Is the CISSP Certification Still Relevant in 2023? Find Out!
Written on
Chapter 1: The Value of CISSP Certification
Is the CISSP certification still a valuable asset in 2023? Spoiler alert: Absolutely!
Photo by RAMSHA ASAD on Unsplash
The Certified Information Systems Security Professional (CISSP) stands as one of the most recognized certifications in cybersecurity, often referred to as the “gold standard” in information security. In recent years, however, there has been some criticism directed at cybersecurity certifications in general. Senior professionals in the field often dismiss these “paper certifications,” arguing that they do not genuinely reflect an individual's qualifications. It's become somewhat fashionable to forgo certifications altogether.
While I understand some of the critiques—particularly about individuals who pursue multiple certifications without practical experience—there's a misunderstanding about the CISSP. It is often unfairly included in this backlash, primarily from those who do not fully grasp its significance or what it represents.
Section 1.1: Understanding the CISSP Certification
Let's clarify what the CISSP certification entails. According to the exam outline, the CISSP validates a professional's extensive technical and managerial expertise necessary for designing, engineering, and managing an organization's security framework.
The CISSP's Common Body of Knowledge (CBK) encompasses eight domains:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
In addition to passing the exam, candidates are required to possess five years of work experience in one of these domains; otherwise, they are classified as associates of (ISC)². This exam is comprehensive, covering a wide array of cybersecurity topics, and (ISC)² has done an admirable job of keeping the content relevant.
I personally passed my CISSP exam back in 2005 and can attest to the evolution of topics within the certification over the years.
Section 1.2: Common Misconceptions about CISSP
Critics often voice several common objections about the CISSP:
- Focus on Concepts Over Technical Skills: Detractors argue that the CISSP only covers broad concepts and lacks technical depth. However, the certification is designed to be vendor-neutral, focusing on principles applicable across various technologies.
- Not an Expert in Specific Areas: Critics claim that the CISSP does not make one an expert in any particular field. While it covers extensive cybersecurity domains, the certification aims to provide a foundational understanding, leaving specialization to the individual's choice.
- High Costs: Yes, the financial burden of obtaining and maintaining the CISSP can be significant. However, some employers offer reimbursement for these expenses.
- Breaches Involving CISSPs: It's essential to recognize that having a CISSP does not guarantee protection from cyber threats. Just as companies with PCI DSS or ISO certifications can still face breaches, the CISSP is not a foolproof safeguard.
- Experience Matters Most: This is entirely true. The requirement for five years of experience is crucial. Even with a CISSP, candidates must be evaluated during interviews to ensure they meet specific needs.
CISSP combined with relevant experience is what ultimately establishes credibility, which varies from person to person.
Chapter 2: Insights for Employers Hiring CISSPs
Most criticisms aimed at the CISSP can apply to any certification. A significant issue lies in hiring managers' perceptions; they may mistakenly equate the certification with expertise.
It's important to understand that the CISSP is not a “silver bullet” that resolves all cybersecurity challenges upon hiring. However, dismissing its value is equally misguided.
A team of skilled penetration testers might lack the capability to create a strategic cybersecurity roadmap or execute a risk management program—areas where CISSP professionals excel.
There’s a reason the CISSP maintains its prestige in the industry: it has consistently produced capable professionals over the decades.
Why Pursue CISSP Certification in 2023?
Having achieved CISSP certification in 2005, I was among the few in my country at that time. Back then, holding a CISA or a CISSP conferred a certain prestige, with consulting firms eager to recruit you.
While the landscape has changed, and competition is fierce due to tech layoffs, it’s essential to consider that while a CISSP might not confer a significant advantage, not having one could hinder your chances during initial screening by HR.
Prepare for the CISSP exam and focus on gaining hands-on experience to enhance your CV. Regardless of differing opinions, the CISSP remains a prestigious certification and a valuable stepping stone toward future leadership roles in cybersecurity.
Wishing you success in your cybersecurity career in 2023!
Taimur Ijlal is an award-winning information security leader with over twenty years of international experience in cybersecurity and IT risk management within the fintech sector. Connect with Taimur on LinkedIn or visit his YouTube channel, “Cloud Security Guy,” where he shares insights on Cloud Security, Artificial Intelligence, and career advice in cybersecurity. Interested in cybersecurity career coaching? Reach out to him directly.
Learn more about stories from Taimur Ijlal and other writers on Medium for just $5/month by signing up through the provided link.
In the video titled "Is CISSP Worth It in 2023?", Taimur Ijlal discusses the ongoing relevance of the CISSP certification in today's job market and its implications for career advancement in cybersecurity.
In "Pass the CISSP Certification Exam in 2023 - Tip #1," Taimur shares valuable strategies and insights for successfully passing the CISSP exam, emphasizing the importance of preparation and practical experience.