First of all, job positions that require the professionals to have this (ISC)² certificate are usually paid superbly. An individual with this credential can make an average of six-figure remunerations per annum but it depends on his/her location. Additionally, there is no lack of job roles for the security specialists, which means there is always an opening that you can fill when you have such a certification. For instance, it is estimated that there will be approximately 2 million extra security positions that will require the IT experts to fill them. Of great importance is the number of people who will fulfill these roles, and this is where a strong consideration for CISSP comes in. No doubt, this is a good reason to pursue this certificate but you shouldn’t jump right into it without putting some facts into consideration.

Below we share some objective views on choosing the CISSP certification as your goal.

• CISSP requires paid work experience

Your work experience will showcase whether you should strive to pursue this credential or not. For instance, if you are just starting out in the sector of information security, you won’t be able to do it. This doesn’t mean that if you take the exam, you won’t pass it; it is all about the prerequisite for pursuing this (ISC)² certification. You should have more than 5 years of paid work experience to qualify for this certificate. It is essential to point out that you can actually shorten the time by one year. However, you have four years to contend with, and nothing can be done about it. You just have to wait before you can attempt the CISSP certification test.

There are some other options that the professionals who starting out in the security field can consider. For those who want to earn their first job in the security field, CISSP is not the point to start. At this stage, you should seek to validate your basic skills. CompTIA Security+ and CompTIA CySA+ are two certificates you can consider to confirm your knowledge and skills, as well as increase your chance of landing an entry-level position.

CompTIA Security+ is an entry-level cybersecurity credential that requires a single exam. It is made up of about 90 questions, which must be completed within 90 minutes. The test is created to validate the candidates’ knowledge and skills in basic IT and security domains. CompTIA CySA+ is also an excellent choice for an entry-level IT security specialist. This credential was introduced in 2017 by CompTIA, and it was developed to bridge the gap between the skills required for the foundational CompTIA Security+ and the expert-level CASP+ certificates. You can continue to pursue CISSP after earning either of these certifications. However, you have to fulfill the requirements for years of experience before you obtain it.

• CISSP is great if you want to take up government jobs

For the professionals trying to get a job position in the government, CISSP is a great credential option. It satisfies the IA baseline certification requirements for taking up job roles in this realm. The baseline certificates for the government employees possess four different categories, including IAT, AIM, CSSP, and IASAE. (ISC)² CISSP takes its place in these categories, which means it is a great certification option for those individuals who want to get a government job title.

• CISSP requires recertification

This is actually a great thing because it helps you consistently update your skills so as not to become obsolete. To renew your certification, you have to earn the CPE credits, which are quite easy to achieve. Every 3 years, you have to submit at least 90 Group-A CPE credits, as well as the additional 30 Group-A or Group-B CPE credits to retain your credential. There are different educational activities that make up for these CPE credits. You earn one credit for each hour you spend learning. Some educational activities you can engage in include reading of whitepapers, books, or magazines; attending educational courses, presentations, seminars, or conferences; publishing a whitepaper, an article, or a book. You can also earn the credits by preparing to train or present information associated with information security; volunteering for charitable organizations, public sector, and government; performing special project-related work outside your normal work responsibilities; taking higher academic training courses. Generally, if you learn the topics covered in the eight security domains, you can claim the CPE credit hours. Of course, they should be not within your standard job activity. With an average of 40 CPE credits every year, you can easily meet up with the recertification requirements.

Please note that the Group-B credits cover the general professional and development activities that the certification holders may engage in. These include anything that is not within the scope of the security domains. Additionally, the activities that qualify for the Group-A CPE credits can also be used for the Group-B ones.

Conclusion

Your choice of obtaining the CISSP certificate will be determined by your professional goals, industry, and work experience. If you want to break into the information security field, this (ISC)² certification is the ideal choice. However, if you are an entry-level professional, it will not be a good starting point because you don’t have the prerequisite experience for it at this stage. Instead, you should pursue either CompTIA Security+ or CompTIA CySA+ to begin your journey in the world of information security. With experience you will earn, you can proceed to pursue the CISSP credential. This will be a good foundation for your future career path.

1. Security and Risk Management (e.g., Security, Risk, Compliance, Law, Regulations, Business Continuity)
2. Asset Security (Protecting Security of Assets)
3. Security Engineering (Engineering and Management of Security)
4. Communication and Network Security (Designing and Protecting Network Security)
5. Identity and Access Management (Controlling Access and Managing Identity)
6. Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
7. Security Operations (e.g., Foundational Concepts, Investigations, Incident Management, Disaster Recovery)
8. Software Development Security (Understanding, Applying, and Enforcing Software Security)

According to ISC, the CISSP exam is being updated to stay relevant amidst the changes occurring in the information security field. Refreshed technical content has been added to the Official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. Keep in mind that some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. ISC believes that the new CISSP exam will better reflect the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s information security program within an ever-changing security landscape.

Although the blueprint has gone down from 10 domains to 8, don’t be tricked into thinking that the exam has gotten easier – it’s not. The topics have been rearranged and refreshed, and the amount of information candidates should be proficient with has actually increased, not decreased.

The CISSP exam tests one’s competence in information security and  the (ISC)²^® common body of knowledge (CBK^®), which cover critical topics in security today, including risk management, cloud computing, mobile security, application development security and more. Candidates must have a minimum of five years of paid full-time work experience in 2 of the 10 domains. This vast breadth of knowledge and the experience it takes to pass the exam is what sets the CISSP apart. CISSP certification makes holders eligible for job functions like security consultant, security analyst, IT director, Chief Information Security Officer, and many more. CISSP certification is associated with some of the highest salaries in IT industry.

While Cisco is now redesigning and re-adjusting its Security track, it does not compete with CASP that much. The way the way Cisco and CompTIA certifications compare remains the same: Cisco certifications are vendor-based, and focus entirely on Cisco solutions and technology. CompTIA certifications, on the other hand, are vendor-neutral, and focus on the general security approaches, technologies and solutions. So, CASP’s direct competition would be CISSP (which was one of the best paid IT certifications last year by the way), and not Cisco. But before comparing CASP to CISSP further, let’s take a closer look at this CompTIA certification and the exam it requires.

CompTIA Advanced Security Practitioner (CASP) Certification And Exam

Like other CompTIA credentials, the Advanced Security Practitioner (CASP) Certification is vendor-neutral. While it does not have any formal prerequisites, it requires candidates to have 10+ years of experience. This is a way more advanced step after the CompTIA Security+ certification.

The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge. As mentioned earlier, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.

The CASP exam validates that the successful candidate has the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. Successful candidates apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.

The CASP exam consists of 80 queries covering the following areas:

• Enterprise Security
• Risk Mgmt, Policy/Procedure and Legal
• Research & Analysis
• Integration of Computing, Communications, and Business Disciplines

Detailed CASP exam blueprint can be downloaded from the CompTIA website.

CASP Vs. CISSP

So how does CASP compare to CISSP? The latter is widely recognized, and is often considered to be the global standard for security professional certifications. Many IT professionals choose CISSP as it’s perceived to carry more weight and be more popular among employers.

This is partially explained by the fact that CISSP has been around much longer that CASP, but also by the fact that the CISSP exam is much longer and significantly harder, as many experts state. CISSP exam is 6 hour long and consists of 250 queries (CASP exam consists of 80 queries and lasts 2 hours). Candidates are also required to have verified prior experience, and, after they pass the exam, they need to acquire a written authorization from someone who holds the certification and thinks they’re worthy of holding the certification.

So what are the benefits of CompTIA’s Advanced Security Practitioner (CASP) certification? The US Department of Defense has recognized CASP as certification required for its employees at a IAT-3 or IAM-2 level. While it’s evident that CISSP certification is more comprehensive and offers more knowledge about information security. Yet, CompTIA’s CASP has its clear benefits (easier and cheaper exam, no formal prerequisites, easier to obtain, no written recommendations required, etc) and can be a huge career booster for experienced IT security professionals in the government structures and business enterprises alike.

1.      PMI Risk Management Professional

Project management has grown into an independent industry, with its own professional standards. For risk management professionals, the PMI Risk Management Professional certification is one of the most recognized. It “fills the need for a specialist role in project risk management,” according to the Project Management Institute.

2.      Information Systems Security Engineering Professional (ISSEP/CISSP)

With ISSEP-CISSP being on the list of top paid IT certifications, this one shouldn’t be ignored. According to the (ISC)2 organization, the ISSEP-CISSP concentration was developed with the U.S. National Security Agency (NSA). The Information Systems Security Engineering Professional concentration “is the guide for incorporating security into projects, applications, business processes, and all information systems.” To earn the ISSEP, you must successfully pass one exam while holding a CISSP credential in good standing.

3.   MCPD: Windows Phone Developer

No IT Certification list can be complete without Microsoft, right? With the Windows Phone share in mobile market projected to grow tremendously in 2014, this is the place to grow for those interested in Mobile Development for a platform with the highest growth potential in 2014.

4. Program Management Professional (PgMP)

This is another certification from PMI with a great earnings and career development potential. Experienced project managers often pursue the Program Management Professional (PgMP) certification. “Credential holders,” says the Project Management Institute, “oversee the success of a program, grouping related projects together to realize organizational benefits not available if they were managed separately. It’s the perfect fit if you define projects, assign project managers and oversee programs.” The requirements for application include four years of project management experience and four years of program management experience.

5. Red Hat Certified Architect (RHCA)

A Red Hat Certified Architect (RHCA) has attained the highest level in Red Hat’s certification program. In order to earn the cert, applicants must successfully complete a number of other Red Hat certifications.

Now, what are you certification plans for 2014?

According to Techrepublic.com, CISSP was one of top 5 in-demand IT certifications for 2013, with salary ranging from $65,000 to $111,000. Another source states CISSP the second most paid IT certification this year, with average salary being $103,299. In case you haven’t heard much about the CISSP, let’s shed some light on it. Who knows, it may be your next step towards a rewarding career in the information security.

(ISC)² is a not-for-profit  organization that focuses on educating and certifying information security professionals throughout their careers, and its certifications are considered to be the gold standard of information security. To put it short, they’ve got the history and the experience to back their reputation of information security knowledge leaders.

CISSP is a professional level certification. To quality for it, you possess at least five years of direct full-time security work experience in two or more of the ten (ISC)² information security domains (CBK). For those holding either a four-year college degree, a Master’s degree in Information Security, or for possessing one of a number of other certifications from other organizations, one year of professional experience can be waived.

You’ll have to pass a 6-hour written exam at a Pearson Vue training center. So succeed, candidates need to reach a minimum scaled score of 700 points out of 1000 possible points. With the total of 250 multiple choice questions, the exam includes 25 experimental questions that aren’t graded.

ISC’s CISSP exam covers the following domains:

• Access control
• Telecommunications and network security
• Information security governance and risk management
• Software development security
• Cryptography
• Security architecture and design
• Operations security
• Business continuity and disaster recovery planning
• Legal, regulations, investigations and compliance
• Physical (environmental) security

Full exam outline (over 40 page PDF) is available for free from the ISC website.

Are you interested? Take a look at the ISC website, and we’ll go into more detail about this 6 hour written exam next week.