The Certified Information Systems Security Professional (CISSP) is a prestigious and globally recognized certification for cybersecurity professionals. Offered by ISC2, it covers a broad range of cybersecurity topics, giving professionals a wide yet comprehensive industry education.
To remain qualified, professionals need to pay an annual maintenance fee, and earn a quota of Continued Professional Education (CPE) credits.
Becoming CISSP certified is a significant cost and time commitment. The exam is notoriously challenging to pass, leading many prospective candidates to ask: is the CISSP worth it? And will it remain so as the industry evolves?
In this post, we’ve explored whether the CISSP is worth pursuing as a professional, and whether it’s still valuable from the perspective of a hiring manager. We’ll also look at how ‘future-proof’ the qualification is, and how important it may be considered in the years to come.
Some sources suggest that the pass rate for the CISSP exam is as low as 20%, while others place this closer to 60%. ISC2 does not publish official figures for this, making it hard for candidates to draw meaningful conclusions about their chances.
While this pass rate makes the whole prospect of the CISSP more daunting, it’s a plus for hiring managers looking for the very best candidates; not only can they trust that the candidate has relevant hands-on experience and training, but they can also be confident that they’re a top performer. Simply put, it’s a shortcut to trusting the extent of the candidate’s technical ability and grounding experience.
But, of course, it doesn’t tell the full story. Curiosity, collaboration, problem-solving, speed, ability under pressure, people management… these are all qualities and skills that the CISSP doesn’t measure so effectively.
It’s essential that hiring managers don’t become ‘dazzled’ by a CISSP certification, affecting their impartiality in other areas, or encouraging them to bypas other parts of their hiring process.
The exclusivity and robust content of the CISSP make certified candidates more desirable, and this generally translates to better career prospects after completing the exam.
However, passing the exam and maintaining your qualifications both require a significant time and money investment.
The CISSP exam costs $749, and CISSP membership is $135 per year to renew. If you wish to take a training course in the leadup to the exam, this is an additional $2,000 to $5,000.
You will also have to build up 120 Continued Professional Education (CPE) credits every three-year cycle, proving you have spent time honing your skills as a professional (outside of work) and staying abreast of the latest developments in our industry.
As an example, you can earn CPR credits through:
Even maintaining your CISSP certification is no easy task. This only serves to make it more credible in professional circles – but candidates must be willing and able to invest the time.
From a financial point of view, professionals seem to agree fairly unanimously that the CISSP is worth it, and that they were quickly able to recoup the cost of the exam and maintenance fees.
A subreddit titled ‘How worth it is the CISSP?’ is full of success stories.
“I was studying for my CISSP while slowly being hired. I was offered the job a week after I told them I had passed. I went from around 40k to 92k.”, writes one Reddit user. “Personally, I think it's just because I'm awesome, but the CISSP may have contributed in some minute fraction of a way.”
“The instant I put my CISSP on my LinkedIn and resume my inbox got BLOWN UP. Even in this current job market.”, writes another. “Got a new job with 30% raise, way better benefits, the works. Inbox is still getting blown up.”
But it’s not all success. For some professionals trying to move into cybersecurity from an adjacent career path, their lack of hands-on experience within cybersecurity specifically meant they still had trouble securing a cybersecurity role after qualification:
“After 10 years of IT experience, I got my CISSP along with a sec plus”, writes one. “Still get told I don’t have enough experience for cyber, so I went back to SA lol. I get tons of interviews tho!”. It was one of the most upvoted posts within the subreddit.
The CISSP is officially updated every three years to reflect changes within the industry, and ensure it’s still equipping candidates with the skills needed within the workplace. This is a big update that impacts the structure and weighting of the exam, and smaller updates may be made more frequently than this.
The CISSP is a highly respected and internationally recognized certification which has helped professionals improve their earnings and job prospects. But will it remain as valued as it is currently?
We have a few thoughts on how this could theoretically play out.
Cybersecurity is a fast-growing industry, and there have historically been too many jobs to go around. But as AI agents become a more useful tool, and companies continue to look for smarter ways to allocate stagnant budgets, the number of entry-level jobs may be reduced. This might lead to more candidates taking the CISSP to improve their chances against the competition and for more job roles to make this a requirement.
An increasing number of CISOs do not have a technical cybersecurity background; their role has shifted, becoming more about liaising with boards and fostering a culture of security and productivity than having hands-on knowledge and experience. It’s not at all unheard of for a CISO to not have the CISSP qualification – something that would have been more surprising only a few years ago.
The CISSP provides a very broad education in cybersecurity, and this has been a core selling point of the qualification. But will that remain the case?
With the threat landscape expanding and new technology emerging at pace, it’s unrealistic to expect one person to know enough about every area of cybersecurity. We believe the future lies with specialists rather than generalists, which could see field-specific qualifications gain more weight.
Just like the CISSP, Sentinel Guild is here to offer a shortcut to skilled and qualified professionals. The specialists within our network have been carefully interviewed, vetted and tested by us, allowing you to fill gaps within your organization at speed – whether you need specialist AI consultation or rapid support following a security breach. Find out more.
Subscribe to receive the latest blog posts directly to your inbox every week.
By subscribing, you agree to our Privacy Policy and Terms of Service.