Connect with us

Hi, what are you looking for?


Training & Awareness

CISSP Price Hike Dismays Certified Security Professionals

(ISC)² has increased its annual membership fee (AMF) for security professionals by 47% from $85 to $125. This will include holders of the most popular professional certification, CISSP. The new fee is fixed, whether the professional holds one or multiple (ISC)² certifications. For individual cert holders it is an increase; for multiple cert holders it will be a decrease.

(ISC)² has increased its annual membership fee (AMF) for security professionals by 47% from $85 to $125. This will include holders of the most popular professional certification, CISSP. The new fee is fixed, whether the professional holds one or multiple (ISC)² certifications. For individual cert holders it is an increase; for multiple cert holders it will be a decrease. In tax terms, this makes it a ‘regressive’ fee: the holders of a single cert (which will include the less affluent members) will be subsidizing those who hold multiple certs (likely to be the more affluent members).

The fee is also being switched from payment in arrears to payment in advance. The next normal payment for all members will consequently be $125 more than their last payment. If members elect to pay their next fee in advance of the due date, it will be pegged at the current $85 — and the increase to $125 will not come into effect until the following year.

In a statement, (ISC)2 told SecurityWeek, “Annual membership fees (AMFs) are used by (ISC)² to directly support the costs of maintaining the (ISC)2 certifications, related support systems and management of the association. For many years, (ISC)2 has managed to avoid raising these fees while maintaining the highest standards in support of our certifications and systems despite rising costs.”

It added, “We feel that our members receive a very strong return on this annual investment through the many valuable benefits they enjoy including new immersive professional development courses, discounts on learning materials, conferences, services and support, and much more.”

The members themselves, however, do not currently seem to agree. On Wednesday, one posted a question to the member support forum: “Your new annual membership Fee is now $125! How do you feel about that?”, adding “I think this is disgusting… Its extortionate.” At the time of writing this, there are now 49 comments on this thread, almost all of them critical — and some highly critical.

But not all — some members will benefit. One commented, “With (ISC)2 I have 3 certs right now, so I’m one of the few who will actually benefit from the change. I will probably get more (ISC)² certs because I already have to pay the AMF, so as many have guessed for me it’s an incentive.”

SecurityWeek approached a leading CISO holding multiple certifications for his take on the issue. He asked to remain anonymous. “ISACA provides better material and more real-world training (including COBIT),” he said. “(ISC)² has always felt like a cash cow.” His concern is that organizations like (ISC)² — which are commercial enterprises, not educational establishments — are transforming cybersecurity from a profession into a business where possession of a certificate is valued more than practical skill.

Advertisement. Scroll to continue reading.

To be fair, this CISO’s views are echoed by many of his peers commenting on the forum. Concerns range from belief that the price rise is unjustified and unfair to disparaging comparisons with other organizations.

One pointed out that the certification is required by many employers, such as the DoD with reference to DoD 8750, who won’t pay the fee out of their own funds. Another added, “Is (ISC)² really so out of touch with the US Federal space that they think this is wise timing? Contractors have lost a month of pay – with no end in sight.” Many feel they are a captive revenue source, because even outside the federal space, their employers require the certification. They fear, no cert, no job.

(ISC)² has contacted SecurityWeek to clarify that it will not seek payments from anyone impacted by the federal shutdown. This will include both employees and contractors. Externalities like the current U.S. government shutdown and associated political dynamics are a moving target. We are providing more than five months for our association members to work through this change, and can make accommodations for any members impacted by the government shutdown. Any members impacted by the shutdown should contact Member Services.” 

There is also a smattering of more militant members. One commented, “What exactly does (ISC)² do for us members? What exactly do they do for us worth $125/year? The only way this can possibly change if we all collectively stand up and say no more. We do have the power. I know a lot of us are scared to drop a (ISC)² cert for fear of losing a job opportunity. If we as a community stand up, we change that.”

The final comment at the time of writing says, “I would not be surprised if a legal challenge is being considered against this price increase and the (ISC)² board; possibly crowdfunded by the members. Some people will accept the hike, some people will leave (ISC)², and some may fight it.”

But while the overriding sentiment on this forum is negative, one simple fact remains. At this point, less than 50 members out of a U.S. membership of 84,557 (as of 31 December 2018) have complained.

*Updated to include clarification from (ISC)² on flexibility for those affected by the U.S. Government shutdown

Related: CISSP Code of Ethics: With Power Comes Obligation and Responsibility 

Related: Addressing the 3 Million Person Cybersecurity Workforce Gap 

Related: Professionalizing Cybersecurity Practitioners 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Training & Awareness

Google has announced a new training program for cybersecurity analysts and those who graduate will get a professional certificate from Google.

Management & Strategy

750 cyber specialists have participated in Defence Cyber Marvel 2 (DCM2), the biggest military cyberwarfare exercise in Western Europe.

Management & Strategy

UK-based cybersecurity training solutions provider Immersive Labs announced on Wednesday that it has raised $66 million in new capital.


Series A funding brings the total amount raised by cybersecurity training company to $15 million.

Application Security

Hack The Box Raises $55 Million in Funding Round Led by Carlyle

Management & Strategy

Tips for making a presentation that will help improve the state of security programs and reflect favorably on the presenters and their companies


The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...