Through the years, there have been various programs and tests put in place to help us succeed in our careers. Have you ever wondered if you should bite the bullet and become certified? Business professionals take the GMAT. Lawyers take the LSAT and the Bar. Medical professionals take all sorts of assessments to qualify them for their difficult and important careers. Finally, tech workers take the CISSP.
Though it might not be as famous as other professional examinations, the Certified Information Systems Security Professional (CISSP) is a test that certifies those who pass to perform essential security tasks, such as establishing a security framework, developing security software, and following essential regulations. However, the CISSP isn’t just for security professionals; in fact, all tech workers benefit by becoming certified through the CISSP. Here’s why.
Why All Tech Professionals Should Take the CISSP
Every day, more devices connect to the vast network of the internet. Individuals are adding wearable fitness tech and smart appliances; businesses are linking myriad personal devices to enormous server bays. Communications tech giant Cisco attests that every second, more than 80 “things” are connecting to the web ― to include computers, mobile devices, thermostats, cars, refrigerators, and any other “thing” with networking capability ― and by 2020, more than 50 billion “things” will be added and in-use. What’s more, thanks to all those connected devices, experts also predict our annual data production to increase by more than 4,300 percent by 2020, and roughly 80 percent of that data will be information stored by enterprises.
While linking all these things together provides unprecedented control over even minute aspects of our lives, such a large network poses extreme security risks. Like hygiene and public health, a single web user’s security affects the security of a whole, and with so many devices connected to the internet, cyber criminals have plenty of opportunities to find openings, steal data, and wreak havoc.
Most people are aware that data breaches have already become increasingly common. Between 2005 and 2014, the rate of data breaches increased by more than 500 percent, and the type of information targeted is becoming refined, as cyber criminals go after sensitive files like credit card numbers, contact information, and account passwords.
Considering the increasing opportunity for cyber crime, it is vital that all “things” created and connected are appropriately secure ― which means all tech workers need to develop a comprehensive understanding of security practices. That’s why all tech professionals should take the CISSP exam.
The Anatomy of the CISSP
Above all, CISSP is a certification, which means it requires more than a single test to achieve. CISSP candidates must have at least five years of full-time experience in one or more of eight domains, to include security engineering, software development security, communication and network security, and others. It is possible to mix-and-match experience, and candidates can even replace one of their years with a four-year university degree.
The exam itself is rigorous and exhausting. Consisting of 250 questions to be answered in a six-hour period, the test attempts to assess the length and breadth of candidates’ knowledge of security systems and practices. The questions are vendor-neutral ― meaning they do not pertain to technologies of a specific designer or manufacturer ― and they tend to fall within the realm of the following 10 categories:
- Access control
- Disaster recovery planning
- Information security governance
- Legal investigations, regulations, and compliance
- Operations security
- Physical security
- Security architecture and design
- Software development security
- Telecommunications and network security
Not every CISSP exam is identical; in fact, for security reasons, the test’s creators ― a group called the International Information System Security Certification Consortium, or (ISC)2 ― have a long list of questions used to populate various forms of the exam, and those questions are regularly replaced to maintain the integrity of the certification.
To pass, a candidate must earn at least 700 out of 1000 possible points. However, not all questions have the same value: Some are worth substantially more when answered correctly, and some are worth absolutely nothing. This process is called scaling, and its objective is to make comparisons between different exams more comprehensible. Additionally, it allows the (ISC)2 to rank candidates effectively ― though after the test, candidates learn only whether they passed or failed. In fact, after the results return, candidates will never learn which questions they answered correctly or incorrectly or even what percentage of questions they got right, which makes it even more important to train and study appropriately beforehand.
Security is vital for everyone, especially those in tech. Therefore, certification in security is necessary for a successful tech career.