Advice on Meeting the Experience Requirement
Hello All,
I would like to get some opinions from current CISSPs regarding whether or not my current background would meet the CISSP experience requirements:
I have a PhD in Computer Engineering and have some published research the past several years in information security (2009-present).
I did a brief stint as a postdoc in cybersecurity at a government research lab for 6 months or so.
For about the last four years I have also been working in a primarily administrative IT role at a university that has involved some security policy-making and governance while teaching miscellaneous computer science courses such as Software Engineering, Networking, etc.
The CISSP endorsement form mentions "Research and Development" as valid experience, but I'm not sure if that would apply to my case.
For cases where the work is full-time, but only a percentage of one's duties are related to information security, how is the experience calculated? Pro-rating based on the amount of ones times spent on work in one of the CBK domains?
Thanks.
I would like to get some opinions from current CISSPs regarding whether or not my current background would meet the CISSP experience requirements:
I have a PhD in Computer Engineering and have some published research the past several years in information security (2009-present).
I did a brief stint as a postdoc in cybersecurity at a government research lab for 6 months or so.
For about the last four years I have also been working in a primarily administrative IT role at a university that has involved some security policy-making and governance while teaching miscellaneous computer science courses such as Software Engineering, Networking, etc.
The CISSP endorsement form mentions "Research and Development" as valid experience, but I'm not sure if that would apply to my case.
For cases where the work is full-time, but only a percentage of one's duties are related to information security, how is the experience calculated? Pro-rating based on the amount of ones times spent on work in one of the CBK domains?
Thanks.
Comments
As an IT admin you enforce security policies. I am also assuming that you implement access controls as an admin.
You should use these facts to document and take credit for your work experience.
Hope this helps.
Telecommunications and Network security is one of the biggest domains. Surely most of what you do daily is evidence
sponge2 thanks for your help,
I guess my work would be more likely considered in administration as in "strategy & planning" (think assistant to the CIO), not administration as in managing technical infrastructure. For instance, I did develop the university's Information Security Policy, Acceptable Use Policy, etc. I provided a security roadmap for the CIO that incorporated various NIST standards for Risk Assessment and developed a strategic plan for IT that included elements like Security Management, Network Management, Access Management, etc. I'm just not sure how reliable of a reference my supervisors would be.
Would the research experience and publishing not really count?
Today when I get sometime I will put together a description for you. You can then decide if it reflects your duties.