    • Ohio
    • Oklahoma
    • Oregon
    • Pennsylvania
    • Rhode Island
    • South Carolina
    • South Dakota
    • Tennessee
    • Texas
    • Utah
    • Vermont
    • Virginia
    • Washington
    • Washington, DC
    • Wisconsin
    • West Virginia
    • Wyoming
  • Podcast
  • Resource Center
    • Centers for Academic Excellence
    • Job Guide
    • Veteran’s Guide
    • Women’s Guide
    • Internship Guide
    • Security Clearance Guide
    • Ethical Hacker Guide
    • Coding for Cybersecurity Guide
    • Cybersecurity 101
    • Student Guide to Internet Safety
    • Scholarship Guide
    • Cybersecurity Math Guide
    • Small Business Guide
    • Cybersecurity for K-12 students
    • Career Networking Guide
    • What is a Cyber Range?
    • Code Like a Hacker
    • Reacting to a Cyber Incident
    • Introduction to Cyber Defense
    • Cybersecurity Courses Online
    • Recommended Reading
    • Phishing Attacks
    • Cybersecurity Responsibility
    • How to Get Into Cybersecurity
    • Cyberwarfare
    • Cybersecurity Insurance
    • Job Interview Prep
    • Readiness Economy
    • Is Cyber a Good Career?
    • What is CyberCorps?
    • DEI in Cyber
    • NIST and Small Business
  • Research
    • AI and Cybersecurity
    • Holiday Hacks
    • Jobs Report
  • Industries
    • Financial Sector
    • Insurance Sector
    • Healthcare Sector
    • Environmental Sector
    • Energy Sector
    • Government Sector
    • Transportation Sector
    • Food and Ag Sector

The complete CISSP certification guide

Written by Steven Bowcut – Last updated: October 17, 2025

In this guide

  • What is the CISSP certification?
  • Certification reqs
  • Cost of CISSP certification
  • CISSP bootcamps
  • Deep dive into CISSP certification
  • CISSP concentrations
  • Certification renewal
  • CISSP salary information

The CISSP certification is continually one of the most popular certifications to obtain by cybersecurity practitioners. It is also one of the most in-demand certifications by cybersecurity employers.

According to Cyberseek data, the CISSP certification was:

  • Number one on a list of job openings requiring certification, with 82,494 openings.
  • Number two on a list of the most popular certifications, with 91,765 professionals holding the cert.
CISSP certification courses near you
Sponsored Listings

This guide will examine the purpose and value of a CISSP designation by uncovering the certification costs and benefits. The requirements for qualifying for this professional designation are detailed as well. 

What is the CISSP certification?

The CISSP is one of the most sought-after professional certifications available in the security industry. The acronym CISSP stands for Certified Information Systems Security Professional, and it was created to demonstrate that a security professional can design, engineer, implement, and run an information security program. 

Top salaries and a projected job growth rate far above average make obtaining a CISSP designation a priority for many security professionals. 

An arduous exam and rigorous employment experience requirements make the CISSP challenging to obtain, but the popularity of this designation is an indication that obtaining certification is within the capabilities of most security career professionals. 

The Certified Information Security Systems Professional (CISSP) Certification was introduced in 1994 by (ISC)², an international, nonprofit membership association and arguably the world’s leading cybersecurity professional organization.

It is designed to validate information security work experience and a working knowledge of security principles and practices. 

The CISSP is not suitable for every security practitioner or executive but is one certification that should at least be considered by anyone building a career in information security at any level.

For some security roles, such as IT director, security analyst, and chief information security officer, CISSP certification should be considered a requirement. 

What are CISSP requirements?

Earning the CISSP designation requires a combination of work experience, passing the exam, and ethical adherence:

  1. Work Experience: A minimum of 5 years of cumulative, paid, full-time work experience is required in at least two or more of the eight domains of the (ISC)² CISSP Common Body of Knowledge (CBK).
    • Waiver: One year of the required experience can be waived for candidates who possess a four-year college degree (or regional equivalent) or an approved credential from the (ISC)² list, reducing the requirement to four years.
  2. Exam Passage: Candidates must successfully pass the CISSP exam.
  3. Endorsement: After passing the exam, candidates must have their qualifications formally endorsed by an active (ISC)² certified professional who can attest to their professional experience.
  4. Code of Ethics: Candidates must accept and adhere to the (ISC)² Code of Ethics.

Associate of (ISC)²: If a candidate passes the exam but does not yet have the requisite experience, they are granted the Associate of (ISC)² designation. They then have a maximum of 6 years to earn the necessary professional experience to become fully certified as a CISSP.

Learn more about all of the related career options

While (ISC)² does not publish a comprehensive list of what employment experience qualifies as relevant for the CISSP certification, their promotional materials list the following jobs as ideal for holders of this certification:

  • Chief information security officer
  • Director of security
  • IT director/manager
  • Security systems engineer
  • Security analyst
  • Security manager
  • Security auditor
  • Security architect
  • Security consultant
  • Network architect

How much does obtaining a CISSP certification cost?

The total cost to obtain a CISSP typically includes three components:

  • Exam Fee: The fixed cost for the exam registration is $749 USD.
  • Training Costs: Preparation is variable, ranging from the low cost of self-study materials (books, videos) to significant expenses of $2,499 to over $4,400 for official instructor-led courses or bootcamps, which often include an exam voucher.
  • Maintenance Costs: Once certified, the holder must pay recurring Annual Maintenance Fees (AMF) and fulfill Continuing Professional Education (CPE) requirements to keep the credential active and current.
Learn more about all of the cybersecurity cert options

For candidates more inclined to piece together their study materials, CISSP reference books and videos are widely available. Books run about $100 and videos about $300.

Use the most current material available to avoid receiving outdated information. 

Over and above the costs associated with training courses and materials, there are soft costs to be considered as well.

Time spent preparing for the exam will require sacrifice and as time is money, those costs should be considered when deciding the overall cost-benefit question.

Even so, the higher salaries and increased job opportunities enjoyed by CISSP holders, pursuing the certification, will nearly always come out favorably in that equation. 

There are also ongoing costs associated with maintaining a CISSP certification. Once certified, a holder must recertify every three years.

Recertification is accomplished by earning 120 continuing professional education (CPE) credits over three years and paying a $125 Annual Maintenance Fee (AMF) to support the ongoing development of the program.

CISSP bootcamps: What to expect?

The CISSP exam was revised on May 1, 2021, to align with the latest security threats. One of the most effective ways to prepare for this exam is through a CISSP Bootcamp.

What you’ll learn during a CISSP bootcamp

CISSP bootcamps are intensive programs that equip you with the technical skills needed for the CISSP certification. The curriculum focuses on the eight domains of the (ISC)² CISSP Common Body of Knowledge (CBK). These include areas like security and risk management, asset security, and security architecture and engineering. While the bootcamp won’t make you an expert, it will provide enough knowledge to pass the exam.

The networking advantage

Attending a CISSP bootcamp also offers the benefit of networking. You’ll be learning alongside industry-recognized experts and like-minded individuals. This is crucial because networking is essential in the cybersecurity field.

The financial upside

Holding a CISSP certification can significantly boost your earning potential. In the U.S., CISSP-certified professionals earn up to 9 percent more than their non-certified peers, and in Europe, the figure is 12 percent.

Bootcamp prerequisites and time commitment

Before taking the CISSP exam, you must have a minimum of five years of full-time, relevant work experience. The bootcamps are designed for professionals and are relatively shorter than other cybersecurity bootcamps, usually lasting between 5 to 10 days. They can be attended to on-site or online.

Bootcamp cost

The cost of a CISSP bootcamp varies and can range from $2,499 to $5,000 or more, depending on the provider and the format. Some bootcamps offer additional services like CISSP exam vouchers, study guides, and 1v1 tutoring.

Post-bootcamp steps

After the bootcamp, you’ll be prepared to take the CISSP exam, which has a pass rate of about 20 percent. The exam costs around $749 in the US and varies in other regions. Once you pass, you’ll need to get your experience endorsed by an (ISC)² qualified professional to become fully certified.

Deep dive into the CISSP exam

The CISSP exam cost is $699. A voucher for this fee is sometimes included in commercially available courses. English language tests are administered using Computerized Adaptive Testing (CAT).

With this form of computer-administered testing, test items selected to be administered depend on the correctness of the test taker’s responses to previous items. In this way, the test adapts to the examinee’s ability level.

The 100 to 150 test items on the CISSP exam will come from the information covered in one of the eight domains of the (ISC)² CISSP CBK. Each CBK domain is weighted, as shown below:

DOMAINS OF THE CBKWEIGHTS
Domain 1: Security and Risk Management15 percent
Domain 2: Asset Security10 percent
Domain 3: Security Architecture and Engineering13 percent
Domain 4: Communication and Network Security14 percent
Domain 5: Identity and Access Management (IAM)13 percent
Domain 6: Security Assessment and Testing12 percent
Domain 7: Security Operations13 percent
Domain 8: Software Development Security10 percent

The CISSP test is a timed exam. Each candidate has up to three hours to complete the exam. The test items are multiple-choice or advanced innovative questions. 

The pass/fail rate for CISSP exam takers is not publicly available.

Some commercial training providers claim pass rates above 90 percent, but this information is not readily verifiable. It is widely assumed in the security industry that the CISSP exam pass rate is below 50 percent. 

If the exam is failed on the first attempt, a candidate can retest after 30 days. If they don’t pass a second time, they can retest after 60 test-free days or 90 days from their original test date. If they don’t pass a third time, they can retest after 90 test-free days or 180 days from their first exam attempt. Candidates may attempt an (ISC)² exam up to four times within 12 months at a maximum.

CISSP Concentrations (Advanced Specialization)

For certified professionals seeking deeper expertise in a specific area, (ISC)² offers three advanced concentrations.

While previously requiring the CISSP, they can now be pursued by meeting a 7-year experience requirement (or CISSP + 2 years of relevant experience). Each concentration requires passing a separate, specialized exam (approx. $599).

  • ISSAP (Information Systems Security Architecture Professional): Focuses on security architecture and design.
  • ISSEP (Information Systems Security Engineering Professional): Focuses on systems security engineering (often in government/defense).
  • ISSMP (Information Systems Security Management Professional): Focuses on security leadership, management, and program governance.

Certificate Renewal and Maintenance

The CISSP certification is valid for a three-year cycle and must be maintained through two requirements:

Continuing Professional Education (CPE) Credits:

  • You must earn a total of 120 CPE credits every three years.
  • Annual Requirement: You are expected to earn a minimum of 40 CPE credits each year.
  • Categorization: At least 90 of the total credits must be in Group A (directly relevant to the CISSP CBK domains), with the remaining 30 credits coming from Group A or Group B (general professional development).

Annual Maintenance Fee (AMF):

  • A fee of $135 USD is required annually to support the ongoing development and administration of the program.

Failure to meet these requirements can lead to suspension or expiration of the certification, which would require re-taking the full exam.

CISSP salary information

The CISSP is one of the most sought-after professional designations, largely because the CISSP certification consistently ranks as the top-paying industry certification.

According to Skillsoft, the average annual salary for individuals holding the Certified Information Systems Security Professional (CISSP) certification is $124,910. The Bureau of Labor Statistics indicates that expected job growth for information security analysts for the years 2024 to 2034 is much faster than average at a 29 percent growth rate. 

The CISSP is US Department of Defense (DoD) approved and opens numerous opportunities within the US Federal Government. (ISC)² reports that members earn 35 percent more than non-members.

The CISSP is a globally recognized certification and can open doors to international travel and positions around the world. 

Frequently asked questions about the CISSP

What is CISSP?

The Certified Information Systems Security Professional (CISSP) is a globally recognized certification in the field of information security. It is offered by the International Information Systems Security Certification Consortium, also known as (ISC)².

Who should get the CISSP certification?

The CISSP certification is targeted at professionals who are already established in their IT or cybersecurity careers and who want to certify their skills. It’s often pursued by those in roles like security consultant, security analyst, security manager, IT director/manager, network architect, security auditor, security systems engineer, and chief information security officer.

What are the prerequisites for the CISSP certification?

To qualify for the CISSP certification, you need to have a minimum of five years of cumulative, paid, full-time work experience in two or more of the eight domains of the (ISC)² CISSP Common Body of Knowledge (CBK). A one-year experience waiver can be granted if you have a four-year college degree or regional equivalent or an approved credential from the CISSP prerequisite pathway.

What are the eight domains of the CISSP CBK?

The eight domains are: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.

How can I prepare for the CISSP exam?

Preparation for the CISSP exam can include a combination of methods such as self-study, instructor-led training, online courses, study guides, practice exams, and using the CBK as a reference.

What is the format of the CISSP exam?

The exam is a 3-hour-long computer adaptive test (CAT) for English language exams, with a maximum of 150 questions. For all other languages, it is a linear, fixed-form test with 250 questions over 6 hours.

What is the passing score for the CISSP exam?

The CISSP certification is valid for three years. To maintain it, holders must earn and post a minimum of 120 continuing professional education (CPE) credits within the three-year certification cycle and abide by the (ISC)² Code of Ethics.

Is the CISSP certification worth it?

While the answer to this question can be subjective, many professionals find the CISSP certification worthwhile. It can help boost your credibility, expand your career opportunities, increase your earning potential, and demonstrate your commitment to the information security field.

Conclusion

If there were only a single professional certification for information security practitioners to consider, and truthfully, there are many more, it would be the CISSP. It is the most widely recognized and comprehensive certification available. 

By design, the CISSP is challenging to obtain. The level of knowledge and experience required to earn certification is integral to its value to employers. A CISSP is requisite for many high-level security roles and provides a standard by which security leaders are measured. 

Sources

  • Cybersecurity certification data | From Cyberseek.org in Oct 2025
  • Security analysts career information | From Bureau of Labor Statistics in Oct 2025
  • Cybersecurity Certifications and Continuing Education | From (ISC)2 in Oct 2025

Primary Sidebar

  • Online Programs
    • Master’s
    • Bachelor’s
    • Bootcamps & Certificates
Sponsored Ad
cybersecurityguide.org is an advertising-supported site. Clicking in this box will show you programs related to your search from schools that compensate us. This compensation does not influence our school rankings, resource guides, or other information published on this site.
  • CERTIFICATIONS
    • Azure
    • CASP+
    • CCNA
    • CEH
    • CISA
    • CISM
    • CISSP
    • CRISC
    • Cryptography
    • CTIA
    • CND
    • Forensics
    • Malware Analyst
    • OSCP
    • Pen Testing
    • Security+
  • CAREERS
    • Security Engineer
    • Chief Information Security Officer
    • Security Analyst
    • Computer Forensics
    • Security Consultant
    • Digital Forensics
    • Cryptographer
    • Security Administrator
    • Penetration Tester
    • Security Software Developer
    • Security Specialist
    • Security Code Auditor
    • Security Architect
    • Malware Analyst
    • Data Protection Officer
    • Cybercrime Investigator
    • Cryptanalyst
    • Security Incident Responder
    • Chief Privacy Officer
    • Risk Manager
    • Network Administrator
    • Business InfoSec Officer
    • Information Security Manager
    • Cyber Operations Specialist
  • RESOURCE CENTER
    • Centers for Academic Excellence
    • Job Guide
    • Veteran’s Guide
    • Women’s Guide
    • Internship Guide
    • Security Clearance Guide
    • Ethical Hacker Guide
    • Coding for Cybersecurity Guide
    • Cybersecurity 101
    • Student Guide to Internet Safety
    • Scholarship Guide
    • Cybersecurity Math Guide
    • Small Business Guide
    • Cybersecurity for K-12 Students
    • Career Networking Guide
    • What is a Cyber Range?
    • Code Like a Hacker
    • Reacting to a Cyber Incident
    • Introduction to Cyber Defense
    • Cybersecurity Courses Online
    • Recommended Reading
    • Phishing Attacks
    • Cybersecurity Responsibility
    • How to Get Into Cybersecurity
    • Cyberwarfare
    • Cybersecurity Insurance
    • Job Interview Prep
    • Readiness Economy
    • Is Cyber a Good Career?
    • What is CyberCorps?
    • DEI in Cyber
    • NIST and Small Business
  • RESEARCH
    • AI and Cybersecurity
    • Holiday Hacks
    • Jobs Report
  • INDUSTRIES
    • Financial Sector
    • Insurance Sector
    • Healthcare Sector
    • Environmental Sector
    • Energy Sector
    • Government Sector
    • Transportation Sector
    • Food and Agriculture Sector
Cybersecurity Guide
  • Home
  • Campus Programs
  • About Us
  • Popular Careers
  • Online Programs
  • Terms of Use
  • Resources
  • Programs By State
  • Privacy Policy

Copyright © 2025 · Cybersecurity Guide · All Rights Reserved