Certified information system security professionals are computer professionals who ensure the security of computers and networks for an organization. They have received the Certified Information Systems Security Professional (CISSP) certification. These professionals have an annual salary range of about $60,000-$229,000.
CISSPs are trusted with maintaining a secure information system, but their daily duties may include specialty tasks, such as designing security features, testing programs or managing security compliance, along with duties related to computer forensics and cryptography. The International Information Systems Security Certification Consortium, Inc. (ISC2) administers the CISSP credential, which is accredited by the American National Standards Institute (ANSI). The credential meets the standards of the International Organization for Standardization (ISO). It is recognized around the world, and it may possibly provide the holder with career advancement opportunities.
Candidates must supply answers to questions concerning their background and criminal history. They must have at least five years work experience in two or more domains, such as access control, cryptography or operations security, out of ten contained in the CISSP content body of knowledge (CBK). In addition, candidates must affirm that the information they provided regarding professional experience is true and that they will follow ISC2 ethics code. Lastly, they must pay an exam fee. The CISSP examination is six hours long (9 a.m.-3 p.m.) and consists of 250 multiple choice questions.
Individuals without the required amount of experience may take the exam to become an associate. Associate status is good for six years, allowing the individual to acquire the necessary experience after which he or she can send in the endorsement document to become certified.
Certification requirements to become a CISSP include passing CISSP exam, submitting a resume and endorsement form, as well as an audit of their professional experience (if required). A candidate must find another certified professional who can verify a candidate's work experience to fill in and submit the endorsement form. The certified professional must be in good standing and have active ISC2 certification.
Information systems security is a rapidly evolving field, so strict CISSP maintenance requirements ensure that practicing CISSPs keep their knowledge of the field current. Certification must be renewed every three years. Candidates must pay a fee and earn 120 continuing professional educations (CPEs) within the three years (minimum of 20 per year). CPE requirements can be met through attending seminars, webinars, classroom courses or online training, as well as publishing papers, volunteering for IS-related work and giving training in security.
Associates must earn at least 20 CPEs for every year that they remain associates. They must also pay a fee.
ISC2 offers CISSP concentrations in architecture, engineering and management to CISSPs in good standing. Architecture focuses on the construction or design of a security plan. The engineering concentration was developed under cooperation with the U.S. National Security Agency (NSA) and focuses on integrating security measures into information systems, applications and projects. The management specialty includes project and risk management, along with maintaining security policies and compliance.
Each concentration requires CISSPs to pass an additional examination, and the architecture and management concentrations require at least two years professional experience in those respective areas. As information security advances, developing specialized knowledge may give CISSPs more control over their career path. To maintain certification in a concentration, one must pay the fee and earn 20 CPEs (part of the 120 CPEs) in his or her concentration area.
The U.S. Bureau of Labor Statistics (BLS) reports that employment for information security professionals should rise by 32% over the 2018-2028 decade, which is considerably faster than the average for all occupations. As companies expand their databases and measures to keep sensitive information secure, CISSPs may have the opportunity to choose from a wide range of employers, such as retail companies, the healthcare industry or government agencies.
According to PayScale.com, most security engineers with the CISSP credential earned $60,000-$229,000 per year as of September 2019. A CISSP credential is often a requirement for higher-level positions.
Certification can be attained in either engineering, architecture or management. Certification requirements include passing an exam, submitting a resume, submitting endorsements by members in good standing, and possibly an audit of work experience. These positions are in demand with a rapidly growing job outlook.