Global Information Risk
Management Recruitment
Telephone: +44(0)20 7987 3838 Email:

Should I get CISSP certification?

Filed under: Features — Jonathan on June 30, 2013

A CISSP (Certified Information Systems Security Professional) certificate is one of the most highly regarded credentials in the security industry. There are good reasons for this strong reputation, not least to do with the breadth of material covered in the training.

Subjects such as access control, network security, cryptography and disaster recovery (to name but a few) are explored in considerable depth. Even to qualify for the certification in the first place, a minimum of five years’ experience in security related work (or four years plus a higher education degree) is required. Moreover, a candidate’s knowledge is tested inside out and back to front during a rigorous six hour exam with a suitably high pass threshold.

Furthermore, the training, course materials and the exam itself all need to be paid for – candidates need to see certification as an investment. If the candidate is unable to get sponsorship from an employer, then they will need to fund it themselves. What’s more, the certificate needs renewal every three years, either by resitting the exam or submitting Continuing Professional Education (CPE) credits.

More important, it could be argued, are the commitments of time and intellectual energy required.

All in all, then, the CISSP certification is a significant undertaking, needing thought and planning before diving in. Given the extent of the input required from the candidates and certificate holders during their careers, some have provocatively questioned whether the certificate is worth all this trouble. Meanwhile, there are other certifications available which could be equally valid for certain roles, such as, for example, the Global Information Assurance Certificate (GIAC) developed by the SANS Institute.

There are, however, a number of good reasons for considering a CISSP qualification, especially if you are working in middle to senior management and are in the market for more challenging managerial roles.

First and foremost, a CISSP certificate demonstrates a wide and deep knowledge of the information security landscape, and given the requirement for re-certification, a potential employer will be reassured that this knowledge is current. At the same time, the CISSP is a formal guarantee that the candidate has had at least five years’ experience in the industry. Any statements on the CV will therefore be underpinned and verified by the CISSP. These factors might well swing the balance towards the CISSP-certificated candidates when it comes to shortlisting for interview.

Perhaps just as importantly, a CISSP qualification sends positive signals to a future employer about a candidate’s character. It says they are someone genuinely interested in their profession and furthering their career in that profession, as well as a person who can stay the course (the CISSP is one of the toughest professional qualifications). It also suggests a candidate has the ability to retain information and use their knowledge under pressure, as well as demonstrating a broad, all-embracing view of IT security, not just one niche area.

Finally, those with CISSP certifications can often command higher salaries, on top being considered for more rewarding and challenging roles with greater responsibility; salaries of above £50,000 for CISSP-certified professionals are not unusual.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment


Please register and browse our jobs so we can help you start a new career!




Acumin © 2006-12