Question about CISSP Qualification?

Ok, I am trying to see if my experience qualifies me in at least 2 of the domains required. First off is there 8 or 10 domains, because the endorsement sheet say 10 but it says 8 on the website? I have a degree so that is 1 year off so I only need 4 years to qualify.

I am looking at Security Operations and Asset Security. I have 6 years infantry plus 2 years doing security overseas. Would this experience suffice?

Find more posts tagged with

Comments

renacido

When you say "security", you mean more than physical security, correct? By Security Operations you're saying you did event monitoring, incident triage/response, intrusion/malware analysis, etc?

renacido

Also. Since April 15 there are 8 domains.

ArabianKnight

Nothing INFOSEC related unfortunately, physical security, access control, surveillance, designing physical security protocols and asset protection (people, places and stuff), also markings requirements (labels, classifications, etc)

beads

The CISSP is by its very nature an INFOSEC exam with little emphasis on physical security in the first place. Unless of course knowing how to use the correct fire extinguisher is paramount to your INFOSEC position. Its an old running joke amongst security practitioners. Keep in mind the CISSP is considered a mid career exam not an entry level exam.

Have you also looked into the SSCP exam? The requirements are lower and sounds more appropriate at this point in your career.

Yes, I have been referred to as the board -*hole, etc. and being kind while I soften my image.

- b/eads

kalkan999

B/eads,

Instead of being an A-hole, just refer them to the certifications where they may be more aligned with their experience, such as this case where he is clearly aligned with ASIS Certified Protection Professional (CPP) exam.

ArabianKnight

Thanks, but I am actually shifting from physical security towards INFOSEC jobs so obtaining any certs related to physical protection would be a step backwards. Looking at the domains for the CISSP in each domain there are sub-topics, do I need to have experience in all the sub-topics in at least 2 domains or can just one sub-topic per domain enough?

gutbrodj

ArabianKnight,

The CISSP is certification targeted at people who have 4-5 years of experience working with INFOSEC in two domains, physical security and the experience you have stated you have would fit into one domain. After taking the exam you have to be sponsored, which is a review of your actually experience and a certified CISSP must attest to the fact that you have sufficient knowledge to be certified. If others will indulge me and not get into a CCNA versus CISSP discussion, the CISSP is a certification for someone who has the equivalent amount of knowledge (not the same knowledge) as someone in between a CCNA and a CCNP. By no means is it a starter certification, and it will help if you have been an IT Team leader, or something similar (IT Auditor, Software Development) to really assist you with the application of the knowledge to the exam.

I would recommend you focus on the Comptia Security+ (Domain 7 Security Operations), Cisco CCENT (Domain 4 Communication and Network Security), and the EC Council CEH (Domain 6 Security Assessment and Testing) Certifications as they are great foundations for the CISSP. Combine that with your Domain 5 (Identity and Access Management) experience and the CISSP would be well within your reach.

renacido

gutbrodj wrote: »

ArabianKnight,

The CISSP is certification targeted at people who have 4-5 years of experience working with INFOSEC in two domains, physical security and the experience you have stated you have would fit into one domain. After taking the exam you have to be sponsored, which is a review of your actually experience and a certified CISSP must attest to the fact that you have sufficient knowledge to be certified. If others will indulge me and not get into a CCNA versus CISSP discussion, the CISSP is a certification for someone who has the equivalent amount of knowledge (not the same knowledge) as someone in between a CCNA and a CCNP. By no means is it a starter certification, and it will help if you have been an IT Team leader, or something similar (IT Auditor, Software Development) to really assist you with the application of the knowledge to the exam.

I would recommend you focus on the Comptia Security+ (Domain 7 Security Operations), Cisco CCENT (Domain 4 Communication and Network Security), and the EC Council CEH (Domain 6 Security Assessment and Testing) Certifications as they are great foundations for the CISSP. Combine that with your Domain 5 (Identity and Access Management) experience and the CISSP would be well within your reach.

CISSP is a mid-career cert targeted for seasoned security practitioners headed toward INFOSEC management roles.

To the OP, consider where your interests lie. Really before going into infosec you should have some general IT experience. When I interview candidates for entry-level positions in our enterprise security department, Sec+ is looked at favorably but is not required. Once we select a candidate we send them to Sec+ if I think they need it. CISSP is not required period, it's out of scope for an entry-level position. WHAT IS required though, is at least a couple of years of general IT experience, could be in networking, systems, help desk, but they need to know general IT stuff at the journeyman level or better before they join our team. Beyond that I look for signs that they are ethical, reliable, hard-working, inquisitive, analytical, and passionately enthusiastic about all things security. Go to one of their homes and you'll see a serious home lab with their own virtual pentesting and malware analysis environment that they've put together over the years. Does this sound like you? IF so, just work in IT and take advantage of opportunities to do some security-related projects. Make friends with the security guys. Read this forum regularly. After a year or two, maybe less, you'll have a pretty fair idea which path to follow. Good luck to you.

mjsinhsv

ArabianKnight wrote: »

Thanks, but I am actually shifting from physical security towards INFOSEC jobs so obtaining any certs related to physical protection would be a step backwards. Looking at the domains for the CISSP in each domain there are sub-topics, do I need to have experience in all the sub-topics in at least 2 domains or can just one sub-topic per domain enough?

You need 5 years of verifiable experience in whatever consists of at least two domains. Seriously, you aren't ready for CISSP.
You may be able to pass the test and attain the "Associate of ISC" certification. And then move forward with gaining the required experience.
The SSCP cert is more appropriate for your career level at the moment. The SSCP is held in high regard and many people take that test first while moving toward the CISSP.

beads

kalkan999 wrote: »

B/eads,

Instead of being an A-hole, just refer them to the certifications where they may be more aligned with their experience, such as this case where he is clearly aligned with ASIS Certified Protection Professional (CPP) exam.

When your a hammer - all the world looks like a nail. I think I'd prefer to be a blunt instrument today. LOL!! Thanks and well taken but today is not that day.

- b/eads