Should You Say “Yes” or “No” to (ISC)2 CISSP Certification? What Will Be Your Answer?

Whether you should pursue the (ISC)2 CISSP certification or not is a question that may not have a straight or simple answer. It depends on many things. Besides, there are also so many options. This makes it even more complicated to answer this question. However, getting the facts right is the best way to shape the best answer to it. So, let’s first find out all the facts.

Typically, the IT positions that require the professionals to be CISSP certified pay very well. In fact, the typical salary of the CISSP certificate holders can be six figures. But this also depends on where you live. Besides, there are many vacant security positions not only in the United States but also in many other parts of the world. According to recent surveys, there will be about 2 million more security jobs available than the qualified specialists to fill them in the United States. That’s a truly convincing consideration. But to be honest, these numbers are only compelling to a person who is considering security as a career. If you are a security professional and you are currently working in this position, then you definitely know that it all comes down to the individual’s professional strengths and personal preferences.

Let’s look at some of the reasons why you should or should not earn the (ISC)2 CISSP credential.

  • It entirely depends on your work experience.

Well, there is one important thing you should know. It is not possible for you to get your CISSP if you are a beginner in a security role. To be eligible for this certification, you must have at least five years of paid work experience. Even though you can successfully shorten this period by one year, you will still need to have four years of work experience.

Fortunately, there are very good reasons to work towards the CISSP credential if you don’t have the required five-year experience. By passing the certification exam, you can become an (ISC)² Associate. You will gain exclusive access to all the resources of this vendor as well as network groups. Besides, the certified professionals are also more desirable to the employers. As an Associate, you will have 6 years to gain the required 5 years of paid work experience, while meeting the requirements of CPE (continuing professional education) in order to obtain the CISSP certificate.

  • CISSP opens up doors of government job opportunities.

Many large organizations, including the federal government, require the CISSP certification for career progression. The baseline for the federal government employees in the United States has four tiers:

  • Information Assurance Management (IAM);
  • Information Assurance Technical (IAT);
  • Cybersecurity Service Provider (CSSP);
  • Information Assurance System Architect and Engineer (IASAE).

As you may notice, the CISSP certificate appears just a bit. Compared to other credentials, it satisfies more IA basic certification requirements. So, Certified Information Systems Security Professional is a top choice for anyone who wants to fulfill an IA baseline certification requirement. In case you want to opt for another option, then you should consider CASP+ as it is the next best variant. This is an advanced-level cybersecurity CompTIA credential. It satisfies the first 2 levels of the IAM position, all levels of the IAT position, and the IASAE positions.

  • You should not start with CISSP.

You may have just graduated from college and you are trying to get your first security job. If that’s the case, then you should not start with obtaining (ISC)2 CISSP. Instead, you should pursue a certification, which validates the basics. There are two credentials falling into this category: CompTIA Security+ (SY0-501) and CompTIA CySA+ (CS0-001).

The CompTIA Security+ certificate comes with the SY0-501 exam that is an entry-level cybersecurity certification test that consists of 90 questions that must be completed within 90 minutes. This exam validates the knowledge you had acquired during your first year as a security and an IT professional. The CompTIA CySA+ credential was introduced to bridge the skill and knowledge gaps between the expert-level CompTIA Advanced Security Practitioner (CASP) and the foundational Security+ certifications. It is a great option for those individuals who are new to IT security and it is a step up from the CompTIA Security+ certificate. CySA+ validates everything you will learn during your first four years as an IT security professional.

By earning either of these two CompTIA certifications, you will have reduced the CISSP work experience requirements by one year. You should only start with this (ISC)2 certificate if you already have an expansive infosec experience.

What you need to consider?

The decision to earn the CISSP certification or not depends mostly on your work experience, professional goals, and industry. Put the following questions into consideration:

  • Are you new to IT?

If you are completely new to IT, then it is advisable that you start with the basics and progress up to the CISSP credential. The best two certificates that will best launch your IT career are CompTIA CySA+ and CompTIA Security+.

  • Are you trying to specialize or break into management?

You should get the CISSP certification if you are looking to take the fastest route into management. Otherwise, you should consider other relevant security certificates.

  • Are you looking to secure employment with a company that values CISSP highly?

You should definitely get the CISSP credential if you are in government. Otherwise, you should first consider whether getting this certification will help you achieve your professional and career goals. There are a number of IT certificates that can actually serve you better, for example, GIAC GSEC or Cisco CCIE Security.


The consideration of obtaining (ISC)2 CISSP requires a detailed understanding of facts surrounding this certification, its benefits, and the value of other available certificates. With its fast-growing security community, CISSP should be one of the major considerations. With more than 20,000 communities worldwide, taking this credential means that you will have in-person and online opportunities to connect with your peers, network, and learn everything that is relevant to cybersecurity. Of course, every (ISC)² certification comes with these benefits. However, if you want to be a part of the cybersecurity community and you are already considering pursuing CISSP, it will be an ideal option.