Advice on Meeting the Experience Requirement

Hello All,

I would like to get some opinions from current CISSPs regarding whether or not my current background would meet the CISSP experience requirements:

I have a PhD in Computer Engineering and have some published research the past several years in information security (2009-present).

I did a brief stint as a postdoc in cybersecurity at a government research lab for 6 months or so.

For about the last four years I have also been working in a primarily administrative IT role at a university that has involved some security policy-making and governance while teaching miscellaneous computer science courses such as Software Engineering, Networking, etc.

The CISSP endorsement form mentions "Research and Development" as valid experience, but I'm not sure if that would apply to my case.

For cases where the work is full-time, but only a percentage of one's duties are related to information security, how is the experience calculated? Pro-rating based on the amount of ones times spent on work in one of the CBK domains?

Thanks.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

sponge2

Hi milesteg,
As an IT admin you enforce security policies. I am also assuming that you implement access controls as an admin.
You should use these facts to document and take credit for your work experience.
Hope this helps.

chickenlicken09

keep them coming, as a network admin i have been struggling to think of what i can put down on cv that will aid me get a security role. dont know why.

Archon

eddo1 wrote: »

keep them coming, as a network admin i have been struggling to think of what i can put down on cv that will aid me get a security role. dont know why.

Telecommunications and Network security is one of the biggest domains. Surely most of what you do daily is evidence

chickenlicken09

haha yes but putting it into specifics.

milesteg

sponge2 wrote: »

Hi milesteg,
As an IT admin you enforce security policies. I am also assuming that you implement access controls as an admin.
You should use these facts to document and take credit for your work experience.
Hope this helps.

sponge2 thanks for your help,

I guess my work would be more likely considered in administration as in "strategy & planning" (think assistant to the CIO), not administration as in managing technical infrastructure. For instance, I did develop the university's Information Security Policy, Acceptable Use Policy, etc. I provided a security roadmap for the CIO that incorporated various NIST standards for Risk Assessment and developed a strategic plan for IT that included elements like Security Management, Network Management, Access Management, etc. I'm just not sure how reliable of a reference my supervisors would be.

Would the research experience and publishing not really count?

sponge2

So milesteg your role can be described as a governance type role.
Today when I get sometime I will put together a description for you. You can then decide if it reflects your duties.