CISSP Exam Preparation Guide - How to become an (ISC)2 Certified Information Systems Security Professional

  • Cyber Security
  • (ISC)2 CISSP
  • Certification Guide
  • Published by: Maria Forsberg on Jul 16, 2022
A group of people discussing exciting IT topics

If you want to take your cybersecurity career to the next level, the Readynez (ISC)² CISSP course is for you. Read on to learn what CISSP and this course and certification have to offer!

What is the CISSP Certification?

The CISSP certification is a vendor-neutral cybersecurity credential developed in 1994 by a nonprofit organization called the International Information Security Certification Consortium, aka (ISC)².

The CISSP (which stands for Certified Information Systems Security Professional) is the gold-standard credential for cybersecurity professionals worldwide. As of January 1, 2022, the CISSP was held by over 150,000 (ISC)² members, more than 8,000 of which are based in the UK.

Earning the CISSP certificate shows employers that you know how to design, implement, and manage a cybersecurity program. For many high-level cybersecurity jobs within government organizations (such as the US Department of Defense), the CISSP is a requirement.

Thus, if you wish to prove your skills and advance your career in information security, a CISSP certification is likely to be right for you. (ISC)² offers the CISSP exam in eight languages (English, Chinese, German, Japanese, simplified Chinese, Korean, Portuguese, and Spanish) across 882 locations in 114 countries.

The English CISSP exam is offered at authorized PPC and PVTC Select Pearson VUE testing centers across the globe. Because it uses computerized adaptive testing (CAT), the English exam includes anywhere from 125 to 175 multiple choice and advanced innovative questions. Depending on your competency, you are given four to six hours to complete the exam.

For all other languages, the CISSP exam is offered as a linear, fixed-form test. In these cases, you get six hours to answer 250 multiple choice and advanced innovative questions.

To pass the CISSP exam in any language, you need to earn at least 700 out of 1,000 points. Your CISSP certification is good for three years, whereupon you may renew it if you’ve accumulated 120 continuing professional education (CPE) credits in the meantime.

But don’t worry; continuing education courses are available through your (ISC)² membership. As long as you periodically enroll in some continuing education programs, you can keep your CISSP certification active.

What is the eligibility for a CISSP certification?

Before you may sit for the CISSP exam, you have to possess at least five years of full-time experience in two of the eight (ISC)² CISSP Common Body of Knowledge (CBK) domains, which consist of:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

(ISC)² counts your work experience in months. To accrue one month of full-time experience, you must have worked at least 35 hours per week for four weeks in a row. If you worked anywhere from 20 to 34 hours per week, that’s regarded as part-time work experience. Internships (paid or unpaid) may count toward work experience if the company or organization confirms your position as an intern in writing.

That said, (ISC)² will waive up to one year of work experience if you have a four-year degree, a regional equivalent, an advanced degree in information security from the US National Center of Academic Excellence in Information Assurance Education (CAE/IAE), or another credential from the (ISC)² approved list.

If you don’t meet the necessary work experience requirements, you can still get an Associate of (ISC)² certification by passing the CISSP exam. You will have six years to accumulate the necessary five years of work experience that earns the full CISSP certification.

On top of work experience, earning the CISSP certificate requires accepting and supporting the (ISC)² Code of Ethics, which includes the following preamble:

  • The safety and welfare of society and the common good, duty to our principals, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.
  • Therefore, strict adherence to this Code is a condition of certification.

The (ISC)² Code Of Ethics also includes the following canons:

  • Protect society, the common good, necessary public trust and confidence, and the infrastructure.
  • Act honorably, honestly, justly, responsibly, and legally.
  • Provide diligent and competent service to principals.
  • Advance and protect the profession.

If you can commit to these tenets and be ethical in all facets of your work, you’re considered sufficiently responsible to attempt the CISSP certification.

Finally, to become a CISSP you must also attest to the truth of your professional experience, receive an endorsement from an active (ISC)²-certified professional, and answer the following background and criminal history questions:

  • Have you ever been convicted of a misdemeanor, felony, common-law felony, military court-martial, or any other international equivalent, or is there a charge now pending against you?
  • Have you ever been involved with, publicly identified with, or indicted by law enforcement for computer crimes or criminal computer activity?
  • Have you ever had a professional license, certification, membership, or registration revoked, or have you ever been censured or disciplined by a professional organization or government agency?

If you answer “yes” to any of these questions, you may be deemed ineligible for the CISSP certification. Make sure you review them carefully before moving forward with CISSP exam preparation.

What is the difference between CISSP and CCSP?

It’s easy to confuse CISSP with CCSP (another (ISC)² certification that stands for Certified Cloud Security Professional). But there are crucial differences between the two credentials you must understand.

CCSP was launched in 2015 as a certification designed specifically for cloud security professionals. It certifies your practical skills in cloud security architecture, design, operations, and service orchestration.

In fact, it’s the highest certification in the cloud security field. So if you’re interested in a more technical career that may involve becoming a cloud architect, engineer, consultant, administrator, security analyst, specialist, auditor, or developer, the CCSP may be the most suitable for your goals.

In contrast, the CISSP is geared toward (aspiring) information security managers and executives. It’s a more holistic certification that confirms you can design, implement, and manage an entire cybersecurity program. Therefore, it’s better suited for those who seek to become a Chief Information Security Officer, Chief Information Officer, Director of Security, or IT Director/Manager.

As far as work history goes, CCSP requires you to have five years of relevant experience, three of which must be in information security and one year in one of the following CCSP Common Body of Knowledge (CBK) domains:

  • Cloud Concepts, Architecture and Design
  • Cloud Data Security
  • Cloud Platform & Infrastructure Security
  • Cloud Application Security
  • Cloud Security Operations
  • Legal, Risk, and Compliance

CISSP also requires you to have five years of work experience, but across only two of the eight CISSP CBK domains, which include the following:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

Of course, the CISSP and CCSP exams differ from each other as well. The CCSP exam is available at Pearson VUE testing centers only in English and Japanese. The test lasts 4 hours and consists of 125 multiple-choice questions.

In contrast, the CISSP exam is offered in 8 languages (English, Chinese, German, Japanese, simplified Chinese, Korean, Portuguese, and Spanish). It also has a computerized adaptive testing (CAT) version and a linear version.

So the CISSP exam may include anywhere from 125 to 250 questions, which applicants must answer within anywhere from four to six hours.

As far as how much income you could earn with each certification, the average CCSP salary across the world is $119,880 and $78,548 in Europe, the Middle East, and Africa; while the average CISSP salary is slightly higher: $123,490 globally and $100,538 in Europe, the Middle East, and Africa.

Ultimately, CCSP and CISSP certifications both have unique advantages and disadvantages. You are best advised to choose CCSP if you prefer being more technical and hands-on, and select CISSP if you prefer to lead, manage, and oversee an entire cybersecurity program. That’s up to you.

Prerequisites for the CISSP Certification

Before you can certify as a CISSP, you must meet some prerequisites. Specifically, you have to possess a particular skill set already. The CISSP certificate isn’t designed for entry-level cybersecurity workers; it’s for those who already have significant experience under their belt.

So before you try to seek to obtain your CISSP certification, here’s what you should know:

  • Understand information security. This means you are deeply familiar with security analysis, identity and access management, network security, penetration testing, incident response, various software methodologies, and more. Don’t attempt the CISSP exam without this basic foundation.
  • Know how to define the architecture, design, and management of a security program. Start by defining your current company or organization’s security program. If you can’t, familiarize yourself with all facets of a security program before you take on the CISSP.
  • Have a working knowledge of the eight CISSP CBK domains. Refresh your knowledge on all of the following: security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security.
  • Understand emerging technologies. Artificial intelligence (AI), machine learning (ML), information of technology (IoT), and other technologies are driving digital transformations in companies across the board. Before you can become a CISSP, you should understand how these technologies affect cybersecurity and what role they’re apt to play in the future.
  • Believe in the importance of software development. Software development is closely tied to cybersecurity issues. So you need a basic understanding of software development lifecycles and the effects they have on cybersecurity before you can attempt the CISSP.
  • Know how to adapt. Companies and organizations value cybersecurity professionals who can adapt to various roles, use new tools, analyze different types of data, and collaborate on projects. Learn how to be an agile team player.
  • Have good leadership and communication skills. CISSPs are expected to lead and manage security teams. Thus, on top of your technical skills, you have to develop the soft skills required to inspire your team to work hard and effectively.

Once you meet these prerequisites, you’ll be better prepared to take on the CISSP certification. If you’re not quite there yet, that’s okay. Keep studying until you are.

Best ways to prepare for the CISSP Exam

The CISSP exam isn’t easy. Like other major academic tests, it requires considerable study and hard work. Luckily, there are many things you can do to prepare. Here are a few:

  • Get to know the CISSP exam. You ought to understand how it’s structured, how many and what kinds of questions it contains, and how much time you’ll have to complete the test. This is basic information that shouldn’t come as a surprise on exam day.
  • Take a course. Enroll in an in-person class or an online course. Either route enables you to learn from an expert who has taken the CISSP exam. This gives you an opportunity to ask specific questions. A course also features classmates who can motivate and encourage you. If you’re not in a rush, you might opt for a self-paced class. But if your exam date is coming up soon, you might be wiser to enroll in an Instructor-led course.
  • Create a study plan. Give yourself a realistic deadline for when you plan to take the CISSP exam. Then work backward from that date to design a study plan. You probably have a lot to learn across the eight CKB domains, so divide your program into manageable chunks and work toward your goal in stages. This may require hundreds of hours of study, so give yourself plenty of time. You don’t want your job and other commitments to suffer as a result of stressing too much over the CISSP test.
  • Use self-study aids. Many CISSP study aids are out there. Find one that fits your learning style, whether you learn best through visuals, listening, or reading and writing. Some study aids are even free!
  • Take practice tests. Practice exams give you a taste of what the actual experience will be like. Give yourself only the allotted time to ensure the practice test is as realistic as possible. Look at how you perform on the practice test to get a better sense of where to focus the rest of your study efforts. And if you do well on the practice round, you will prove you have what it takes to ace the actual CISSP exam.
  • Develop good test-taking skills. Much of your test performance will depend on your test-taking skills. Learn how to pace yourself during the exam so you don’t run out of time. Make a habit of marking questions you get stuck on and returning to them later. When you’re not certain about a question, eliminate the answers you are fairly sure must be wrong to narrow down your options.
  • Get ready for exam day. When exam day comes, you want to be well rested and focused. So make sure you get a good night’s rest and eat a good breakfast. Arrive at the testing center early and try to remain calm and relaxed. Avoid distractions so you can give your full attention to the exam.

If you do all that, you’ll be in great shape for the CISSP exam. Even if you fail it, it’s not the end of the world. You can retest after 30 days.

If you fail a second time, you can retest after 60 test-free days (or 90 days from the original test date). Furthermore, if you fail a third time, you can retest after 90 test-free days (or 180 days from the first exam attempt).

In other words, you are allowed to attempt the exam up to 4 times within a given year. If you follow the steps above closely, though, you’ll have a good shot at passing the exam on your first try.

Top CISSP Certification Courses in 2022

One of the best ways to prepare for the CISSP exam is to take a CISSP certification course. You have many options to choose from. Here’s a breakdown of the top CISSP Certification Courses in 2022:

  • (ISC)² CISSP Course by Readynez—This is a 5-day instructor-led course offered in either virtual or classroom format. The virtual course ($3,730) can be done online from the comfort of your home. It includes pre-reading, instructor-led training, course material, and a certification guarantee. The classroom version ($5,290) includes the same plus accommodation and meals. For anyone that hopes to ace the CISSP, this is a great way to do it.
  • 2022 CISSP SuperReview by Certified Information Security—This $1,795 all-in-one online CISSP course is taught by Allen Keele, a well-known cybersecurity professional with at least 20 certifications and six published books. The course offers more than 1,300 slides, 16.5 hours of video/audio content, and eight mock exams that consist of more than 1,200 practice questions. You may also extend your course access by six months if you fail the exam. Finally, the course includes private tutoring sessions with Allen Keele himself.
  • CISSP Certification Training Course by Master of Project Academy—This online course offers over 30 hours of self-paced training and seven practice exams that contain at least 1,700 practice questions. It also boasts a 99.6% success rate and offers a free demo with a 30-day money-back guarantee. The course has three payment options: $87/month, $470/year, or $770 for lifetime access.
  • CISSP Certification Training by GreyCampus—This course is offered as an on-demand self-learning program with access to video lectures, five simulated exams (with a total of 1,250 practice questions), and 24/7 support. The online version costs only $360 and includes a 3-day 100% money-back guarantee. But for a custom price, you can also enroll a group of five or more students for an in-person training.

Choose the CISSP prep course that suits your timeline, budget, and individual circumstances. Remember, you want to be as well prepared as possible for the exam in order to pass. So don’t be afraid to invest in yourself with a quality course.

CISSP Exam Cost in the UK

Registering for the standard CISSM exam in the UK costs 585 GBP (with taxes varying by location). You can also reschedule an exam for 35 GBP if you contact Pearson VUE online within 48 hours of the exam or by phone within 24 hours.

To cancel your exam entirely, you must pay 70 GBP. If you don’t sit for your exam within 365 days after the initial exam date, your exam fee won’t be refunded.

Companies and organizations may also purchase exam vouchers. They have the option to transfer the voucher to anyone within the organization. CISSP exam vouchers can be bought well in advance of test dates. This helps reduce delays, paperwork, and costs.

Please note, however, that (ISC)² is the only organization authorized to sell CISSP exam vouchers. Steer clear of any other exam voucher providers you come across.

Benefits of a CISSP Certification

So why should you get certified as a CISSP? Becoming a CISSP has many benefits. Here are just a few: 

  • Stand out from your peers. The CISSP certificate is the most valued cybersecurity credential in the world. The years of development and research that went into it will set you apart from your peers. It’s the first security credential to meet the strict conditions of the ANSI/ISO/IEC 17024 standard; it satisfies the US Department of Defense (DoD) 8570 IAM Level II/III, IAT Level III, and IASAE Level I/II; and it’s a prerequisite of the Australian Government Information Security Registered Assessors Program (IRAP). In short, the CISSP is recognized by the world’s largest institutions.
  • Become a member of the largest cybersecurity association in the world. The number of (ISC)² members that hold the CISSP worldwide is 150,000 and growing. When you become a member, you gain access to professional development courses, continuing education programs, and many networking opportunities.
  • Enjoy (ISC)² membership perks. As a member, you also get to enjoy such perks as a free subscription to InfoSecurity Professional Magazine, free webinars, and discounts on other (ISC)² education programs, workshops, courses, and events.
  • Document your cybersecurity experience. To qualify for the CISSP certification, you must demonstrate hands-on experience. By certifying as a CISSP, you authenticate your skills and competence. Plus, employers know that CISSPs must invest in their continuing education in order to keep their certificate active.
  • Understand all aspects of the cybersecurity landscape. To certify as a CISSP, you must master eight CISSP CBK domains: security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management (IAM), security assessment and testing, security operations, and software development security. By the time you’re certified, you’ll comprehend cybersecurity inside and out.
  • Maximize your earning potential. The average CISSP earns $131,030 per year, but some make well over $150,000. Possession of a CISSP certificate enables you to earn far more than you would without it.
  • Enhance your cybersecurity career. If you’re a cybersecurity professional, your career offers a lot of potential. According to one study, the current global cyberwork shortage amounts to roughly 2.9 million workers. And the demand for cybersecurity professionals is continuing to grow. That means a CISSP is in a stable profession with many opportunities.

Without a doubt, becoming a CISSP is a great move for any cybersecurity professional. There aren’t any downsides to speak of. It’s all upside.

Career Scope After Getting CISSP Certified

With your CISSP certificate in hand, you can look forward to a bright career. Information security is one of the most stable professions. In November 2021, there were 597,767 cybersecurity job openings and 1,053,468 people employed in the cybersecurity workforce.

Consider a specific security position. There were 141,200 information security analyst jobs in 2020, and the number of information security analyst jobs is predicted to grow by 33% between 2020 and 2030 (which is much faster than average job growth). That means that 47,100 jobs will be added to the US information security analyst market in the current decade.

However, you can use your CISSP certificate to apply for many other cybersecurity positions as well. The credential is highly versatile. According to the (ISC)² website, the CISSP is a plus for all the following positions:

  • Chief Information Security Officer
  • Chief Information Officer
  • Director of Security
  • IT Director/Manager
  • Security Systems Engineer
  • Security Analyst
  • Security Manager
  • Security Auditor
  • Network Architect
  • Security Consultant
  • Network Architect

And that’s not an exhaustive list. There are many other cybersecurity roles for which the CISSP certificate comes in handy.

Within the information security industry, the CISSP credential is highly regarded. Large corporations and government organizations like the US Department of Defense (DoD) value CISSPs for their ability to design, implement, and oversee robust cybersecurity programs. The CISSP certificate is also widely respected across the globe, so you may seek job opportunities overseas as well.

Note that an average of 50% of hiring managers don’t believe their cybersecurity job applicants are well qualified. Having a CISSP certificate is a great way to stand out.

Companies are also investing more in cybersecurity because they don’t want confidential data to leak and get used by their competitors. Large businesses are also gathering and analyzing more information as their ability to collect consumer data increases.

Thus, organizations need information security professionals to safeguard their data. Right now, the North American cybersecurity market is worth jn excess of $60 billion, and it’s expected to grow at a rapid 12% compound annual growth rate (CAGR) between 2022 and 2030.

Many firms hire cybersecurity professionals for the long term. In fact, in one survey, 16% of respondents said that it takes an average of six or more months for them to fill a new cybersecurity position. This means once you’re hired, you won’t have to worry much about losing your job.

Most companies will do all they can to keep you so they don’t have to find a replacement and have to absorb turnover costs. In sum, choosing to become a CISSP is a lucrative and safe career choice.

CISSP Career Benefits and Salary

Earning your CISSP certificate can boost your career and salary. CISSPs earn an average global salary of $123,490. In Europe, the Middle East, and Africa, the average CISSP salary is $100,538, and in the US, it jumps to $135,510! Plus, according to a survey done by Global Information Security, CISSPs earn 20% to 25% more than their non-certified counterparts. It’s also good to note that cybersecurity workers make 23% more in the private sector than in the federal government—although pay is comparable at the entry level.

But a higher salary is not the only career benefit of becoming a CISSP. The CISSP certificate is also regarded as the most valuable security certification (from a list of 50 leading cybersecurity industry certifications and courses). Employers like to see that you are CISSP-certified because it’s the gold standard of cybersecurity credentials.

Getting the CISSP certificate also makes you a member of the (ISC)². This gives you tons of perks and benefits. For example, you gain access to the professional development institute (PDI) and its free educational programs. You may expand your professional network by meeting and working with other CISSPs.

Attendance at (ISC)² summits and discounts on conferences, workshops, and other events become options for you. And to top it all off, you get a free subscription to InfoSecurity Professional Magazine, a leading publication in the cybersecurity field.

As a CISSP, you also learn more about the information security market. The monthly meetings, workshops, and conferences deepen your knowledge—as will many (ISC)²  online resources.

Becoming a CISSP will hone your cybersecurity skills. For example, CISSPs can choose a concentration in engineering, management, or architecture. If you specialize in a narrow field, you gain the trust of others inside and outside the cybersecurity community. You can use your CISSP concentration to demonstrate your value to your company and its customers.

All things considered, getting the CISSP certificate offers a high return on investment. Your salary will likely increase, you’ll get (ISC)² membership perks, you’ll increase your knowledge and skills, and you’ll help boost the profile of your firm.

Future of the CISSP

The CISSP is a game changer in the cybersecurity industry. Every year, the number of cybercrimes increases. For example, the FBI reported a record 847,376 complaints of cybercrime in 2021, a 7% increase from 2020. This means there’s a growing need for CISSPs to defend companies against cyber attacks and other threats.

At the same time, technological innovation is accelerating. The World Economic Forum (WEF) recently named 17 technologies that could change the world by 2025. Among them are artificial intelligence (AI), machine learning (ML), quantum computing, 5G-enabled mobility, personalized healthcare, and AI-expedited decarbonization. Each of these technologies will undoubtedly introduce new cybersecurity concerns that will have to be addressed by qualified CISSPs.

In the meantime, a 2.72 million shortage of cybersecurity professionals makes the CISSP certificate more valuable than ever. Workers who want to take advantage of the growing demand for cybersecurity professionals would be smart to invest the necessary time and money to certify in CISSP.

As for the CISSP exam itself, it will evolve over time as the global data security environment changes and new needs arise. In fact, 25 unscored pre-test questions were added to the CISSP exam as recently as June 1, 2022.

Nobody knows exactly what the future holds for the CISSP, but it’s clear that the gold standard of cybersecurity certifications isn’t going anywhere any time soon. It’s an essential piece of information security professionals’ career development and will remain so for many years to come.

We’re always available for advice and guidance to support your journey towards the CISSP certification, so please don’t hesitate to reach out to us.

Two people monitoring systems for security breaches

Unlimited Security Training

Get Unlimited access to ALL the LIVE Instructor-led Security courses you want - all for the price of less than one course. 

  • 60+ LIVE Instructor-led courses
  • Money-back Guarantee
  • Trained 50,000+ IT Pro's



Price: {{item.ItemPriceExVatFormatted}} {{item.Currency}}