Is the CISSP Certification Worth It? Requirements, Exam Costs, and Salary

The Certified Information Systems Security Professional (CISSP) certification proves you can design, implement, and manage large-scale cybersecurity systems. The CISSP certification is often considered the industry’s gold standard — trusted and recognized worldwide by many government sectors and companies.^[5]

If you’re interested in furthering your career in cybersecurity, you may want to consider whether an advanced degree — such as a master’s in information systems security — or a certification may be the most valuable.

This report covers an overview of the CISSP certification, including certification costs and requirements, projected salary, and the pros and cons of taking the exam.

Prospective test-takers should budget for exam prep costs, ranging anywhere from a few hundred to a few thousand dollars. Whether you decide to take a course or purchase self-study materials, make sure that you use the most up-to-date materials.

The nonprofit International Information System Security Certification Consortium (ISC2) runs the CISSP exam. ISC2 offers an online, instructor-led, self-paced training program that costs around $1,000.^[6] ISC2 also offers an in-person, classroom-based course, taught by an authorized instructor.

However, ISC2 is not the only option. Many organizations have their own prep courses. ISC2 is also one of the most globally recognized accreditation companies, endorsed by industry, academic, and government authorities, including the U.S. Department of Defense (DoD).^{Note Reference [5]}

How much time you will need to prepare for the exam will depend on several factors, but 90-180 days may be a comfortable timeline for preparation.

The CISSP certification exam costs $749. It costs another $50 to reschedule and $100 to cancel.^{Note Reference [2]}

Certified individuals must pay an annual $125 to ISC2.^[7] They must also take 120 continuing professional education (CPE) credits every three years to meet the recertification requirements and maintain their credentials.

According to Payscale, the average base salary for someone with a CISSP certification was $127,000 as of February 2024.^{Note Reference [3]}

Some of the jobs that showed the greatest percent increase in salary with the CISSP certification included security consultants (+26%), cyber security analysts (+24%), and information security analysts (+24%).

The Bureau of Labor Statistics (BLS) projects jobs in information security will grow 32% from 2022-2023 — much faster than other computer occupations (14%) and all other occupations overall (3%).^{Note Reference [4]}

This 32% bump translates to approximately 16,800 openings for information security analysts per year over the next decade.

Is the CISSP certification right for you? Preparing for and taking the CISSP exam is a hefty investment — in cost and time. Consider the following pros and cons.

In the words of Casey Marks, ISC2’s Chief Qualifications Officer, it can only help.

Why? Because the CISSP certification offers quantifiable credibility, setting a job candidate apart from the pack by signaling to prospective employees that they have the technical skills, experience, and ability to lead an organization’s security program, Marks said.

She added that in contrast to another degree, the CISSP certification is the only credential that demonstrates to employers and the public that a cybersecurity practitioner is assessed against the highest professional standards and ongoing maintenance requirements in the industry.

Plus, since the certification is targeted toward those with at least five years of relevant work experience, Marks argued it can be a deciding factor for someone looking for a mid- to senior-level role.

We also spoke with individuals with the certification to see what they had to say about the value of their credential.

Fred Kim, a senior security program manager and recent hire, told BestColleges that their CISSP certification came up during the job interview process, but it wasn’t necessarily the reason they were hired.

I have definitely been asked about my certificates [in] my interviews, Kim said. However, I don’t believe I was selected based on my certificates. It was mainly about specific experiences and if I took the time to learn material that can be applied.

It helped for sure, but it’s only one out of many factors that get people hired, he added. I also heard that some recruiters search for certificates in LinkedIn to weed out individuals for roles.

Ibrar Bashir, an IT cybersecurity specialist for the U.S. Department of Homeland Security disagreed, saying that the CISSP certification did not help him get hired.

[The CISSP certification] was not a factor in my current role nor my previous role, he said. I don’t see it helping me in future roles either.

While the certification did not land him his job, Bashir added that it was still a good way to challenge myself and just get another industry standard under my belt.

The CISSP is not the only cybersecurity certification. Depending on your experience and intended career path, it may make more sense for you to pursue another certification.

For example, the Certified in Cybersecurity (CC) certification is intended for entry- and junior-level positions. In contrast to the CISSP exam, the CC exam is two hours long and primarily graded on security principles (e.g., confidentiality, integrity, availability).^[12]