Authored by Derrick Jackson & Co-Author Lisa Yu

CC – Certified in Cybersecurity Overview:

August 31, 2022. That’s when (ISC)² launched something different in cybersecurity education. Not another expensive barrier to entry, but a genuinely accessible pathway into the field.

The CC certification breaks the traditional mold. While most cybersecurity credentials demand years of experience or thousands in upfront costs, (ISC)² took a different approach with their “One Million Certified in Cybersecurity” pledge. Free training. Free first exam attempt. Zero prerequisites beyond being 16 years old.

But here’s what makes this interesting: it carries the (ISC)² brand. The same organization behind the CISSP (which requires five years of experience) now offers an entry-level certification. Over 50,000 people have already passed the exam since launch, making this one of the fastest-growing cybersecurity credentials.

This overview cuts through the marketing noise to examine what the CC actually delivers. We’ll analyze real salary data, job market demand, and whether this certification genuinely opens doors or just adds another acronym to your resume.

What’s the Deal with CC – Certified in Cybersecurity?

The (ISC)² Certified in Cybersecurity represents a strategic workforce development initiative rather than just another certification. It’s designed as a large-scale workforce development program to systematically lower barriers to entering the cybersecurity profession.

(ISC)² isn’t some startup trying to grab market share. Established in 1989 as a non-profit organization, (ISC)² has expanded to include over 675,000 members, associates, and candidates across more than 175 countries. Their mission focuses on “strengthening the influence, diversity and vitality of the field through advocacy, expertise and workforce empowerment.”

The timing wasn’t coincidental. (ISC)²’s own research estimates a deficit of over 4 million cybersecurity professionals needed to adequately secure organizational assets worldwide. The CC emerged as their solution to this gap.

As of March 2024, more than 390,000 individuals had enrolled in the training program, and over 50,000 had successfully passed the exam. Those aren’t small numbers for a certification that’s barely two years old.

The credential carries additional weight through accreditation under the stringent ANSI ISO/IEC Standard 17024, a global benchmark that validates the integrity and rigor of personnel certification bodies. This puts it in the same quality tier as established credentials like the CISSP.

Who Should Look Into This?

The CC targets three primary groups, each with different motivations and backgrounds.

Career changers represent the largest opportunity. Professionals from diverse fields such as law, finance, or project management who are seeking a structured entry point into cybersecurity. The free entry point eliminates financial risk for someone testing their interest in the field. You can invest time in the official training, take the free exam, and get both a credential and honest feedback about your aptitude without spending money.

IT professionals looking to pivot into security find the CC particularly valuable. Individuals currently in roles like help desk support, network administration, or software development who wish to pivot and specialize in security. For someone already familiar with IT concepts, the security-specific knowledge fills crucial gaps in their understanding.

Students and recent graduates use the CC as their first professional credential. Individuals at the beginning of their professional lives who need a foundational credential to demonstrate their knowledge and commitment to potential employers.

The certification’s accessibility serves as a powerful career exploration tool. Traditional cybersecurity education requires substantial financial commitment before you know if you’ll enjoy the work. The CC model lets you test the waters without financial risk. You get both a tangible credential and personal insight into whether cybersecurity matches your interests and abilities.

5 Knowledge Domains: What You Need to Master

The CC exam organizes content into five weighted domains. The official domains and their weights are: Security Principles (26%), Business Continuity/DR/Incident Response (10%), Access Controls (22%), Network Security (24%), and Security Operations (18%).

Domain 1: Security Principles (26%) covers foundational concepts. Information Assurance (Confidentiality, Integrity, Availability), Authentication, Non-repudiation, Risk Management Processes, Types of Security Controls (Technical, Administrative, Physical), (ISC)² Code of Ethics, Governance Processes (Policies, Standards, Laws). This provides the “why” behind security decisions and ethical framework for professional conduct.

Domain 2: Business Continuity, DR & Incident Response (10%) focuses on crisis management. The purpose, importance, and core components of Business Continuity (BC) plans, Disaster Recovery (DR) plans, and Incident Response (IR) procedures. While entry-level professionals won’t lead these efforts, they need to understand their role during incidents.

Domain 3: Access Controls (22%) covers both physical and logical security. Physical Access Controls (badge systems, security guards, CCTV), Logical Access Controls, Principle of Least Privilege, Segregation of Duties, and access control models (Discretionary, Mandatory, and Role-Based Access Control). This knowledge directly applies to common help desk and security administration tasks.

Domain 4: Network Security (24%) dives into technical fundamentals. Computer Networking Models (OSI, TCP/IP), IPv4 and IPv6, common ports and protocols, types of network threats and attacks (DDoS, viruses, Man-in-the-Middle), and Network Security Infrastructure (firewalls, VPNs, DMZ, cloud security concepts). This domain challenges candidates with no networking background.

Domain 5: Security Operations (18%) addresses daily security tasks. Data Security concepts (Encryption, Hashing, Data Handling), System Hardening (Configuration Management, Patching), Best Practice Security Policies (AUP, BYOD, Change Management), and the purpose and importance of Security Awareness Training.

The domain weights reveal that the exam places the greatest emphasis on Security Principles (26%) and Network Security (24%). Together, these two domains constitute exactly half of the examination’s content. Success requires solid understanding of both foundational theory and technical networking basics.

What to Expect From the Exam

The CC exam follows a straightforward format designed for accessibility. The examination consists of 100 questions that must be answered within a two-hour (120-minute) time limit. The questions are primarily multiple-choice but may also include advanced item types.

To pass the examination, a candidate must achieve a scaled score of 700 out of a possible 1000. Candidates do not receive a numerical score report; they are only informed of a pass or fail result. Failing candidates receive diagnostic feedback on their performance in each domain to guide future study.

The exam is administered exclusively at Pearson VUE testing centers around the world. The official exam code, used for registration, is simply CC.

A major change approaches. Currently, the CC is administered as a linear, fixed-form examination where every candidate receives the same number of questions in a standard sequence. On October 1, 2025, the exam will transition to a Computerized Adaptive Testing (CAT) format. In the CAT format, the testing engine adjusts the difficulty of subsequent questions based on the candidate’s previous answers, providing a more precise and efficient assessment of competency.

The format change won’t alter content. It is important to note that this is a change in format only; the underlying exam content and domains covered will not change with this transition.

Cost Breakdown:

• Standard registration fee: $199 USD
• First exam attempt: Free under 1MCC initiative
• Retake fee: $199 USD
• Annual Maintenance Fee: $50 USD

(ISC)² enforces a structured retake policy with mandatory waiting periods: After the 1st failure: 30-day waiting period. After the 2nd failure: 60-day waiting period. After the 3rd failure: 90-day waiting period. A candidate may attempt the exam a maximum of four times within a 12-month period.

Career Impact and Salary Expectations

Salary data for CC holders requires careful analysis due to conflicting sources and methodological problems.

ZipRecruiter reports a national average annual salary of $132,962 for roles associated with “Isc2 Certified In Cybersecurity” as of August 2025. However, this figure is highly likely to be misleading for an entry-level certification. The search methodology used by such aggregators often captures job postings that broadly mention “(ISC)²” and “Cybersecurity,” thereby conflating the new, entry-level CC with the highly advanced and much more lucrative CISSP certification.

More credible data comes from specialized sources. The 2024 Skillsoft IT Skills and Salary Report, which specifically isolates the “(ISC)² Certified in Cybersecurity” credential, presents a more credible figure. According to this report, the average salary for a CC holder in the United States is $107,870.

The U.S. Bureau of Labor Statistics reports a median annual wage of $124,910 for Information Security Analysts as of May 2024. The BLS figure represents the median for the entire profession, including highly experienced senior analysts, so an entry-level salary would naturally fall below this mark, making the Skillsoft figure a plausible and realistic benchmark.

Given that the CC is an entry-level certification, salary expectations should be framed for professionals with 0-2 years of experience. Skillsoft’s broader data on cybersecurity salaries by experience level indicates an average of $89,842 for professionals with 1-5 years of experience, further reinforcing that a starting salary in the range of $80,000 to $110,000 is a more realistic expectation.

The certification prepares candidates for specific entry-level roles:

• Cybersecurity Analyst or Junior Cybersecurity Analyst
• IT Security Associate or Specialist
• Security Administrator
• Security Operations Center (SOC) Tier I Analyst
• IT Auditor

The U.S. Bureau of Labor Statistics projects that employment for Information Security Analysts will increase by 33% between 2023 and 2033, a rate described as “much faster than the average for all occupations”. This growth translates to an estimated 17,300 new job openings annually.

Job market recognition varies. When analyzing job postings, it is evident that the CC is still establishing its market presence. Anecdotal reports and forum discussions indicate that it is not yet as frequently listed as a required credential compared to the more established CompTIA Security+. Currently, its primary value functions as a strong “preferred” credential demonstrating foundational knowledge and commitment.

Prerequisites and Experience Requirements

Accessibility defines the CC’s approach to prerequisites. There are no formal work experience or educational requirements to sit for the exam. This deliberate design choice removes a major barrier that often prevents newcomers from entering the field.

The only firm prerequisite is an age requirement: candidates must be at least 16 years old. Minors aged 16 or 17 must have a parent or legal guardian sign a consent form and accompany them to the Pearson VUE test center on exam day.

While not mandatory, it is recommended that candidates possess a basic knowledge of general Information Technology (IT) concepts to better contextualize the security topics covered. This recommendation proves particularly relevant for Domain 4 (Network Security), which challenges those without networking experience.

The zero-barrier approach serves strategic purposes beyond accessibility. The certification’s free entry point serves as a powerful, no-cost “qualifier” for those contemplating a career change. A significant hurdle for career transition is the substantial financial and time investment required for traditional education or paid certifications.

Preparation Strategy: How to Actually Pass

Study time varies significantly based on background. For IT Professionals: Those with a solid background in IT or networking may find that a short, focused period of study is sufficient. Many report successfully passing the exam with 1 to 2 weeks of preparation, equating to roughly 15-25 total study hours.

For Career Changers: Individuals with no prior IT or cybersecurity experience should plan for a more extended study period. A timeline of 4 to 8 weeks, with consistent study sessions totaling 40-80 hours, is a realistic estimate to thoroughly learn the foundational concepts from the ground up.

Official (ISC)² Resources:

• Official Online Self-Paced Training: As part of the 1MCC initiative, this comprehensive online course is available for free to all individuals who register as an (ISC)² Candidate. The standalone commercial price for a similar official (ISC)² training course from a partner like CyberVista is listed at $269.
• Official Study Guide: The CC Certified in Cybersecurity Study Guide, authored by respected expert Mike Chapple and published by Wiley. The paperback version is priced at $40.00, while the e-book is available for $24.00.
• Official Practice Resources: (ISC)² offers several free self-study tools directly on its website, including a CC Practice Quiz and a set of CC Flash Cards.

Popular Third-Party Resources:

• Udemy: “The Complete Certified in Cybersecurity CC course ISC2 2025” by instructor Thor Pedersen, which has earned a 4.6-star rating from over 12,000 reviews. It is frequently available for around $22.99.
• LinkedIn Learning: The “(ISC)2 Certified in Cybersecurity (CC) Cert Prep” course, also by Mike Chapple, is one of the most frequently praised resources in candidate testimonials.
• Practice Exams: “ISC2 Certified in Cybersecurity (CC) Full Practice Exam” by Paulo Carreira offers a bank of 600 questions with a 4.6-star rating, typically priced around $16.99.

Professor Messer, a widely respected provider of free, high-quality video training for CompTIA exams like A+, Network+, and Security+, does not offer content for (ISC)² certifications, including the CC.

Proven Study Methodology: Based on an analysis of successful candidate reports, a highly effective study methodology involves three key phases: 1. Engage with a Primary Video Course, 2. Review Official (ISC)² Materials, 3. Master the Material with Practice Exams. The goal is not just to pass, but to consistently score above 85%.

Recent Updates and What’s Changed

The CC remains relatively stable in content but will undergo significant delivery changes. As a relatively new certification, the CC has not yet undergone a major revision of its content domains. The exam outline has remained consistent since its inception.

The major upcoming change is the transition to Computerized Adaptive Testing (CAT) format on October 1, 2025. Currently, the CC is administered as a linear, fixed-form examination where every candidate receives the same number of questions in a standard sequence.

In the CAT format, the testing engine adjusts the difficulty of subsequent questions based on the candidate’s previous answers, providing a more precise and efficient assessment of competency. It is important to note that this is a change in format only; the underlying exam content and domains covered will not change with this transition.

Growth continues under the 1MCC initiative. The adoption of the CC has been rapid, largely fueled by the 1MCC initiative. As of a March 2024 announcement, (ISC)² reported that more than 390,000 individuals had enrolled in the training program, and over 50,000 had successfully passed the exam to become Certified in Cybersecurity.

How AI is Transforming Cybersecurity Careers

The cybersecurity landscape faces dual pressures from artificial intelligence. AI automates certain security tasks while simultaneously enabling more sophisticated attacks.

While AI is being used to automate certain security tasks, it is also being leveraged by malicious actors to create more sophisticated and scalable attacks. This dual-use nature of AI increases the need for human analysts who possess a strong understanding of fundamental security principles to effectively manage, oversee, and interpret the outputs of these advanced tools.

Cloud adoption creates new security paradigms. The ongoing migration of infrastructure and services to the cloud introduces new security paradigms and challenges. A baseline understanding of network security, access control, and data security (all core components of the CC curriculum) is essential for operating securely in these environments.

Remote work expands attack surfaces. The shift to remote and hybrid work models has effectively dissolved the traditional network perimeter, significantly expanding the organizational attack surface. This places a greater emphasis on endpoint security, security awareness training, and the enforcement of sound security policies, all of which are foundational topics introduced in the CC exam.

The CC curriculum addresses these evolving needs through its focus on fundamental principles rather than specific technologies. Understanding access controls, risk management, and security operations provides the foundation for adapting to new tools and threats.

The industries with the most active and urgent demand for cybersecurity talent continue to be those that manage high-value data and operate under stringent regulatory frameworks, including finance, healthcare, government, and technology services.

Is CC – Certified in Cybersecurity Worth It in 2025?

Absolutely, with important caveats.

The CC delivers exceptional value when obtained through the free 1MCC program. The immediate ROI of the CC, when obtained through the free 1MCC program, is exceptionally high. It provides a globally recognized credential from a prestigious organization for zero financial outlay.

The certification’s primary return is its ability to open the door to entry-level interviews. For a candidate with no prior experience, the CC on a resume serves as a powerful signal of initiative, commitment, and foundational knowledge.

However, realistic expectations matter. It is crucial to understand that the CC certification, on its own, will not command a six-figure salary, despite some misleading online salary data. Based on a critical analysis of credible sources like the Skillsoft report, a realistic salary expectation for a first role secured with the CC as a primary credential is in the $80,000 to $110,000 range in the U.S.

Who shouldn’t pursue this certification:

• Experienced Security Professionals: The content is entirely foundational and will offer no career advancement or knowledge benefit to those already established in the field.
• Candidates Requiring Immediate DoD 8140 Compliance: These individuals must pursue the CompTIA Security+, as the CC does not meet this requirement.

When alternatives might be better:

• For a candidate with some IT background and a budget for training, the CompTIA Security+ may be a more direct route to satisfying a broader range of job posting requirements.
• For those who wish to focus on developing practical, hands-on skills, a more technical certification like the Cisco Certified Support Technician (CCST) in Cybersecurity or a vendor-specific credential from a cloud provider might be a better choice.

The CC serves best as a stepping stone. After achieving the CC, a logical next step could be the CompTIA Security+ to gain the DoD-approved credential, or the (ISC)² Systems Security Certified Practitioner (SSCP), which is the next level in the (ISC)² framework and requires one year of professional experience.

Getting Started: Your Next Steps

1. Assess current knowledge – Take the free (ISC)² practice quiz to gauge your baseline understanding
2. Register as (ISC)² Candidate – Required to access free training and exam voucher
3. Complete official training – Start with the free official online self-paced training course
4. Supplement with video content – Consider highly-rated courses from Thor Pedersen (Udemy) or Mike Chapple (LinkedIn Learning)
5. Practice extensively – Use third-party practice exams to master (ISC)² question style and consistently score above 85%
6. Schedule exam – Book at Pearson VUE testing center using exam code “CC”
7. Plan next steps – Consider CompTIA Security+ for DoD compliance or SSCP for (ISC)² progression

The cybersecurity field needs more practitioners who understand fundamentals. The CC provides that foundation at unprecedented accessibility. Whether it launches your career depends on what you do with the knowledge after earning it.

---

This overview represents analysis of publicly available information as of August 2025. All salary data, exam fees, content, and policies are linked to original sources for verification. Always confirm current information with (ISC)² directly before making certification decisions.

References and Sources

Official (ISC)² Documentation

• (ISC)² Certified in Cybersecurity Certification. (ISC)² Official Website. https://www.isc2.org/certifications/cc
• One Million Certified in Cybersecurity Initiative. (ISC)² Free Training Program. https://www.isc2.org/landing/1mcc
• CC Certification Exam Outline. (ISC)² Official Exam Structure. https://www.isc2.org/certifications/cc/cc-certification-exam-outline
• Before Your Exam. (ISC)² Exam Preparation Guidelines. https://www.isc2.org/exams/before-your-exam
• After Your Exam. (ISC)² Post-Exam Information. https://www.isc2.org/exams/after-your-exam
• Exam Scoring FAQs. (ISC)² Scoring Information. https://www.isc2.org/register-for-exam/exam-scoring-faqs
• (ISC)² Exam Pricing. Official Exam Costs. https://www.isc2.org/register-for-exam/isc2-exam-pricing
• Annual Maintenance Fees Overview. (ISC)² AMF Information. https://www.isc2.org/policies-procedures/amfs-overview
• Become a Candidate. (ISC)² Candidacy Requirements. https://www.isc2.org/candidate
• (ISC)² About. Organization Mission and Background. https://www.isc2.org/about
• (ISC)² Cybersecurity Certifications. Complete Certification Portfolio. https://www.isc2.org/certifications

Government and Official Statistics

• Information Security Analysts Occupational Outlook. U.S. Bureau of Labor Statistics. https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
• National Employment Trends: Information Security Analysts. O*NET OnLine. https://www.onetonline.org/link/localtrends/15-1212.00?st=
• Cybersecurity Career Pathway. CyberSeek.org (NICE/CompTIA Initiative). https://www.cyberseek.org/pathway.html

Industry Reports and Research

• 20 of the Best Cybersecurity Certifications in 2024. Skillsoft Research Report. https://www.skillsoft.com/blog/the-best-cybersecurity-certifications
• Cybersecurity Salary by Role and Experience Level. Skillsoft Salary Analysis. https://www.skillsoft.com/blog/cyber-security-salary-by-role-and-experience-level
• Global Cybersecurity Workforce Study 2024. Arrow Education Services. https://edu.arrow.com/media/wtjfmszx/2024-isc2-wfs.pdf
• ISC2 Certified In Cybersecurity Salary Data. ZipRecruiter Salary Aggregation. https://www.ziprecruiter.com/Salaries/Isc2-Certified-In-Cybersecurity-Salary

News and Press Releases

• (ISC)² Launches Certified in Cybersecurity Entry-Level Certification. PR Newswire, August 31, 2022. https://www.prnewswire.com/news-releases/isc-launches-certified-in-cybersecurity-entry-level-certification-to-address-global-workforce-gap-301615556.html
• ISC2 Continues Investment in One Million Certified in Cybersecurity Pledge. (ISC)² Press Release, March 2024. https://www.isc2.org/Insights/2024/03/ISC2-Continues-Investment-in-One-Million-Certified-in-Cybersecurity-Pledge
• CC Exam Goes CAT: New Exam Format Announcement. (ISC)² Insights, June 2025. https://www.isc2.org/Insights/2025/06/cc-exam-goes-cat-new-exam-format
• ISC2 Continues Investment in One Million Certified in Cybersecurity Pledge. (ISC)² Press Release, March 2024. https://www.isc2.org/Insights/2024/03/ISC2-Continues-Investment-in-One-Million-Certified-in-Cybersecurity-Pledge

Educational Resources and Analysis

• What Is ISC2 Certified in Cybersecurity? 2025 Overview. StationX Educational Content. https://www.stationx.net/what-is-isc2-certified-in-cybersecurity/
• Your 2025 Guide to ISC2 Certifications. Coursera Educational Article. https://www.coursera.org/articles/isc-two–certifications
• Certified in Cybersecurity Specialization. Coursera Course Information. https://www.coursera.org/specializations/certified-in-cybersecurity
• 7 Cybersecurity Trends to Know in 2025. Coursera Industry Analysis. https://www.coursera.org/articles/cybersecurity-trends
• About ISC2. ISC2 Chapter Background Information. https://isc2-chapter.gr/about-us/about-isc2/
• ISC2. Wikipedia Reference Article. https://en.wikipedia.org/wiki/ISC2

Training and Certification Resources

• CC Certified in Cybersecurity Study Guide. Wiley Publishing. https://www.wiley.com/en-us/CC+Certified+in+Cybersecurity+Study+Guide-p-9781394213832
• ISC2 Practice Tests and Training. CyberVista (N2K) Platform. https://certify.cybervista.net/vendor/isc2/
• CC Certified in Cybersecurity Courses. Udemy Training Platform. https://www.udemy.com/topic/cc-certified-in-cybersecurity/
• Professor Messer IT Certification Training. CompTIA Training Reference. https://www.professormesser.com/
• ISC2 CC Certification Syllabus and Prep Guide. EDUSUM Educational Resource. https://www.edusum.com/isc2/isc2-cc-exam-syllabus

Comparative Analysis

• ISC2 CC or CompTIA Security+: The Ultimate Showdown. iSecPrep Comparison Analysis. https://www.isecprep.com/2025/03/18/isc2-cc-vs-comptia-security-plus-ultimate-comparison/
• CompTIA Security+ Vs. ISC2 CC Comparison. 591 Lab Technical Analysis. https://591cert.com/comptia-security-vs-isc2-cc/
• Junior Cybersecurity Analyst Career Path. Cisco Networking Academy. https://www.netacad.com/career-paths/cybersecurity

Community Discussion and Testimonials

• CC Job Market Discussion. Reddit r/isc2 Community. https://www.reddit.com/r/isc2/comments/10rd3bt/cc_job/
• Job Hunting with ISC2 CC. Reddit r/cybersecurity Discussion. https://www.reddit.com/r/cybersecurity/comments/18x394t/job_hunting_with_isc2_cc/
• Passed the ISC2 CC Exam Experience. Reddit Success Story. https://www.reddit.com/r/isc2/comments/17yco3o/passed_the_isc2_cc_certified_in_cybersecurity/
• CC Exam Retake Policy Discussion. Reddit r/isc2 Community. https://www.reddit.com/r/isc2/comments/1eqj3d1/would_i_need_to_pay_for_a_retake_if_i_fail_the_cc/
• ISC2 Certified in Cybersecurity Job Search. Indeed Job Market Data. https://www.indeed.com/m/jobs?q=Isc2+Certified+in+Cybersecurity

About Tech Jacks Solutions: We provide comprehensive cybersecurity overview and certification guidance to help professionals advance their careers. Visit our website for more certification guides and training resources.