By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept
Insights
Audit and Compliance

Becoming a CISSP

We will take you through the step-by-step journey, understanding requirements and eligibility criteria to preparing for exams and the coveted certification.

By
Peter Bassill
July 30, 2023
7
min read
Becoming a CISSP

Becoming Certified Information Systems Security Professional

This article was originally published in 2015 and has been updated to reflect 2023.

Embarking on the path to becoming a Certified Information Systems Security Professional (CISSP) is a thrilling and challenging endeavor. It is the ideal qualification we look for in all our consulting team members. In today's ever-evolving digital landscape, the need for skilled professionals who can protect sensitive information and mitigate cyber threats has never been more critical. The CISSP certification is widely recognized as the gold standard in the field of information security, opening doors to exciting career opportunities and providing a sense of accomplishment. But how does one become a CISSP?

This comprehensive guide will take you through the step-by-step journey, from understanding the requirements and eligibility criteria to preparing for the arduous exam and finally achieving the coveted certification. Whether you're a seasoned IT professional looking to advance your career or a newcomer seeking to make a mark in the cybersecurity industry, this guide will equip you with the knowledge and resources needed to navigate the road to CISSP success. So, fasten your seatbelt and get ready for an exhilarating ride towards becoming a Certified Information Systems Security Professional!

Eligibility Requirements For The CISSP Certification

To embark on the journey towards becoming a Certified Information Systems Security Professional (CISSP), it is essential to understand the eligibility requirements. The CISSP certification is designed for experienced professionals in the field of information security who possess the necessary knowledge and skills to protect organizations from cyber threats. To be eligible for the CISSP certification, candidates must have a minimum of five years of cumulative, paid, full-time work experience in at least two out of the eight domains of the (ISC)² CISSP Common Body of Knowledge (CBK). These domains include Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security. Additionally, candidates must also adhere to the (ISC)² Code of Ethics and pass the CISSP exam.

Understanding The CISSP Exam Format

The CISSP exam is a rigorous test that assesses a candidate's knowledge and skills in various domains related to information security. Understanding the exam format is crucial for effective preparation. The CISSP exam consists of 120 to 175 multiple-choice questions (it used to be 250), with each question having four possible answers. The questions are designed to evaluate the candidate's ability to apply their knowledge and skills in real-world scenarios. The exam covers topics such as security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security. The exam has a time limit of four hours (it used to be six), and candidates must achieve a minimum passing score of 700 out of 1000 points to earn the CISSP certification.

Preparing For The CISSP Exam

Preparing for the CISSP exam requires a systematic and comprehensive approach. It is recommended to start by thoroughly reviewing the (ISC)² CISSP Common Body of Knowledge (CBK) to gain a solid understanding of the eight domains covered in the exam. This can be done through self-study or by attending training courses provided by (ISC)² or other authorized training providers. Additionally, practicing with sample questions and taking mock exams can help familiarize oneself with the exam format and identify areas that require further study. It is also beneficial to join study groups or online forums where CISSP candidates can engage in discussions, share resources, and learn from each other's experiences. Developing a study schedule and setting aside dedicated time for exam preparation is crucial to ensure comprehensive coverage of all domains and topics.

Recommended Study Resources For The CISSP Exam

Having the right study resources can greatly enhance the effectiveness of exam preparation. There are several recommended resources available to CISSP candidates, including official study guides published by (ISC)², which provide comprehensive coverage of the exam topics. These study guides are often accompanied by practice questions and access to online resources. Additionally, there are numerous online training courses and video tutorials available that offer in-depth explanations of the CISSP domains and provide interactive learning experiences. It is also beneficial to explore supplementary study materials such as books, whitepapers, and research papers to gain a deeper understanding of specific topics. Leveraging a combination of these resources can help candidates build a strong foundation of knowledge and increase their chances of success in the CISSP exam.

Tips For Passing The CISSP Exam

Passing the CISSP exam requires more than just knowledge of the exam topics. Here are some tips to enhance your chances of success:

  1. Create a study plan: Develop a study plan that covers all the domains and topics to ensure comprehensive preparation.
  2. Practice time management: The CISSP exam has a time limit of four hours, so practicing time management during exam preparation is crucial. Allocate appropriate time for each domain and topic to ensure proper coverage.
  3. Take practice exams: Taking practice exams can help identify areas of weakness and familiarize yourself with the exam format. Analyze your performance and focus on improving in areas that need attention.
  4. Understand the concepts: Instead of memorizing information, focus on understanding the underlying concepts and principles. This will enable you to apply your knowledge in real-world scenarios during the exam.
  5. Stay updated: The field of information security is constantly evolving, so it is essential to stay updated with the latest trends, technologies, and best practices. Subscribe to relevant industry publications and participate in continuing education programs.

By following these tips and maintaining a positive mindset, you can increase your chances of passing the CISSP exam and earning the coveted certification.

CISSP Exam Registration Process

Once you have thoroughly prepared for the CISSP exam, it's time to register and schedule your exam. The registration process involves several steps, including creating an account on the (ISC)² website, completing the online application form, and paying the exam fee. The application form requires candidates to provide details about their work experience, education, and endorsement from an (ISC)² certified professional who can validate their professional experience. After the application is reviewed and approved, candidates will receive an authorization to test (ATT) email, which contains instructions on how to schedule the exam at a Pearson VUE test center. It is essential to carefully review all the instructions and guidelines provided to ensure a smooth examination experience.

Maintaining CISSP Certification: Continuing Professional Education (CPE) Credits

Once you have successfully passed the CISSP exam and earned the certification, the journey doesn't end there. Maintaining the CISSP certification requires ongoing professional development and the accumulation of Continuing Professional Education (CPE) credits. CISSP holders are required to earn a minimum of 40 CPE credits annually to demonstrate their commitment to staying current with the evolving field of information security. These credits can be earned through various activities such as attending conferences, participating in webinars, publishing articles, or engaging in volunteer work. (ISC)² provides a comprehensive online portal where CISSP holders can track and report their CPE activities.

Benefits Of Becoming A CISSP

Becoming a Certified Information Systems Security Professional (CISSP) offers a wide range of benefits. Here are a few:

  1. Career advancement: The CISSP certification is highly regarded in the industry and can open doors to exciting career opportunities. CISSP holders are sought after by organizations worldwide, and the certification can significantly enhance job prospects and salary potential.
  2. Industry recognition: The CISSP certification is globally recognized as a symbol of excellence in the field of information security. It demonstrates your commitment to professionalism and validates your expertise to employers, colleagues, and clients.
  3. Knowledge and skills: The CISSP certification requires a deep understanding of various domains related to information security. The knowledge and skills gained during the preparation process can greatly enhance your ability to protect organizations from cyber threats and contribute to the overall security posture.
  4. Networking opportunities: The CISSP certification provides access to a global community of information security professionals. Engaging with this community through conferences, forums, and professional networks can facilitate knowledge sharing, collaboration, and career growth.
  5. Personal growth: Achieving the CISSP certification is a challenging and rewarding journey that requires dedication, perseverance, and continuous learning. It provides a sense of accomplishment and boosts confidence in one's abilities.

In Closing

The road to becoming a Certified Information Systems Security Professional (CISSP) is not an easy one, but it is a journey worth pursuing for those passionate about information security. By understanding the eligibility requirements, familiarizing yourself with the exam format, and preparing diligently, you can increase your chances of success. Remember to leverage the recommended study resources, follow the tips for passing the exam, and stay committed to ongoing professional development. The CISSP certification offers numerous benefits, including career advancement, industry recognition, enhanced knowledge and skills, networking opportunities, and personal growth. So, fasten your seatbelt, embrace the challenges, and embark on the exhilarating road towards becoming a Certified Information Systems Security Professional!

Peter Bassill
CEO, Head of Threat Disruption
Share this post
Audit and Compliance
More insights

Other stories from our Insights blog

Category

Insight blog title

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Guides

Wazuh & Crowdstrike Compared

We present a comprehensive comparison of three leading security solutions: CrowdStrike Falcon, Wazuh, and SOC365. We draw insights from real user experiences

Guides

SOC365: A Comprehensive Guide to Modern Cybersecurity

In today's world, where cyber threats are becoming more advanced and persistent, organizations must invest in advanced cybersecurity solutions to safeguard.

News

Scammers hit Gibraltar

Scammers hit Gibraltar with a banking fraud scam powered by Anydesk to steal money from personal and business bank accounts. These criminals really dont care.

News

Managed SOC Services for Businesses

Managed SOC Services for Businesses, how SOC365 helps businesses defend against persistent and effective cyber attacks and keep trading.

News

SOC365 Achieves Prestigious CREST Accreditation

Hedgehog Security, a leading provider of managed security services, is proud to announce that it has achieved the prestigious CREST accreditation for its Manage

Red Team

Understanding Pass the Hash Attack: How Hackers Exploit Password Vulnerabilities

The theft of personal information, such as login credentials, financial data, or sensitive personal details, can lead to identity theft, financial fraud, and ot

News

SOC365: The Premier Darktrace Alternative for Comprehensive Cybersecurity

Discover why SOC365 is the best Darktrace alternative, offering advanced threat detection, comprehensive SOC services, and superior scalability for robust cyber

Guides

Understanding SOC Services with SOC365

Managed SOC (Security Operations Center) services provide a centralized approach to monitoring and managing suspicious activities within your IT infrastructure.

Blue Team

Who is APT29? Uncovering the Notorious Cyber Espionage Group

APT29 is a threat actor (APT) active since 2008 and considered to be a product of the Russian government’s Foreign Intelligence Service (SVR).

News

TeamViewer Hack - What you need to know

TeamViewer detected a breach in its internal corporate IT network on June 26, 2024, unrelated to its customer-facing services.

Guides

Why SOC365 is your top choice for SOC as a Service defence

SOC365 service is not just another MSSP offering. It proactive cybersecurity, keeping data and applications are protected and readily accessible without risk.

Blue Team

A Day in the life of a SOC Analyst

My job is to quickly identify, prioritize, and respond to these threats in real-time, ensuring the security and integrity of our clients’ networks.

News

Security News Update June 2024

As we reach the midpoint of the month, it’s essential to stay informed about the latest cyber security developments and trends.

News

Snowflake Breach Analysis: A Technical Perspective

Snowflake Breach Analysis: A technical perspective on the recent Snowflake breach, what you should consider about the breach and the lessons learnt from it.

Guides

How to conduct a Data Privacy Impact Assessment simply

A Guide to Conducting a Data Privacy Impact Assessment - As a business owner, you understand the importance of protecting your customers’ personal data.

News

Cyber Security News: June 8th - 14th, 2024

It’s been another eventful week in the world of cybersecurity, with a string of high-profile breaches and attacks leaving many wondering whats gone wrong.

News

Wazuh based ultimate SIEM to Detect, Defend and Disrupt

At Hedgehog Security, we have developed an advanced SIEM solution that combines the power of Wazuh, Graylog, and our proprietary Hedgey AI.

News

SMS Phishing Campaign: Two Arrested

Law enforcement authorities have arrested two individuals in connection with a massive SMS phishing campaign that targeted millions of people worldwide.

News

Understanding the SOC Maturity Model

Organisations must continuously adapt to new threats and challenges in the dynamic cybersecurity landscape in order to maintain a reasonable cyber defence.

News

Azure Service Tags abused by Hackers

In recent news, Microsoft has issued a warning about a potential vulnerability in its Azure Service Tags feature that is potentially exploitable.

News

Cybersecurity News: June 1-7, 2024

As we kick off the second half of the year, the cybersecurity landscape continues to evolve at an alarming rate with more vulnerabilities and breaches every day

News

Outsourced Security Operations Center

Outsourced Security Operations Center for modern businesses, keeping up a solid defence from cyber attacks 24 hours a day, 7 days a week

News

Cyber Security & Defence News: May 25th - 31st, 2024

In this blog post, we’ll be covering some of the most significant news stories from The Hacker News and The Register for the period of May 25th to 31st, 2024.

Guides

Honeypots in Cybersecurity: Explained and Demystified

In the ever-evolving cybersecurity landscape, organisations continuously seek innovative ways to protect assets gain insights into cyber adversaries' tactics.

News

Advanced Threat Detection and Response: Strengthening Cybersecurity for Modern Businesses

Advanced Threat Detection and Response: Strengthening Cybersecurity for Modern Businesses when everything is under attack around the clock.

News

Essential cybersecurity tips to Protect your Business

As spring blossoms into full bloom, it's the perfect time for organisations to brush off the cobwebs and spruce up their cybersecurity measures.

Red Team

What Is a Threat-Led Penetration Test (TLPT)?

Threat-Led Penetration Tests (TLPT) are enhanced security tests reserved for financial entities whose failure would have systemic effects.

Blue Team

Fortinets latest CVE vulnerability and what you need to know

In recent developments, Fortinet has issued warnings regarding critical security vulnerabilities affecting its FortiClientEMS software and other products.

Guides

What is a Takedown and How Does It Work?

In the realm of cybersecurity, a "takedown" is a strategic action undertaken to dismantle and disrupt the infrastructure of cybercriminals.

Guides

What are Tarpits? Understanding Cybersecurity Deception Tools

In the ever-evolving field of cybersecurity, defenders constantly seek innovative ways to slow down, analyze, and ultimately thwart attackers.

News

Lessons from the TeamViewer Incident

A recent incident involving the exploitation of a vulnerability in TeamViewer highlights the complexity and severity of current cyber threats.

News

UK Unveils Draft Cybersecurity Governance Code

In an era where digital threats loom large and cyber resilience is paramount, the United Kingdom stands the forefront of bolstering its cybersecurity measures.

Blue Team

Over the Air Breach and how it led to healthcare data loss

A health care provider engaged Hedgehog Security's SOC365 team to provide a breach investigation following a major incident and possible breach by the board.

Guides

An introduction to using Managed SIEM for cyber defence

Managed Security Information and Event Management (SIEM), a comprehensive solution designed to fortify digital landscapes against cyber threats.

News

CVE-2024-21410

Microsoft acknowledged what we already knew, that a freshly patched newly privilege escalation vulnerability, CVE-2024-21410, was being exploited.

Guides

AI augmented phishing guidance to defend yourself better

AI-augmented phishing refers to the use of artificial intelligence to enhance and customize phishing attacks, making them more sophisticated.

Guides

Configuring UFW on Ubuntu for a Web Server: A Step-by-Step Guide

we will walk you through the steps to configure UFW on an Ubuntu server to restrict inbound traffic to HTTP, HTTPS, and SSH, and limit outbound traffic

News

AI cybersecurity strategies needed to win

In the ever-evolving landscape of cybersecurity, the advent of AI has ushered in a new era fraught with sophisticated threats and unprecedented challenges

News

Navigating Cybersecurity Landscape in 2024

As we embark on the journey that is 2024, the cybersecurity landscape is gearing up for unprecedented challenges and opportunities

Audit and Compliance

Understanding Compliance, Regulations, and Standards in Cybersecurity

We incorporate the required technical and organisational security measures and safeguard the protection of the rights of the data subject.

Audit and Compliance

Comprehensive Overview of Cyber Security Programs for Businesses

The Hedgehog Security Cyber Security Program Overiew - how we ensure that we keep you information and data safe from people who should never have it.

Guides

SOC Services with SOC365: A Detailed Explanation

SOC Services Expained - why you need to be using a SOC Service to ensure that your business is defended from relentless cyber attacks.

News

The UK Online Safety Bill Becomes Law

The United Kingdom has taken a monumental step towards ensuring a safer online environment with the Online Safety Act receiving Royal Assent on October 26th

Blue Team

The Challenges of managing your own SIEM / SOC

In the complex and dynamic realm of cybersecurity, managing a Security Information and Event Management (SIEM) or operating a small SOC presents challenges.

Blue Team

The Symphony Of Incident Triage

In the ever-evolving symphony of cybersecurity, the crescendo of chaos can strike unexpectedly, even when there is a solid cyber defence.

Guides

Malicious Websites and how you can identify them quickly

Malicious websites pose a significant risk to individuals and organisations alike. Learn how to identify them and deal with them to stay defended.

Blue Team

The Evolution Of Honeypots And Tarpits

In the ever-expanding digital landscape, the art of cybersecurity has constantly evolved to counter the threats posed by attackers.

Blue Team

Streamlining Incident Response With SOC

In the realm of cybersecurity, chaos and clarity dance an intricate tango. In this ever-evolving landscape, success lies not just in identifying threats

Blue Team

Case Study: Law Firm Using SOC as a Service

Prior to engaging with Hedgehog Security's SOC service, H&H faced significant gaps in their cybersecurity defenses. We fixed that with SOC365.

Blue Team

Why PenTests Matter Beyond Firewalls in Cyber Defense

From dissecting real-world case studies to delving into the intricacies of ethical hacking, this article offers an in-depth exploration

Blue Team

Enhancing Security In AI Systems

In the digital era, artificial intelligence (AI) has emerged as a transformative force, revolutionising industries and reshaping how interact with technology.

Blue Team

AI Cyber Security and the power of Intelligence led defence

At Hedgehog Security, we've harnessed the potential of AI to create Hedgey—an AI-driven force that's been a SOC analyst since 2018.

Blue Team

A Medical Firm using our SOC as a Service for cyber defence

With a focus on protecting client information containing sensitive Personal Identifiable Information and medical data, NGS engaged with us for Cyber Defence.

Guides

Understanding Threat Detection: Key Concepts Explained

For organisations aiming to protect their sensitive data and systems, understanding "What is threat detection" is crucial to ensure that they stay defended.

Audit and Compliance

ISO 27001 Audit comprehensive guide

ISO 27001, a widely recognized certification that focuses on the management of information security risks. But how exactly does an ISO 27001 audit work?

Blue Team

The Ultimate Guide SIEM - Security Incident Event Management

In this comprehensive guide, we will delve deep into the world of SIEM, exploring its fundamental concepts, benefits, and implementation strategies.

Blue Team

Elevating Cyber Security Analysis Techniques

We explore cyber security through the use of innovative analysis techniques like machine learning, artificial intelligence, and behavioural analytics.

Blue Team

A guide to securing cloud infrastructure with a Wazuh SIEM

Wazuh is an open-source security platform that offers real-time threat detection, incident response, compliance monitoring for all environments.

Blue Team

Unlocking the power of Wazuh SIEM for Cyber Defence

With its cutting-edge features, Wazuh empowers businesses to unlock their full security potential and stay one step ahead of cybercriminals.

Red Team

Penetration Testing used for better protecting businesses

In this comprehensive guide, we demystify the world of penetration testing, providing you with a step-by-step approach to fortifying your company's defenses.

Red Team

Red Team Assessments for testing your cyber security

Red Team Assessments simulate real-world hacking attacks, proactively strengthen their security measures and protect their valuable assets.

News

Enhancing Security in AI Systems

In the digital era, artificial intelligence (AI) has emerged as a transformative force, revolutionising industries reshaping the way we interact with technology

Red Team

Red Team Testing and Pentesting

Red team testing and penetration testing are two different methodologies used in security assessments distinct differences in terms of approach & objectives.

Blue Team

Our journey in creating our SOC as a Service offering

We will take you behind the scenes and unveil the secrets of creating our state-of-the-art Security Operations Centre to provide fanatical cyber defence.

Audit and Compliance

How Consultancy can help safeguard and defence your data

Ensure your business is equipped with the necessary tools & strategies to mitigate risks maintain the confidentiality, integrity, and availability of your data.

Red Team

Unleashing the Power of Physical Penetration Testing

In cybersecurity, it's not just virtual threats that keep experts up at night—physical breaches can be just as detrimental. That's where the art of intrusion co

Guides

Managed Wazuh

Managed Wazuh SIEM as a Service - monitor your cyber world from a price point starting as low as £0. Monitor your state of security today.

Guides

Understanding Common Cyber-Attacks: A Guide for Businesses

Phishing is a type of scam email that pretends to be from a reputable organisation or person in order to trick people into revealing personal information

Audit and Compliance

What Is HIPAA?

HIPAA provides federal protections for personal medical information regulates the handling of such information by healthcare providers and insurance companies.

News

GRIZZLY STEPPE: Insights into the Cyber Threat

In recent months, the role of the Russian government in the cyberattack on the Democratic National Committee (DNC) has been a topic of intense debate.

Defending your data
Services
SOC as a Service
SIEM as a Service
Who we help
Legal
Transportation and Logistics
Maritime
Financial Services
Healthcare
Engineering
Case studies
Insights
Wazuh & Crowdstrike Compared
SOC365: A Comprehensive Guide to Modern Cybersecurity
Scammers hit Gibraltar
More Insights
Company
Partnerships
About us
Contact
2024© All rights reserved.
T&CsPrivacy policyCompliance

Get a consultation

Find out how Hedgehog can help protect your company's data with a no obligation consultation with our team.

Get a free trial

Find out how Hedgehog can help protect your company's data with a 30 day free trial of SOC365.

Become a partner

Talk to our team about how you could benefit from becoming a Hedgehog partner.

Get SIEM as a Service

Talk to our team about getting your organisation protected by Hedgehog's SIEM services.

Thank you!
Your message has been received!
Sorry, something went wrong while submitting the form. Please refresh and try again.