Took and passed CISSP exam 5/29/15 - now the dilemma

RuleOf3RuleOf3 Member Posts: 14 ■■■□□□□□□□
Hello all, I've not posted before but have been reading this forum for a few months ... appreciate the commentary and opinions, very helpful.

Anyway, I'm DONE ... it's Saturday morning and for the first time in months I am NOT headed to the library at our local community college to study my books/notes/index cards/NIST docs/etc., and grind through endless CISSP practice questions.

Took the exam yesterday and PASSED! Now I know exactly what people mean when they say they would not want to go through that again. What an adventure. No idea how I passed, I felt like I bombed. I will post a separate message about my CISSP training, study plan, pithy observations, etc. at a later date.

My immediate dilemma is this:

Prior to April 15, when there were ten domains, my strong, slam-dunk domains (with 10-12 years of work experience) were:

Domain 3 - InfoSec Governance and Risk
Domain 8 - BCP/DRP
Domain 9 - Legal and Compliance

Well guess what, now under the new eight-domain regime, all three domains are rolled into Domain 1 - Security and Risk Management. Soooooo, to get certified I need another domain with 4 years experience (I have an MBA so minus a year).

Has anyone else bumped into this? What did you do?

I am going to dig into the rearranged content and see what matches my work history. But I just want to see if anyone else has had to rethink their "experience plan" due to the domain consolidation.

Thank you so much!



  • kiki162kiki162 Member Posts: 635 ■■■■■□□□□□
    Lisa - You'll be just fine. Research the different examples for the Domains. You'll get a feel for the types of stuff they are looking for. You can also search this site, as it will provide you with some ideas.
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
    First of all, congrats on the exam! Took mine a few weeks ago, hopefully I'll get the results soon.

    As to your dilemma re: the new domains, based on the areas you listed I think it's very likely you have experience in adjacent areas from the other domains, for example you mention governance and compliance, did you oversee or implement security controls for vulnerability assessment and auditing (Dom 6) or secure provisioning according to Common Criteria, NIST, etc (Dom 3)? If you did more on the areas you mentioned than just write the policy and governance and the BC/DR plans, then you should have some experience to show in at least one other domain, and all you need is 2. Hope this helps and again CONGRATS! icon_smile.gif
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    You don't need 5 years in two separate domains. You need 5 years total, in two or more domains. If you spent 10-12 years in Security and Risk Management, and you spent 1 day where you worked in network security, physical security, or anything else, then you'd meet the qualification. Based on some of the people I've seen with a CISSP I'd greatly support someone with 10-12 years of experience that you listed.
  • analystanalyst Member Posts: 48 ■■□□□□□□□□
    I had an email conversation on this subject with ISC2 shortly after I passed on 4/11. The official answer was, seek Associate. But like BlackBeret said, 1 day counts... you'll find it if you look.
  • RuleOf3RuleOf3 Member Posts: 14 ■■■□□□□□□□
    Very good points, thank you. I uncovered some past projects and programs I've implemented over the years that pertain to Physical Security (oops, I mean Asset Security), Access Control (or whatever the new name is), and Op Sec (now Sec Op? Interesting change ...). Maybe more, TBD.
    Anyway, I feel confident that I can honestly fulfill ISC2's requirements.
    - Lisa
Sign In or Register to comment.