What you need to know before sitting the CISSP

If you’re interested in gaining a high-ranking position in the information security industry, you’ll probably need the CISSP® exam (Certified Information Systems Security Professional) qualification.

In this blog, we explain everything you need to know before enrolling on a CISSP training course.

Is it difficult to become a CISSP?

Like most advanced qualifications, it takes a lot of time and effort to achieve the CISSP qualification, and you are by no means guaranteed to pass the exam first time.

The (ISC)2 doesn’t disclose the pass rate, but it’s believed to be below 50%. Fortunately, most people learn from their mistakes and pass on their second or third attempt.

You therefore shouldn’t be too disheartened if you don’t pass right away. Instead, realise that for many people it’s simply part of the process, and look for training courses like ours, which give you the option to resit the course for free.


Take a look at our CISSP Accelerated Training Programme >>


Can you become a CISSP without practical experience?

You need at least five years’ experience in two or more of the eight CBK (Common Body of Knowledge) domains to become a CISSP.

However, you can still sit the exam and become an Associate of (ISC)2 until you gain the necessary experience.

How long does it take to gain the CISSP qualification?

Like any exam, preparation is a matter of quality over quantity. The right teacher or learning tool can explain a topic in a matter of minutes, whereas you could spend hours reading about it online and still be none the wiser.

Generally, we recommend spending at least 160 hours studying CISSP and preparing for the exam. But bear in mind that the more intensively you study, the less time it will take. That’s to say, you’ll probably make more progress if you dedicate chunks at a time to studying rather than doing it in bits and pieces.

How long is the CISSP qualification valid?

A CISSP qualification is initially valid for three years. To extend its validity, you must gain 40 CPE (continuing professional education) credits annually and 120 credits over a three-year period.

You can achieve those credits by proving that you are an active member of the cyber security industry and are staying abreast of the changing landscape. Some of the ways you can do this include:

  • Attending cyber security conferences and webinars;
  • Subscribing to industry journals;
  • Enrolling on educational programmes;
  • Publishing an article or book on a relevant topic; and
  • Preparing for an information security qualification.

What jobs can I get with a CISSP qualification?

The CISSP qualification is suited for mid- and senior-level managers who are working towards, or have already attained, senior information security positions.

Some of the most common jobs for CISSP-qualified individuals are:

  • Information security manager;
  • Information security analyst;
  • Chief information security officer;
  • Security architect; and
  • Security engineer.

Which is better, CISSP or CISM®?

If you’re looking to gain an information security qualification, you might be weighing up the pros and cons of CISSP and CISM (Certified Information Security Manager).

There’s no right answer as it ultimately depends on your skills and the type of job you want.

CISSP is generally preferable for those who are interested in the technical side of information security whereas CISM is better for those looking to become managers.

Some people might benefit from gaining both qualifications. In that case, we’d recommend taking CISSP first.

How do I get my CISSP endorsement?

To become a qualified CISSP, your application must be endorsed by an (ISC)2 professional. This person must be:

  • Capable of attesting to your professional experience; and
  • An active member of (ISC)2.

You may know someone professionally who meets those criteria, but if not, (ISC)2 can act as your endorser.

How do I prove my CISSP experience?

Your endorser will research whether you meet the requirements to become a CISSP, including whether you have the necessary experience.

If it’s someone you work with, they can simply verify your job role and how long you’ve been doing it. If your endorser can’t attest to this, they will speak to your line manager, HR department, customers and vendors for evidence of your claims.

Pass the CISSP exam with IT Governance

If you’re ready to start preparing for the CISSP exam, take a look at our CISSP Accelerated Training Programme.

This crash course teaches you everything you need to pass the exam in just five days. You’ll be guided by an industry expert with a track record of helping candidates pass the exam. If you don’t pass first time, we’ll train you again for free*.

Find out more >>

*conditions apply.