Is a CISSP worth it?

By BussTechno | BussTechno | 4 Mar 2021


Welcome everyone to the BussTechno inaugural post. 

I want to start out this blog by dealing in something a bit different than the BTC and crypto related posts that dominate this site.  Not that I don't enjoy reading about blockchain, defi, coins, and tokens- I just don't have the amount of expertise that many here do.  (Eventually I will share my morbid story of the lost bitcoin I mined in 2009, but I'm still not over that) What I do have experience and knowledge in is IT security & management, applications, and hardware.  In fact, I have several pieces of quality paper that tell me how great I am at taking tests and accumulating pretentious acronymical post-nominals. 

So for the reason you paused to look into this post- Is it worth your time to pursue a CISSP?


disclosures:  I am a CISSP; ISC2 member 688278. I do not work for ISC(2) and have no other affiliation than professional certification and membership.  There are NO affiliate links in this post. I have consent to use ISC(2) logos and materials.

If you want to stop reading now because you are already bored, have ADHD, or easily distracted like I am- the short answer is, "yeah, pretty much". However if you want to know the pro's and cons I'll dig a little deeper.


Recognition: Few professional IT certifications carry the weight that a CISSP does.  It is one of the most globally recognizable management level cybersecurity certs.  Employers understand the stringent requirements of certification such as: a CISSP is required to have 5 years paid experience in at least two of the domains, 120 hours of applicable continuing education credits every three years, and validation that an employee or applicant has the desired skillset and expertise in the field.

Salary: It varies depending on geographical location, company, and position but generally certificants have a higher average salary.  You can check out these statistics from the Infosec Insitute.

Support: ISC2 does a good job of offering professional development courses, webinars, networking, and local chapters to keep you up to date and marketable in your field. 

Cost: You will see this in both the PROs and CONs.  Compared to other entities, like the SANS Institute,  the overall cost for training and certification is less expensive and arguably more recognizable by IT Management & HR personnel. 


Difficulty: ISC2 does not publish testing statistics, so the the pass rate varies depending on the poll conducted.  There seems to be a general internet search consensus that the pass rate falls in the 40-60% range with a majority of respondents concluding that the CISSP is purposely hard.  I personally found this to be the most difficult cert exam I have ever taken.  Questions were often vague with best-answer available, meaning you would have multiple correct answers and you had to choose the best one based on the given scenario.  Additionally, the scope of the program is very broad- in your study material you will cover 8 separate domains and are expected to have a comprehensive understanding of all of them. 

HR Recognition: Because of its long track history (over 25 years) it has been used as a baseline certification by HR personnel that do not fully understand the requirements of the position they seek to fill or of the certification.  Anecdotally, I cannot express the countless times I have seen entry level or intermediate held desk positions written by a human resources professional include CISSP as a job requirement.  DYOR and lookup "entry level CISSP" on your favorite job board site.

General IT Management: The CISSP is geared towards general IT Management & Security.  They do have more specialized certifications, but you must go into this study program and exam with the understanding that the material is from a management perspective.  This isn't necessarily a CON as long as you mentally prepare your understanding of how the material and exam will be focused.

Cost: Exam fees cost $699 USD.  You can do ISC2 sponsored self study courses or you can attend various boot camps throughout the world.  Self study books are about $60 USD on Amazon. It is around %50 more expensive than the cost of CompTIA's CASP+ running at $466 USD for a voucher and considerably more expensive than entry level certs. Still, it comes down to a cost/benefit analysis.

"So What?"

Like everything in this world- it is dependent on your individual goals, effort, and sacrifices.  CISSP certification can definitely open doors and lead to a higher average salary but you must be willing to put in the effort to study, learn, and maintain proficiency in your field.  For me personally, certification was definitely worth pursuing as it has helped me stay ahead of my peers in the IT Management field.  The required 120 hours of CEUs (continuing education credits) also ensure I stay updated and proficient.  If you are interested in becoming a CISSP, CISSP-Associate, or already are a member leave a message below and tell me your thoughts on ISC2's program.  Thanks for reading and I hope to see you soon!


How do you rate this article?



Technologist, libertarian, and jpegs


I write about Technology, Crypto, and JPEGs. If I write about it and own a position- I will disclose it. *For entertainment only*

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.