So every article I’m going to start with a cyber security related quote. Feel free to send me your favorite quote or make one up and then I’ll quote you! (I’ll even link to your social media and/or website also)
Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.”
Now after the quote I’ll tell you the domain and objective the given topic covers, but today will be an overview of the certification.
What is the CISSP? And why should you care?
As an IT professional I know you spend a lot of time studying new technologies and staying up-to-date in your career fields. So you’ve most likely heard about the CISSP at some point. It is after all considered one of the IT industry’s top security certifications. If you don’t believe me just look at the salaries of professionals who carry this certification.
The certification is developed by ISC(2) “squared” full name being International Information System Security Certification Consortium.
The exam divides up topics into areas that are called domains. Each domain has related objectives. The domains & objectives are based on what the ISC(2) calls the CBK or “common body of knowledge”. The CBK is developed based on research into the actual working knowledge that security professionals need to have. This is referred to as job task analysis.
It has been said that the CISSP material is a mile wide and an inch deep. Or for those using the metric system a kilometer wide and centimeter deep. In essence the exam covers a very large variety of topics but more on a surface level without going into extreme detail. I would say the goal of the CISSP is to provide a solid foundational knowledge in IT security, and is amazing for those in management or positions that have the ability to shape the information systems landscape of their organization.
There are 8 domains:
1. SECURITY AND RISK MANAGEMENT
2. ASSET SECURITY
3. SECURITY ARCHITECTURE AND ENGINEERING
4. COMMUNICATION AND NETWORK SECURITY
5. IDENTITY AND ACCESS MANAGEMENT (IAM)
6. SECURITY ASSESSMENT AND TESTING
7. SECURITY OPERATIONS
8. SOFTWARE DEVELOPMENT SECURITY
I want to point out that each and every one of those 8 domains can be an entire specialized career within cybersecurity. So you can imagine the breadth of topics. This is by no means a walk in the part certification.
Now I ‘m not going to go into the specific process of taking the exam just yet. That will end up being its own article in the future.
My goal in this inaugural article for the CISSP series is to get you familiar with the certification and help you decide if it is worth pursuing. My opinion is that regardless if you want to become certified it is worth gaining the knowledge.
Now for more in-depth information of this certification you can visit the ISC(2) website and sign up to receive their ultimate CISSP guide.
But in case you don’t feel like doing that I’ll tell you some of the info right now. Again the following information comes from the Ultimate CISSP guide found on the ISC(2) website.
Some job positions that can make use of the certification are:
• Chief Security Officers
• Chief Information Officers
• Systems and Network Administrators
• Chief Technology Officers
• Security Managers
• Systems Integrators
• Chief Risk Officers
• Systems Engineers
Some quick facts about the CISSP:
• Introduced in 1994
• United States Department of Defense approved
• Most required security certification on LinkedIn
• Exam available in 8 languages at 882 locations in 114 countries
• More than 129,000 professionals currently hold the CISSP certification
• Average CISSP Salary: US $131,030
I’ll wrap this up for now. I hope you found the information useful and keep an eye out for future articles.
If you are super-duper interested in following The CISSP series then please subscribe to this series below.