ISC2 is a U.S.-based nonprofit member association for cybersecurity professionals focused on advancing a safe and secure cyber world. It serves the market through vendor-neutral certifications, education, professional development and workforce advocacy that help individuals and organizations build credible cybersecurity capability. Its certification portfolio spans entry-level, practitioner, specialist and leadership pathways, making ISC2 relevant across multiple career stages and security disciplines.
ISC2 complements credentialing with official training, continuing education, certificates, courses, events and enterprise workforce programs. The organization supports not only individual career advancement, but also employer talent development, public-sector workforce readiness and broader efforts to strengthen the cybersecurity profession through standards, community and ongoing skills development.
Offerings, Capabilities, and Integrations
ISC2’s core capabilities center on developing and administering vendor-neutral cybersecurity certifications, delivering official exam preparation and supporting continuing professional education after certification. Its education model combines direct delivery with authorized partners and spans online self-paced, live online and in-person formats.
Beyond individual learning, ISC2 provides workforce development services for organizations that want to assess, train and retain cyber talent. Its broader professional development portfolio includes structured certificate programs, deeper topic-based courses, shorter express courses, workshops, webinars and events across areas such as cloud security, governance and risk, software security, incident response, zero trust and AI security.
Products and Services
- Certified in Cybersecurity (CC): Entry-level certification for individuals beginning a cybersecurity career or transitioning into the field, validating foundational security concepts and practices.
- Certified Information Systems Security Professional (CISSP): Leadership-oriented certification for experienced security practitioners, managers and executives covering enterprise security strategy, architecture, risk management and program oversight.
- Systems Security Certified Practitioner (SSCP): Certification for hands-on practitioners responsible for implementing, monitoring and administering secure IT infrastructure and operational controls.
- Certified Cloud Security Professional (CCSP): Advanced cloud security certification for professionals who design, manage and secure data, applications and infrastructure in cloud environments.
- Certified in Governance, Risk and Compliance (CGRC): Certification focused on governance, risk management and regulatory alignment for professionals working at the intersection of security, privacy and organizational oversight.
- Certified Secure Software Lifecycle Professional (CSSLP): Certification for software and application security professionals applying security practices across the software development lifecycle.
- Information Systems Security Architecture Professional (ISSAP): Advanced concentration for security architects developing, designing and analyzing security solutions and architectures.
- Information Systems Security Engineering Professional (ISSEP): Advanced concentration for professionals applying systems engineering principles and processes to build secure systems.
- Information Systems Security Management Professional (ISSMP): Advanced concentration for leaders overseeing governance, incident response, recovery and security program management.
- ISC2 Official Training: Official exam preparation and skills training delivered by ISC2 and authorized partners through self-paced, live online and classroom formats using ISC2-developed courseware.
- ISC2 Certificates: Multi-course professional development programs on focused cybersecurity topics that award validation of completion, digital badges and continuing professional education credits.
- ISC2 Courses: Skills-based professional development courses that provide deeper coverage of current cybersecurity topics with practical, job-relevant learning.
- ISC2 Express Courses: Short-format, on-demand courses designed for fast upskilling in emerging and high-priority cybersecurity topics.
- ISC2 Enterprise Solutions: Team training and workforce development services for organizations, including customized training plans, consultation and scaled learning options for cybersecurity teams.
Target Customers
ISC2 serves individuals across the cybersecurity career lifecycle, from newcomers seeking foundational credentials to experienced practitioners pursuing specialist and leadership certifications. Its audience includes security analysts, administrators, engineers, architects, software security professionals, cloud security specialists, risk and compliance professionals and cyber leaders.
ISC2 also targets employers that need structured workforce development for cybersecurity teams. This includes private enterprises, government agencies, defense-related organizations and other regulated or security-sensitive environments that rely on recognized credentials, official training and continuing education to hire, develop and retain talent.
Key People
- Scott Beale: Chief Executive Officer (CEO)
- Casey Marks: Chief Operating Officer (COO)
- Debra Taylor: Chief Financial Officer (CFO)
- Graham Jackson: General Counsel and Corporate Secretary
- Richard Shandelman: Chief Information Officer
- Jon France: Chief Information Security Officer (CISO)
- Tara Wisniewski: Executive Vice President, Global Advocacy and Strategic Engagement
- Andy Woolnough: Executive Vice President, Corporate Affairs
Key Facts
- Headquarters: Alexandria, Virginia, United States
- Employees: 201-500
- Annual Revenue: $98.2M
- Parent Company: None
- Subsidiaries: 5 entities in the consolidated group: International Information Systems Security Certification Consortium Limited (Hong Kong), International Information Systems Security Certification Consortium Limited (United Kingdom), International Information System Security Certification Consortium GmbH (Germany), International Information System Security Certification Consortium Pte Ltd. (Singapore), and the Center for Cyber Safety and Education.
- Publicly Listed: Not publicly listed
