← All writing

ISC2 is handing out a free cybersecurity certification, and it ends May 20

4 min Quick Take

There is a free cybersecurity certification sitting on the ISC2 website right now, and most of the people it would help have never heard of it. The window to enrol closes on May 20, 2026, which is three days from when I am posting this.

ISC2 is the body that runs the CISSP. If you have ever sat next to a security team, you have seen those four letters on somebody’s email signature, on a badge, on a job listing’s “preferred qualifications”. They are not a six-month-old startup printing credentials to upsell a course. They are the organisation that cybersecurity hiring managers actually filter resumes against. The fact that they are giving away their entry-level certification, the Certified in Cybersecurity, for free is unusual enough that I went and re-read the page twice. The programme is called One Million Certified in Cybersecurity. The normal US$199 exam fee is waived. The official self-paced training course is included. ISC2’s own language for it is plain: “ISC2 is offering FREE Certified in Cybersecurity (CC) Online Self-Paced Training and exams to one million people.”

When the body that sets the bar for the entire industry hands you a free pass over the lowest rung of it, you take the pass. You can decide later whether you keep climbing.

Be straight about what is free and what is not. The training and the exam are zero dollars. If you pass and want to keep the credential active after the first year, ISC2 charges an Annual Maintenance Fee of $50 per year. That is the only catch I can find, and it is not buried in fine print. If you do not pay the AMF, the credential lapses, but the fact that you passed it does not unhappen.

How easy is it actually

It is the entry-level ISC2 cert, designed to be the floor, not the ceiling. People with no IT background pass it after a couple of weekends of study. People already working in tech tend to clear it inside a week. It is not the CISSP. Do not bring CISSP energy to a CC exam and you will be fine.

How do you study for it without buying anything

The free programme includes the official ISC2 self-paced training, which is the only study material you actually need. Five domains: security principles, business continuity and incident response, access controls, network security, security operations. There are also free question banks circulating on Reddit (r/cybersecurity has a sticky every few months) and YouTube walkthroughs by working practitioners. You do not need a textbook, you do not need a paid course, you do not need a bootcamp. If you find yourself shopping for one, you are procrastinating.

Sign up before the 20th, or sit the exam before the 20th?

Sign up before the 20th. The deadline is for enrolling in the programme, not for finishing the exam. Once you are in, ISC2’s terms give you until December 31, 2026 to schedule and pass. Register first, study after. Every year a wave of people learn this rule backwards and find out at midnight on the 20th that “I was going to do it next month” was not a strategy.

How does the exam actually work

It is online, multiple choice, proctored through ISC2’s testing platform. You schedule it through the ISC2 dashboard once your training is complete. The result comes back the same day. If you fail, there is a retake cooldown but no permanent block. The whole thing happens from your own laptop with a webcam. No flying anywhere, no test centre, no excuses.

If you have been telling yourself for two years that you should “learn some security”, you have three days to convert that intention into something a hiring manager can actually verify. Don’t think about it. Sign up first, decide later.

Enrol in the free ISC2 CC programme →

The 20th is closer than it looks.