ISC2 · Generalist · Senior

CISSP — Certified Information Systems Security Professional

The benchmark senior cybersecurity certification. CISSP signals you can lead security across all eight CBK domains and is the most-requested cert in CISO and security-architect job ads worldwide.

// exam format
125–175 adaptive items (CAT), 4 hours, scaled score 700/1000 to pass
// cost
≈ £600
// prerequisites
  • 5 years paid full-time experience across 2+ CBK domains
  • Or Associate of ISC2 path while accumulating experience
CISSP is a vendor-neutral, management-leaning certification for senior practitioners with at least 5 years of paid full-time work across two or more of the 8 CBK domains. It is the de-facto credential for security architect, security manager, and CISO roles, especially in regulated industries (finance, healthcare, defence). The exam tests breadth over depth — you are expected to think like a manager who understands the underlying technical controls, not like a hands-on engineer debugging a firewall rule. ## What the exam covers - Security and Risk Management - Asset Security - Security Architecture and Engineering - Communication and Network Security - Identity and Access Management (IAM) - Security Assessment and Testing - Security Operations - Software Development Security ## Prerequisites - 5 years paid full-time experience across 2+ CBK domains - Or Associate of ISC2 path while accumulating experience ## Study plan Plan 3–6 months. Sybex Official Study Guide + Official Practice Tests for breadth; Destination CISSP MindMaps for recall; Pete Zerger's 50-question YouTube series for exam pacing. Drill 100 questions/day in the last 4 weeks; never sit the real exam below 80% sustained on Boson or QE. ## Cost (UK 2026) Exam fee approx. £600 (vendor list price; bundles + corporate discounts vary). ## Format 125–175 adaptive items (CAT), 4 hours, scaled score 700/1000 to pass

Frequently asked questions

Is CISSP worth it in 2026?

Yes for senior generalists, architects, GRC leaders, and anyone targeting £80k+ roles. It remains the most-cited cert in UK and US senior security job adverts and is mandatory for many DoD/UK MoD roles via DoD 8570/8140 / SFIA.

How hard is the CISSP exam?

Pass rates hover around 50% for first attempts. The difficulty is conceptual — the CAT engine penalises pattern-matchers and rewards risk-management thinking. Most candidates fail because they over-rotate to technical depth and under-rotate to 'what would the CISO recommend?'

CISSP vs CISM — which should I take first?

CISSP if you sit closer to architecture / engineering and want vendor-neutral breadth; CISM if you sit closer to governance, programme management, or audit. Many senior leaders eventually hold both.

Can I take CISSP without the experience?

Yes — pass the exam and you become an Associate of ISC2 with up to 6 years to accumulate the required experience before full certification.

Practice CISSP — Certified Information Systems Security Professional interview questions

Run AI-graded mock interviews keyed to the CISSP — Certified Information Systems Security Professional body of knowledge.

Start free
// related
security-architectcisosecurity-engineergrc-analystframework · iso-27001framework · nist-csf