Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Should I take the CISSP test without having experience?

Hello! My name is Julio and I am looking to take the CISSP but I do not meet the recommended work experience requirements. According to, I am allowed to take and pass the CISSP exam to earn an Associate of (ISC)2 designation. Then, I'll have up to six years to earn the required work experience for the CISSP.


QUESTION: If I take and pass the CISSP test, and all I'm awarded is Associate, then should I start with a different test like the ones mentioned below?


Associate of (ISC)2 designation options:

  • CISSP - Leadership & Operations
  • SSCP - IT Administration
  • CCSP - Cloud Security
  • CAP - Authorization
  • CSSLP - Software Security
  • HCISPP - Healthcare Security & Privacy
5 Replies
Community Champion

Hi Julio,


All of ISC certifications test very specific skill/knowledge sets and your list is very eclectic, so unless you could say specifically what you wanted them for it may be better to focus on other goals in the short term - they all have experience requirements as well. Example, if I tried to certify as HCISSP(even if I passed the exam, a big if), then without moving to the US healthcare sector and getting the experience I'm pretty sure people would find it, at the very least strange. Mind you you might in the US Healthcare...


Passing the CISSP exam means you've acheived a uncommonly broad level of of cybersecurity understanding and knowledge - but once you have that you'll likely be thinking in terms of cost/benefit, prioritization, and arguing for the most critical activities, so the irony is you might question your use of time.


First question I'd ask is ultimately why do you want the CISSP certification or the ISC2 Associate? Is it a case of useful badge on the CV, or do you have an aspiration to plan design and mould your organizations security program and steer it through the next ten years or something in between? Perhaps you just want to talk to like minded people - if so then you might be able to join your local ISC2 chapter without being a CISSP(or even Associate of ISC2) and see if it fits. Quick plug for my local chapter on membership: might be pie and punch) most should have similar.


I think that if you can answer the why then you might the fit the where of associate might fit in, but as you are starting out in cyber security then SSCP, CompTIA Security+ or even certain vendor training and certifications might be better fits for you now.


Short answer - SSCP looks like the one for you from ISC2, you would still need a year of cybersecurity operations experience, but its an ideal first step.. 

Hi Julio,


What is your passion?  Is there a specific area of interest?

I would take one of the certificates in that area whilst you build up the experience required.

That way, you can start gaining some of the knowledge that will help you when it comes to the exam itself and be better prepared for it.  There are some questions in the exam which may cause you to think about them.  With experience, the answer may come more quickly to you.


Hope this helps.
Best regards


Newcomer I

The other comments were very good, and covered the most important ground.  I'm going to share a slightly different POV from one of my friends that kind of aligns with what the 2 previous posters have said.


My friends is involved with inforsec, more on the threat intel side.  Her employment paid for her to take and pass the CISSP test.  She has yet to do the verification to get the full CISSP credit.


She doesn't want to be in management, or really work outside her specialty.


So, just making you aware that there's other courses to take with this cert and the levels to it.

Contributor I

You need experience to become CISSP but as you rightly mentioned, you can do the test, pass the test and become an associate. Then get experience later. All the best

Newcomer I

Julio -


I think you are asking a great question. I would agree with the position of most of my colleagues who have already responded. 


The Associates is "fine" but I would also encourage you to set realistic expectations. As I mentioned to the (ISC)2 team at the Security Congress in Austin (along with everyone else in the focus group saying same thing) passing the test and being able to do the work are two different things. Additionally, the career arc of a CISSP certification is something that comes with that experience.


What I would recommend is to start with a smaller certification (CompTIA+, etc.) and then build up as your career path finds definition and you see what area you are passionate about. I have a young woman on my team who is sitting for her HCISPP at the end of 2018. She has been building her experience over the past four years, but it was not really her plan when we started - she just found her passion. She did start with the smaller certifications as she was trying to figure out her career path.