We have all heard the old adage how big surprises can come in small packages. If you are a candidate who is studying for the CISSP exam, or if you are in the early stages of considering studying for the exam, you may be surprised that at all the opportunities that are available from a single certification. However, when taken in context with the benefits of the CISSP credential, very few other certifications carry the same respect and career-boosting potential as the CISSP.
It is understandable why one might hesitate at reaching for what is often referred to as the “gold standard” of certifications. Many are initially intimidated by the broad subject matter covered by the CISSP Common Body of Knowledge (CBK), as many of the study guides exceed 600 pages. The official (ISC)² CBK textbook weighs in at a hefty 900+ pages. Others are intimidated at the intensity of the exam, as the Computerized Adaptive Testing makes every moment of the exam somewhat of a nail-biting experience. Others are also intimidated by the 5-year experience requirement, as well as the post-test endorsement process. Yet, these are minor hurdles when coupled with all that can be achieved by attaining the CISSP designation.
We recently interviewed three (ISC)² members who hold the CISSP credential, AJ Yawn, Angus Macrae and Jerome Leach, who verified the value of the certification. Each one of them spoke of all the apprehension about the process that culminated in the attainment of the CISSP designation, including the broad subject matter, the challenges of remembering all the details (particularly in unfamiliar domains), and the anxiety of sitting for the exam. After accomplishing all this, they also discovered some big surprises as a result of their efforts.
In some cases, achieving the CISSP opened the candidates up to new internal and external perspectives about themselves, the business, and the community as a whole. Internally, the broad subject matter instilled confidence, proving that no subject is beyond one’s capability to understand. Struggling to understand the unfamiliar can have a lasting effect, just as pushing oneself beyond any mental boundary results in a stronger retention of the subject.
External benefits derived from succeeding through the CISSP journey include the real-world application of concepts that are part of the CBK. In a complex and evolving business environment, cyber risks are business risks, threatening to disrupt reliable and safe operations. Cybersecurity can no longer be isolated from business operations and processes. Security models, Business Impact Analysis, and other practical requirements in a security operation help align cybersecurity practices with business processes and are an essential part of the CISSP curriculum.
The CISSP experts we interviewed agree that cybersecurity is far more than just ones and zeros. It involves governance, management, and understanding people. These are not just topics for academic discussion or theory. Being able to achieve a corporate wide buy-in on the necessity of cybersecurity to business success and prosperity is of the utmost importance. The recent pandemic crisis underscored just that.
However, being a cybersecurity professional, you are often challenged with ethical dilemmas in your day-to-day job. Our guests discussed that the CISSP process, and (ISC)² in general, adhere to the highest ethical standards. This equips the CISSP candidate with tools that transcend technical analysis, looking deeply at the human side of the profession.
This is especially important considering that cyber-physical attacks can harm the health and safety of people and communities. With the level of digital technology penetration into critical infrastructures, like oil and gas, electric utilities, water supply, and the healthcare sector, it is frightening to realize what the consequences of a cyber-attack might be. Protecting “society, the common good, necessary public trust and confidence, and the infrastructure,” is the core of the (ISC)² Code of Ethics and is a vital element of cybersecurity.
The diversity of use cases and the need to secure various organizations, across different industries and cultures requires a tailored approach to cybersecurity. While there are well-established security best practices, it is far from true that there is a panacea. The broadness of the CISSP CBK also expands into actual value by teaching that the standards and frameworks are adaptable to all industries, and which model is the appropriate choice for a specific initiative. This ability to discern results in a more well-versed professional.
One of the biggest surprises that is derived through the CISSP is not included at all in any of the training materials. That is the inclusion in a community of like-minded individuals. (ISC)² encourages, and even offers the opportunity for its members to create an (ISC)² professional chapter if one does not already exist in the region. This expands a person’s professional network, which can be a powerful tool in the business community.
It starts to become clear that, for all the effort, it certainly seems well worth it. The educational value of the CISSP CBK is significant in developing a more seasoned security approach. This is recognized in professional settings, and possessing the CISSP credential has been shown to result in higher salaries, as well as professional advancement.
Our interviewees had more to offer than what is shared in this article. We encourage you to join us for our upcoming webinar, CISSP: Tales of the Unexpected to hear their joy, enthusiasm, and their tales of the unexpected surprises that will encourage you take that next step towards achieving the CISSP designation. The big surprises offered by the big challenge of accomplishing the CISSP credential are clear. It is one of the best things a cybersecurity professional can do, not only individually, but for the entire profession.
Join us for CISSP: Tales of the Unexpected on Tuesday, September 21st at 1pm featuring CISSPs AJ Yawn, Angus Macrae and Jerome Leach with Brandon Dunlap as moderator.
To discover more about CISSP read our whitepaper, 9 Traits You Need to Succeed as a Cybersecurity Leader.