Roadmap to Success: CISSP
The ISC2 Certified Information Systems Security Professional (CISSP) certification has been a gold standard in cybersecurity for decades. It proves that you don’t just understand security—you can build and lead entire security programs that protect organizations from today’s most complex threats.
If you’re looking to move into senior cybersecurity, risk management, or leadership roles, earning your CISSP is one of the smartest moves you can make.
Let’s walk through what’s changed with the certification, what to expect on the exam, and how to plan your path to success.
What is the ISC2 Certified Information Systems Security Professional (CISSP)?
The Certified Information Systems Security Professional (CISSP) credential is an advanced certification designed to validate the skills and abilities of individuals with proven deep technical and managerial competence, experience, and credibility. It recognizes their ability to design, engineer, implement, and manage information security programs to protect organizations.
The CISSP tests learners' competence in eight domains:
Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security
Who Should Earn the CISSP?
The CISSP isn’t an entry-level certification. It’s designed for experienced security professionals ready to prove their advanced skills. You’ll need at least five years of cumulative, paid, full-time experience in two or more of the eight CISSP domains. You can substitute one year with a four-year degree or an approved credential.
If you haven’t yet met the experience requirement, you can still take the exam and become an Associate of ISC2 while you work toward the full credential.
Typical CISSP candidates include:
Security analysts and engineers looking to move into leadership roles
IT managers responsible for security governance and compliance
Network and systems engineers who want to expand into cybersecurity architecture
Consultants and auditors focused on risk and security program design
What’s New With the CISSP Exam
The CISSP has evolved to keep pace with modern security challenges. The most recent update took effect in 2024. While the eight domains remain the same, there were some minor adjustments to domain weights and the exam format.
Key updates to the CISSP include:
New, Shorter Exam: The old 6-hour, 250-question format is gone. The CISSP now uses Computerized Adaptive Testing (CAT). This means the exam adjusts its difficulty in real time based on your answers, ending once it’s confident about your skill level—so you’ll answer fewer, but more targeted, questions.
Content Tweaks: ISC2 updated tasks and subtopics to reflect evolving technologies, governance models, and security practices. The Security and Risk Management domain increased slightly from 15% to 16%, while Software Development and Security dropped from 11% to 10%.
These updates make the exam more streamlined while keeping the focus on real-world security leadership.
CISSP Exam Details
The CISSP exam is demanding. Not only must learners demonstrate their experience in order to qualify for the opportunity to sit for the exam, but they also must demonstrate real endurance through the 3-hour, 100+ question exam experience.
Prerequisite Experience: Minimum of five years of cumulative paid full-time work experience in two or more of the eight domains.
Length: Up to 3 hours
Questions: 100 to 150 (a mix of multiple-choice and “advanced innovative items” such as drag-and-drop or hotspot questions)
Passing score: 700 out of 1,000
Exam Registration: CISSP website
How Much Does the CISSP Exam Cost?
Earning your CISSP takes more than dedication—it also comes with a few financial commitments. The exam fee is $749 (USD), which covers your registration and one attempt at the test.
Once you pass, you’ll also need to maintain your certification with an Annual Maintenance Fee (AMF). As of 2025, the AMF is $135 per year. The good news? The AMF covers all of your active ISC2 certifications, not just the CISSP.
It’s also smart to budget for a few optional costs:
Rescheduling your exam: $50 if you need to change your test date.
Study resources: Depending on your approach, costs can vary—from free community resources to paid courses or bootcamps that provide structured guidance.
In total, you can expect to spend around $884 in your first year (the exam fee plus your first AMF payment), followed by $135 each year to keep your certification in good standing.
CISSP Recertification
ISC2 credentials are valid for three years from the date of certification. To maintain a credential, learners also must earn Continuing Professional Education (CPE) credits. Learn more about maintaining a credential on the ISC2 website. Please note that ISC2 requires annual maintenance fees (AMFs) and CPEs.
The Next Step
The CISSP is an advanced security credential. It can serve as a building block to prepare learners to continue with ISC2 certifications by earning CISSP Concentrations, including:
Often, learners working in security-related fields will have a diverse certification portfolio that might include:
CCNA Security: Made up of two exams: ICND1 and IINS
CCNP Enterprise: Made up of 350-401 ENCOR and one concentration
Certified Ethical Hacker: Made up of the EC Council Certified Ethical Hacker v13
ISACA CISM: Made up of one exam, the ISACA CISM
CompTIA Security+: Requires just one exam, the CompTIA Security+
Career Considerations
Payscale.com reports that employees holding a CISSP credential earn between $90,000 and $160,000. Typical roles or titles for individuals holding a CISSP include information security analyst, information security manager, IT security architect, information security officer, and security engineer.
The ISC2 CISSP certification meets the requirements for DOD 8750 and/or DOD 8140 baseline certifications for IAT Level III, IAM Level II, IAM Level III, IASAE Level I, and IASAE Level II, qualifying learners for Department of Defense jobs and contract work for the U.S. federal government.
ISC2 Credential Pathways
Unlike many IT industry certification vendors, ISC2 credentials rely heavily upon learners' experience rather than on traditional prerequisite exams or certifications. Using years of experience as a means of direction, ISC2 has developed a helpful credential guide. Generally, ISC2 credentials are broken down as follows:
Less than one year of experience:
1-2 years of experience:
Four years of experience:
Five or more years of experience:
Certified Information Systems Security Professional (CISSP)
CISSP concentrations:
Three years of experience with a degree or six years of experience without a degree:
While ISC2 credentials do not have traditional prerequisites, learners must demonstrate the required experience before they are permitted to sit for an exam. A learner's experience must be proven and aligned with the ISC2 Common Body of Knowledge (CBK) domains.
Typically, learners advance through the credentials in a chronological order according to their experience in the industry. However, learners can enter into the credential process at any stage of their careers. So, it's common for learners to attempt their first ISC2 credential at the CISSP level or beyond.
Ready to Start Studying for CISSP?
Earning a CISSP credential is a significant step in one's IT career, proving advanced skills, abilities, and knowledge. Working to gain the CISSP is a significant commitment with the potential for substantial rewards.
delivered to your inbox.
By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.