Achieving the CISSP certification is one way to show the world that you have the technical ability, knowledge and experience in the IT Security field. If you think the certification is important, I encourage you to prepare well for it, then take the test and join me as a CISSP. The exam covers the 10 domains called the Common Body of Knowledge (CBK) in 250 questions. In order to pass the test you must achieve a score of 700 points or more. There are several additional steps beyond passing the test that each candidate must complete to earn the CISSP certification. I'll walk you through the basics...
Minimum experience requirements:
You must have a minimum of five years of
professional experience in the information security field or four years plus a college degree. You may subsititute an Advanced Degree in Information Security from a National Center of Excellence or the regional equivalent can substitute for one year towards the five-year requirement.
A candidate must also provide acceptable answers to 4 questions related to regarding criminal history and related background.
Before the exam:
1. Study.
a. Complete a
self assesment quiz to see where your strengths and weaknesses are.
b. ISC(2) has several free
webcasts valuable for your review.
b. Shon Harris books and DVDs are great references to ensure you have a full understanding.
c. Take free
practice quizes before taking the test. The test questions are long and complicated. It is critical that you read all the words in the question as it is easy to speed read the question and answer it wrong.
d. The candidate will be required to agree to follow the ISC(2) Code of Ethics to become CISSP certified. Be sure to read and understand the requirements as this is not optional.
e. Read the ISC(2) Candidate Information Bulletin available for download from:
www.isc2.org/cib.
2. Join a study group if possible.
NebraskaCERT generally offers one prep class per year. Check their website or go to a meeting if you're looking for a study partner or session.
Day of exam:
- Print a copy of the email "ticket" you receive from ISC(2) and bring it with you to the exam site. A proctor will check you into the exam. The informaiton on your ticket will be cross referenced by the proctor.
- Bring a valid form of identification that has your picture on it (Driver's License, Military Identification, etc.)
- Bring a snack. Candidates are provided a space in the room away from the desk/table where the test is administered. You may get up from the test to quietly eat the snack in the room.
- Do not bring your cell phone, books, papers, or other items into the test area. You will be provided pencils.
- Be sure to be well rested and focused on the material on the day of exam. Leave other stresses at home.
How do I know if I passed?
ISC(2) will email you the results of the exam usually within one week of completing the exam. If you pass, you will get a letter that begins with "Congratulations ....". You will not be provided your score. If you did not pass, you will receive a letter that does not begin with "Congratulations". Those who do not pass will receive their score.
There are a few more steps after you pass the exam before certification is approved:
If you pass, the letter will remind you that you are not permitted to use "CISSP" yet. You will be instructed to submit your resume for review.
You must be endorsed by another (ISC)² certified professional in
good standing before the credential can be awarded. The endorser will attest that the candidate's assertions regarding professional experience are true and to the best of the endorser's knowledge, and that the candidate is in good standing within the information security industry.
What are the on-going requirements to maintain the CISSP certification?
All CISSPs must maintain their certification by completing Continuing Professional Education (CPE) credits before the three year period and pay $85 per year.
ISC(2) requires that each CISSP must complete a minimum of 20 CPEs each year - so a CISSP cannot complete 120 CPEs during year one and maintain his or her certification. A CISSP may complete more than 20 CPEs per year, but not less. If a CISSP does not complete 20 CPEs each year, he or she will need to retake the CISSP exam.
What counts as CPE?
You can earn CPEs by:
- Attending educational/training conferences and seminars
- Attending conferences
- Attending Professional Association Chapter Meetings (such as Infragard and NebraskaCERT)
- Attending Vendor Presentations
- Completing college courses (*you must pass the class)
- Providing security training to others
- Publish a security article or book
- Serve on the board of a professional security organization
- Complete computer based training
- Read Information Security books or authorized magazines (may be required to complete a book report)
- Various IT related volunteer work
How do CISSPs submit CPE?
All CISSPs must register on the ISC(2) website using information provided from ISC(2) after the CISSP certification is earned. CISSPs log into the website to submit CPEs and pay the annual maintenance fee.
Good luck. May the force be with you!
