CISSP
Certified Information Systems Security Professional. The gold standard for senior security roles, with a heavy governance and architecture focus across 8 broad domains.
CISSP is highly respected but typically pursued after several years of industry experience. The exam rewards breadth and management-style thinking, not deep technical skill. Without ~5 years of relevant work, the Associate of (ISC)² title is the realistic outcome.
In context
This cert in isolation tells you very little. Here is where it actually sits. The pathways that use it, and the roles it realistically supports.
- Security Manager
- Security Architect
- GRC Lead
- CISO (with additional experience)
CISSP is genuinely worth it for exactly one person: someone with five-plus years of real security experience aiming at GRC, security management or senior architecture. For that person it's a salary bump, a recruiter magnet, and the credential that gets them into rooms. For everyone else it's a £600 exam and 200 hours of study that produces nothing recruiters care about, because they'll see two years of experience next to a five-year-experience cert and assume something's off. The cert isn't the problem. The timing is. Wait until you've earned it, then take it seriously.
Recommended prior knowledge
- 5+ years cumulative paid security experience (2 of the 8 domains)
- Broad exposure across security, networking, and risk
- Comfort with policy / governance concepts
Common misconceptions
- CISSP is technical, it's primarily governance & architecture.
- It's a 'first' senior cert, most pursue with 5+ yrs experience.
What this cert does NOT guarantee
- Hands-on engineering roles
- Management title automatically
Practical skills that matter
- Risk management
- Security architecture
- Policy & governance
- Incident response leadership
- Stakeholder communication