← Back to credentials
Credential · Technology
CISSP

Certified Information Systems Security Professional

The senior credential in information security across the technical and managerial dimensions.

Credential profile
Issuing Body
(ISC)² — International Information System Security Certification Consortium
Domain
Eight CBK domains: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, Software Development Security
Structure
Rigorous examination covering all eight CBK domains; computerized adaptive testing format with extended duration
Recertification
120 Continuing Professional Education (CPE) credits every three years (40 per year); annual maintenance fee
Prerequisites
Five years cumulative full-time professional experience in two or more of the eight CBK domains; endorsement by an existing ISC2-certified professional within nine months of passing the exam
Significance
Globally recognized as the gold standard credential for senior information security professionals; required or strongly preferred for senior security leadership, CISO, and security advisory roles
Application in practice

The CISSP establishes the technical breadth required to engage with information security as a managed discipline rather than a series of point solutions. The eight CBK domains cover the full architecture of organizational security — from risk management at the enterprise level through to specific controls at the engineering level — and the examination requires the practitioner to demonstrate fluency across all of them, not depth in any single one. That breadth is what distinguishes the security advisor from the security engineer.

For our work at the intersection of technology risk advisory and broader program execution, the CISSP foundation is what allows us to lead conversations that span CISO, CIO, audit, risk, and executive committee perspectives simultaneously. Whether reviewing a portfolio company's security posture in M&A diligence, advising on SEC cyber disclosure readiness, or designing the technology risk governance for an enterprise program — these engagements require the practitioner to speak the language of every audience credibly. The CISSP is the credential that signals that capability has been demonstrated through examination and ongoing CPE, not just asserted through experience.

Practices this credential informs
Technology Risk Advisory M&A Advisory
← Back to credentials