CISSP eligibility question

I have
6 months networking experience with switches/routers etc. 2005
CCNA 2005
CCNP(Routing & Switching) 2005
Software Developement experience 2007-2015

Am I eligible for CISSP?

Find more posts tagged with

Comments

mjsinhsv

Yes , you can take the test.
Anybody can take the test.
If you pass, you become "associate" until you gain 5 years of expereince.

Read through the forums.

seigex

Adding to mjsinhsv's post, you have 8 years in "Software Development" .. I'm assuming you used SDLC? And if so I'm assuming you took security into account during your development, such as protection against buffer overflows, or XSS attacks. That would fall under the Software Development Security domain.

If you took care of SSL certificates, or maintained a local CA, or applied any other kind of data hashing/encryption, then that would fall under cryptography.

And your networking experience falls under network security if you applied ACLs to the IOS configuration files, and set up cryptomaps.

It's all about how you articulate your justification for 5 years in at least 2 domains.

musman

seigex wrote: »

Adding to mjsinhsv's post, you have 8 years in "Software Development" .. I'm assuming you used SDLC? And if so I'm assuming you took security into account during your development, such as protection against buffer overflows, or XSS attacks. That would fall under the Software Development Security domain.

If you took care of SSL certificates, or maintained a local CA, or applied any other kind of data hashing/encryption, then that would fall under cryptography.

And your networking experience falls under network security if you applied ACLs to the IOS configuration files, and set up cryptomaps.

It's all about how you articulate your justification for 5 years in at least 2 domains.

Really helpful.
That's correct except about cryptomaps.
Does it matter to have your knowledge up to date. Since I am full time in developement and have not kept up with networking knowledge/skills.
during my networking internship the room where all the routers were was locked(Authorized personnel only). Does that count towards Physical security?

beads

@musman

The physical security angle sounds flimsy at best. Better to concentrate on the SDLC, compliance, and such. Go through all 10 domains and see what does and doesn't fit. I secured a bicycle with a lock or worked behind a locked door is pretty weak. That would entail nearly everyone imaginable. Still I am sure the ISC2 would accept it. Seriously!

Networking isn't necessarily the toughest domain. Its generally telecom and crypto that make people wince in pain.

- b/eads

musman

beads wrote: »

@musman

The physical security angle sounds flimsy at best. Better to concentrate on the SDLC, compliance, and such. Go through all 10 domains and see what does and doesn't fit. I secured a bicycle with a lock or worked behind a locked door is pretty weak. That would entail nearly everyone imaginable. Still I am sure the ISC2 would accept it. Seriously!

Networking isn't necessarily the toughest domain. Its generally telecom and crypto that make people wince in pain.

- b/eads

Got you. thanks!

mjsinhsv

Beads is spot on. They would probably accept it.
I've heard of security guards passing the test and endorsement phase. WTF.
Don't underestimate the Telecom domain.
You need a FIRM understanding of the OSI and basic knowledge of routers, switches, hubs etc.