6 Ways to Convince Your Boss to Get you CISSP Certified [plus bonus pitch for your employer]

But it's also a well-known fact that clearing this exam is no walk in the park. In fact, it is an uphill climb. If you don't seek out help, your chances of clearing the exam may seem grim. It requires hundreds of hours of learning, and answering about 100 to 150-questions, in three hours, on the examination day. It's also a big financial risk. The examination fee itself is $699 on your part. Furthermore, in order to give yourself a real chance to clear the exam, you will need to take a preparatory course, conducted by industry experts from institutions like Readynez who employ top-of-the-league cybersecurity experts for training your excellence in the exam. This can cost you thousands of dollars, and a financial burden of this sort can be too much of a risk for an individual to take.

Does it mean you abort the dream of giving your career wings through a CISSP certification? Of course not! You can get your employer to fund your CISSP certification instead - it's a win-win for both.

In this article we've shared a tried & tested approach that our students at Readynez take, to convince their employers to pay for their certification. We will tell you why your company should make this investment in you (so that you don't feel like they are doing you a favor), and also how you can make the power move. We will delve into the finest details, leaving you nothing to chance. At the end of this resource, we've also included a template for an email pitch that your boss cannot refuse.

First, ask yourself, why do you want this

The CISSP certification holds immense value for professionals like Chief Information Security Officer, Chief Information Officer, Director of Security, IT manager, security systems engineer, security analyst, security manager, security auditor, security architect, security consultant, and network architect. Having this credential on your resume surely means something because the certification itself is a product of many years of research and development. While its credibility is not much debatable and everything about CISSP sounds motivating, you may need to do some internal work to check if the process excites you enough to stay motivated. Motivation helps especially when office pressure is at its all-time high, exams are around the corner and there’s every reason to not let it pass you by. If your motivation is in place, you have other homework to do. Read up about the demands of the course and find out what you’re signing up for.

Give yourself a reality check before you reach out to your boss

Without an iota of doubt, certifications like this one do help you in standing out as the best of the best. However, it's crucial to note that CISSP itself does not guarantee you a higher position and a fat paycheck. To succeed, you have to toil away and demonstrate your knowledge in practice. You have to prepare yourself for a few extra hours of study every day, for anywhere between 6 to 9 months, irrespective of your office workload. It is a long haul indeed and a grueling one. If you're ready, then get started to create the perfect pitch for your boss. Let’s try to convince your employer now!

1) Ask Yourself, Why CISSP?

The first thing your employer would want to know - Is CISSP worth an investment? Some common benefits that CISSP certification, can bring to your employer’s attention are:

• Improved IT security skills, hence you can take on more responsibilities.
• The resulting enhanced productivity will help to motivate the workplace culture and boost morale.
• A holistic view of the security industry that will help you safeguard the organization better.
• Encouragement to stay updated with the latest trends and therefore, you can add more value to your job.
• The Ability for better IT leadership that would drive overarching business strategy and goals.
• Prove Credibility as a security expert within the company and for engaging with clients.

More than anything else - emphasize how you can use the acquired information to eliminate security risks. These risks may not pose a threat at present but might become a major problem tomorrow, and thus help you make the right business decisions around security challenges.

2) Address the elephant in the room

To earn the CISSP certification, you have to pass an exam that costs around $699. To maintain the CISSP certification, you need to earn at least 40 hours of Continuing Professional Education (CPE) credits each year and pay an annual maintenance fee of $85. The CISSP credential is valid for three years, after which CISSP certificate holders can recertify as long as they have paid the annual maintenance fee and submitted their CPE credits every year. Yes, the costs are immense. But you need to let them know how they can use the team training solution by (ISC)² to train and certify not only you but all those eligible in your team. Their training solutions can be tailored to your company’s budget, schedule, and unique cybersecurity needs. Moreover, this is the time when cybersecurity professionals are in short supply, and organizations that make their staff certification and training a priority, are more likely to attract and retain critical staff. The next point delves deeper into this - preparing you to counter another expected objection from your boss.

3) Tell them how your resulting skills can help them cut costs

Your job is to make it glaring how the benefits far outweigh the costs to the company, so, your career advancement leaves your organization in a Net-Profit state. The CISSP certification covers all the fundamental elements of Cybersecurity – from security and risk management to communication and network security, from security assessment, testing, and operations to software development security. It ensures that you, as a certified professional, understand all aspects of information security and how to integrate that with the overall organizational ecosystem. This will enable you to perform some functions yourself and the company would need not hire additional employees. The knowledge gained, during exam preparation and while renewing your CPE credits, is not just about security, but also about IT leadership. Very wittingly, it makes you a better manager, financial benefits of which are undebatable.

Certification such as this one equips you to leverage marketing opportunities and provides better expertise to talk to clients’ security teams directly. It makes you more responsive during meetings and presentations by virtue of all the preparation involved for the exam. This reduces the company's project turnaround time and saves money incurred on meetings and course correction.

4) Step out of the Spotlight, you don’t want that on you just yet

Rather than propelling your argument in the direction of why you need this certification, try to persuade your employer of the certification’s merit. The CISSP wins industry accolades every year and it consistently ranks among the top 10 information technology certifications by various publications. By expecting you to develop both a theoretical and a procedural understanding of information security, CISSP training gives better recognition in the cyber greater security industry. Moreover, as a member of (ISC)², you get access to their monthly meetings, conferences, online resources, workshops, blogs, and so on. It’s not about your personal credentials, but about ensuring that your company is staying current on the security front, in an industry that is changing tides so frequently.

5) Assure them, how the exam prep won’t affect your job

Lastly - the CISSP exam majorly involves brushing-up years of expertise, rather than investing office hours in something completely unfamiliar. You already know most of the things, but preparing for the exam helps in organizing the same knowledge in a more structured manner inside your brain. This means, the amount of time and energy that you’d spend on a completely new subject vs. this certification, will be significantly different (the latter being lesser, of course). Being part of the CISSP community and renewing your credits will encourage you, as an employee, to regularly listen to recorded webinars, podcasts, and explore recent trends by reading their magazine.

Combining theory with hands-on experience is important. CISSP, by adding more theory to your knowledge, makes you familiar with less intuitive security-related issues, structures, and policies. This way, the process gets very enlightening. Finally, during your research, do not skimp on any details before sending that email pitch!

6) Write a nice email to your boss

You may not be a writer, but your writing skills can make or break your chances to get CISSP certified. To help you out, we’ve put together the email template below that you can edit and use to make your case the easy way.

Subject: needs CISSP certification

Hi [Employer’s name],

I'd love to get your approval to register for a CISSP Certification training course this year. Certified Information Systems Security Professional is a globally recognized vendor-neutral standard attestation for my technical and management skills. The certification exam requires training which is beginning from [Date]. Out of all the certifications available for professionals like me, I'm choosing CISSP because it provides insights that will grow our business, keep us on the cutting edge of cybersecurity technology, and boost our competitive advantage.

I'd love to get your approval to register for a CISSP Certification training course this year. Certified Information Systems Security Professional is a globally recognized vendor-neutral standard attestation for my technical and management skills. The certification exam requires training which is beginning from [Date]. Out of all the certifications available for professionals like me, I'm choosing CISSP because it provides insights that will grow our business, keep us on the cutting edge of cybersecurity technology, and boost our competitive advantage.

CISSP is a special course in many ways. It is only for cybersecurity practitioners, which means my hands-on experience from work will meet the additional theoretical knowledge of the certification - to create a perfect symphony. Secondly, I get the full benefit of all the knowledge shared by them via access to their resources such as magazines, podcasts, online material, blogs, news articles, and web conferences.

Thirdly, it has training solutions, carefully curated for the company’s budget, schedule and cybersecurity needs. And it's packed with value as I'm surely bound to bring home ways to improve our company’s cyber security immediately.

I believe you're busy, so I'll quickly outline the top reasons why CISSP is the best choice for me:

1. Better Cyber security: The CISSP certification covers all the fundamental elements of Cybersecurity and ensures understanding of all aspects of information security, enabling me to perform some more functions myself and the company need not hire additional employees.
2. In-built IT Management training: The course is so comprehensive that it touches upon all the domains involved in IT management. It will make me a better manager for the team, the financial benefits of which are undeniable.
3. Better client engagement and marketing opportunities: It equips us to leverage marketing opportunities and provides more expertise in direct communication with the clients’ security teams. I would like to be even more relevant during meetings and presentations by virtue of all the preparation involved for the exam. We might just be able to save some costs there.
4. The networking is top-notch: Training is full of experts we can learn from, as well as new opportunities to forge exciting partnerships for our business. The conference organizes after-hours events specifically around networking and helping attendees spark new connections which I believe might result in new business for our company
5. I'll be learning from the best and sharing the knowledge with teammates: Every speaker at (ISC)² is an industry expert. My notes will be filled to the margins with info on the most successful strategies, insights, and tools that the industry has to offer, something I would love to share with our own information security team. Our team gets to learn, too. Along with my certification, I'll get access to so much free material plus I will be able to impart first-hand knowledge to my team personally. This seems promising in making our work more efficient. Practically, all the benefits will be shared.

I'm so excited about everything CISSP could bring not just for us but also for the better experience of our clients, with a more skilled team to work with.

I appreciate you taking the time to read this today.

If you'd like me to schedule 15 minutes to chat about this in person, just let me know!

Thanks again,

[Your name here]

Closing lines

Hope this was helpful. Meanwhile, prepare your speech and pointers well to avoid any awkward conversation with your boss. The key is to put your arguments across smoothly, during the conversation, without any hiccups. Again - keep the spotlight on what’s in it for the company and not you. If all else fails, politely ask the reasons for denying your request. This will give you a better understanding of where you missed it. Your boss may not be able to see a direct link between your job responsibilities and the certification requested. Any feedback will be resourceful for your next pitch.

You might want to check out a certification at this point, now that you’re armed with all the knowledge and motivation you need. At Readynez, we provide our students necessary training and support to clear CISSP certification with confidence.