ISC2 Certified in Cybersecurity Review

TL;DR Certified in Cybersecurity is ISC2’s new entry level exam. It is currently free to take the exam and the ISC2 training is also free online.

Background

I have not seen any reviews of International Information System Security Certification Consortium’s (ISC2’s) new entry certification out there on Google so I figured I would write one.

Certified in Cybersecurity is ISC2’s new entry level certification. The exam is currently being offered for free as part of ISC2’s pledge to get one million people certified. Their stated goal is to create a certification truly intended for newcomers, no experience or prior education required. The official training is also free from ISC2 here.

CompTIA recommends 2 years of experience and Network+ before taking Security+. However it is our experience that Security+ is completely doable with no prior experience or certifications, just a strong desire to learn.

ISC2’s SSCP does require at least one year of work experience in addition to passing the exam to earn the certification, so Certified in Cybersecurity is a welcome addition to the ISC2 family.

Why I took ISC2 Certified in Cybersecurity

In a nutshell

Should you take ISC2 Certified in Cybersecurity?

IMHO anyway, you should take Certified in Cybersecurity if

You should not take Certified in Cybersecurity if

Preparation

I got the CISSP Study Guide by Eric Conrad, Seth Misenar, and Joshua Feldman from the library. I had read their 11th Hour twice while studying for CISSP and really liked their writing style. I highly recommend both books.

I went through the official ISC2 course online for Certified in Cybersecurity. The course was good overall, however I felt that it did not cover everything that was on the exam. Hence I highly recommend using a CISSP study guide. At roughly 430 pages the book named above is only slightly longer than most books for CompTIA Security+. It covered everything that was on the exam and will also help prepare one for other exams in the future.

Obviously someone who has worked in the field for awhile and has taken other courses and exams could probably just YOLO the Certified in Cybersecurity exam. However I wanted to brush up on my general knowledge and approach this like someone who is in ISC2’s intended audience.

The exam

Obviously I cannot say anything about the questions themselves. ISC2 stresses 5 topics;

It felt like CISSP Lite. Hence I highly recommend reading a CISSP study guide. Much like the other exam I have taken with ISC2, there was a heavy focus on the business aspects of cyber security.

You get 2 hours to answer 100 questions, which is plenty of time. It is not a stressful test, nor is it meant to be.

ISC2 does not give you a score at the end. Much like CISSP the exam just cut off at 100 questions without saying anything. The print out simply says “provisionally passed”.

Note on certification & ISC2 membership

There is an inaccuracy floating around Reddit that “the certification isn’t free because you have to pay $50 if you pass”. This is slightly misleading. The $50 is ISC2’s membership fee. In this case it is the exact same price as CompTIA’s membership fee. The only difference is that one can pay all $150 to CompTIA right before the end of a three year period whereas ISC2 requires each year’s $50 up front. However the price is the same.

CompTIA and ISC2 both charge a flat rate annually regardless of the number of certs held. CompTIA gets a slight nod here as their fee is a static $50 while ISC2’s fee increases to $125 annually if one holds CISSP. I would be remiss though if I compared the two without mentioning that I find ISC2’s CPE portal a bit more user friendly than CompTIA’s Certmetrics.

Note on “Provisionally Passed”

After you pass the exam you should receive an email from ISC2 within a few days. You have to create an account on their site if you don’t already have one, agree to their code of ethics, and pay the aforementioned $50 for your first year’s membership. You will then see a link to print a PDF of your cert.

Summary

2 ½ years ago I said The Lord’s Prayer, walked into Pearson Vue, and somehow walked out with a pass on the CISSP exam. I hadn’t taken a vendor neutral theory/book exam in two years so this was a good refresher. The trick to these book exams is to leave your ego outside Pearson Vue, pause what you know from actually doing stuff, and just focus on what that org teaches.

Everyone knows that everything in AD is an object. Objects can absolutely act on other objects. However in the exam room there are subjects and objects, and subjects act on objects. This is just one example off the top of my head.

IMHO, this exam would be perfect as free CISSP or Sec+ prep. I think ISC2 nailed their goal of creating an entry level exam.

References

Free ISC2 training for CC: https://www.isc2.org/Landing/1MCC

ISC2 offering CC for free: https://learn.isc2.org/d2l/home

Experience requirement for SSCP: https://www.isc2.org/Certifications/SSCP/experience-requirements

CompTIA Sec+ description: https://www.comptia.org/certifications/security

CISSP Study Guide on Amazon: https://www.amazon.com/CISSP%C2%AE-Study-Guide-Eric-Conrad/dp/0443187347/ref=sr_1_1?crid=22NQA3VGO7IFR&keywords=cissp+study+guide+eric+conrad&qid=1666642538&qu=eyJxc2MiOiIxLjMwIiwicXNhIjoiMC44MCIsInFzcCI6IjAuNjUifQ%3D%3D&sprefix=cissp+study+guide+eric+conrad%2Caps%2C112&sr=8-1

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rich

I work various IT jobs & like Windows domain security as a hobby. Most of what’s here is my notes from auditing or the lab.