CISSP Certification Requirements: Skills, Experience & Education

Certified Information Systems Security Professional (CISSP) is an information security certification awarded by the International Information System Security Certification Consortium (ISC) ². Applicants must demonstrate that they meet all the CISSP certification requirements to be considered for this certification.

CISSP certification is useful for professionals working as information security specialists who want to demonstrate their expertise in the field of cybersecurity.

This certification makes it easier for information security specialists to grow in their careers, which improves their prospects of getting promotions, pay raises, and other benefits. As a result of an increase in the number of cyber risks, there is a greater demand for individuals who are certified in information security.

The CISSP is a difficult certification in the information technology and cyber security field. This accreditation is recognized for its capacity to design, deploy, and manage cybersecurity suites that are among the best in their respective categories.

The CISSP certification requirements are outlined below.

CISSP Certification Requirements

Work Experience

A candidate must have five years of relevant experience to apply for the CISSP test. This work experience should include at least two of the following eight domains of CISSP. 

1. Security and Risk Management
2. Asset Security
3. Security Architecture and Engineering
4. Communication and Network Security
5. Identity and Access Management (IAM)
6. Security Assessment and Testing
7. Security Operations
8. Software Development Security

Full-Time Experience: Accumulated monthly through a minimum of 35 weekly hours over four weeks.

Part-Time Experience: Acceptable if meeting requirements, with a minimum of 20 and maximum of 35 hours per week. Equivalent to 6 months of full-time experience with 1,040 hours and 12 months with 2,080 hours.

Internship: Both paid and unpaid internships are acceptable with proof of intern status on letterhead signed by the organization or registrar if completed at the school.

A one-year exemption is given in the work experience requirement for professionals with a 4-year college degree or its equivalent, an advanced degree in information security from NCAE-C, or another credential from the list of qualifications recognized by the International Information System Security Certification Consortium (ISC)². 

(ISC)² Evaluates application for experience in at least two CISSP domains, professional accomplishment, submitted educational certifications, managerial abilities, regular usage of security procedures and concepts is particularly crucial, etc.

A candidate who does not have the experience to become a CISSP can become an Associate of (ISC)² by passing the CISSP test. Afterward, they can accumulate the experience in six years to get the CISSP certification.

Simply put, if you don’t have the required experience, pass the test, get experience, and become CISSP.

Education Qualification

CISSP certification does not specify specific education requirements to apply for the exam.

However, the following educational qualification can help reduce one year of work experience:

1. Four-year degree from a college or a regional equivalent
2. The National Center of Academic Excellence in Information Assurance Education (CAE/IAE) of the United States awards graduate degrees in information security.

Possessing one of the recognized credentials on the following (ISC)² approved list can substitute one year of work experience. 

(ISC)² Approved List

1. AWS Certified Security – Specialty
2. EC-Council Certified Security Specialist (ECSS)
3. Certified Authorization Professional (CAP)
4. EC-Council Certified SOC Analyst (CSA)
5. Certified Cloud Security Professional (CCSP)
6. GIAC Certified Enterprise Defender (GCED)
7. Certified Computer Examiner (CCE)
8. GIAC Certified Incident Handler (GCIH)
9. Certified Ethical Hacker v8 or higher
10. GIAC Certified Intrusion Analyst (GCIA)
11. Certified Information Security Manager (CISM)
12. GIAC Cyber Threat Intelligence (GCTI)
13. Certified Information Systems Auditor (CISA)
14. GIAC Global Industrial Cyber Security Professional (GICSP)
15. Certified Internal Auditor (CIA)
16. GIAC Information Security Fundamentals (GISF)
17. Certified Protection Professional (CPP) from ASIS
18. GIAC Information Security Professional (GISP)
19. Certified in Risk and Information Systems Control (CRISC)
20. GIAC Security Essentials Certificate (GSEC)
21. Certified Secure Software Lifecycle Professional (CSSLP)
22. GIAC Security Leadership Certification (GSLC)
23. Certified Wireless Security Professional (CWSP)
24. GIAC Strategic Planning, Policy, and Leadership (GSTRT)
25. Cisco Certified CyberOps Associate/Professional
26. GIAC Systems and Network Auditor (GSNA)
27. Cisco Certified Network Associate Security (CCNA Security)
28. Information Security Management Systems Lead Auditor (IRCA)
29. Cisco Certified Internetwork Expert (CCIE) Security
30. HealthCare Information Security and Privacy Practitioner (HCISPP)
31. Cisco Certified Network Professional Security (CCNP Security)
32. Information Security Management Systems Principal Auditor (IRCA)
33. CIW Web Security Professional
34. CIW Web Security Specialist
35. Juniper Networks Certified Internet Expert (JNCIE-SEC)
36. CompTIA Advanced Security Practitioner (CASP+)
37. Microsoft Identity and Access Management
38. CompTIA CySA+
39. Microsoft Security Operations Analyst
40. CompTIA Security+
41. Microsoft Certified Cybersecurity Architect
42. Computer Hacking Forensic Investigator (CHFI)
43. Offensive Security Certified Professional/Expert (OSCP/E)

Who Should Get CISSP Certification

According to the (ISC)², the following professionals are recommended to earn this certification:

1. Chief Information Security Officer
2. Chief Information Officer
3. Director of Security
4. IT Director/Manager
5. Security Analyst
6. Security Architect
7. Security Auditor
8. Security Consultant
9. Security Manager
10. Security Systems Engineer

Conclusion

An applicant needs to have a minimum of five years of experience in the appropriate field in addition to passing a computerized test in a predetermined setting to become a CISSP-certified professional. The candidate can claim one year of experience relaxation if they hold four years graduate degree or equivalent.