How can I get my work experience evaulated before taking exam?

luking

I have CCNA in security.
I also have 15 years experience working in helpdesk in Level 2 and 3. I am well familiar with simple security concepts like access control, firewalls, resetting user permissions, physical access restrictions, how to dispose off sensitive data etc.
But I have never worked in Info Security field directly.
I dont want to jump in infosec by joining as ccna -security taking a big hit to my salary. I cant wait 4 years to become CISSP.
Is there any way I can have my current skills and past experience evaluated to see if I can somehow meet the 4 years experience requirement?

emerald_octane

I don't think this is possible; probably because there is no guarantee that you'll pass the test in the first place.

If all of your experience is full time + it's across two domains and you managed yourself during the process (meaning you were evaluating and implementing security controls on your own) then you should have no problem meeting the 4 (w/ degree) or 5 year requirement.

If you have concerns about your experience simply take the examination as an Associate of (ISC)2 and you have six years to get the experience. You can submit your app materials at any time during this period for evaluation.

mbarb

I will make the same question as Luking made....cause I would like also to know if I will be able to get my CISSP certification after I pass the exam. One of my problem is that I dont know any CISSP person to endorse me. so.what can I do ...for that..?

I have already begin studying for the exam ....so

I am MCP Certified, CCNP Security Certified and I am OSCP Certified. ..I have attend a CEH seminar in the past and a lot of others on InfoSec.

My experience is 20 years in Computer Industry.
I have done Pentests and IT audits.
The last 15 years I am a Network and Security Manager of a company with 400+ employees.
I designed the Network Security infrastructure of the company from the ground up using Cisco Devices like switches Routers WSA ESA ASA IPS WLC and a lot of others. My day to day business is managing the Network security of the company IPS ASA & Ironports and 3 years ago I created the Security Policy that the infrastructure uses today.
I can say with certainty that being in a Company like this I have work on all CISSP Domains now and then.
But how can they evaluate my skills and past experience to see if I meet the experience requirement.?

Cheers

E Double U

Submit your application to b/eads

mbarb

b/eads ..??
and what about the thing that I dont know any CISSP to endorse me..?

Thanx

kiki162

@luking Read this if you haven't already https://isc2.org/cissp-how-to-certify.aspx

No one is really going to tell you whether or not until you take the exam, pass, and then submit the paperwork. You really don't need a CISSP to endorse you, as you probably have enough to get the endorsement on your own.

mbarb

Thanx Kiki.!

cyberguypr

Guys, you really have to read the Candidate Bulletin and all the associated info on ISC2's site. If you don't know a CISSP endorsement can be done by ISC2, so no issue there.

In regards to the OP's question, it doesn't work that way. Imagine if ISC2 had to pre-evaluate everyone who thinks about taking the test. The burden of proof is on you to make sure you satisfy the experience requirement. They say that "you must have a minimum of five years of direct full-time security work experience in two or more of these 8 domains". Note that is says "security work experience", not a specific security role. That is opens up a sea of possibilities. For example, I was in a systems admin role for years and was able to easily satisfy the requirement as I touched many things across all domains. Take your time analyzing the CBK and see how you can associate your duties and responsibilities to it.

riyan

E Double U wrote: »

Submit your application to b/eads

I recon beads will reject him. Anyways let take opinion from beads...

riyan

@=kiki162

You do need someone who is CISSP and in good standing. Pay special head to E D U suggestion. If you do not know any CISSPIAN then ask ISC2 to endorse you but it;s a bit tedious and longer router. But remember you have only 9 months to do so. Unlike ISACA certs.

jt2929

UNNECESSARY QUOTE

Unless things have changed recently, you don't need a CISSP to endorse you. You only need a member of (ISC)2 to endorse you.

BlackBeret

UNNECESSARY QUOTE

The endorser has to hold the same certification you're applying for.

BlackBeret

riyan wrote: »

You do need someone who is CISSP and in good standing. Pay special head to E D U suggestion. If you do not know any CISSPIAN then ask ISC2 to endorse you but it;s a bit tedious and longer router. But remember you have only 9 months to do so. Unlike ISACA certs.

That's exactly what Kiki said. You can submit a separate endorsement application directly to ISC2 and have them endorse you. Effectively, you don't need to know someone to endorse you.

beads

First thanks for all the flippant name tossing. I have a long memory.

Second and more importantly read the candidate bulletin and decide for yourself if your truly qualified. The exam is aimed at mid level career security practitioners not people trying to break in to the field half way through their careers. Fair enough? As far as I can see that's where the majority of the confusion comes with the whole am I qualified.

Given the (ISC)2 stance on gaining membership above all else and the fact I have never heard anyone claim rejection as to not being qualified I doubt there is a problem with the initial acceptance. Or as I have heard so many times: "Just make something up.."

If you have to ask yourself let alone an testing board you already know the answer.

- b/eads

p.s. I am the monster under the bed, sometimes the closet but usually under the bed.

E Double U

beads wrote: »

If you have to ask yourself let alone an testing board you already know the answer.

b/eads never disappoints LOL

beads

It came to me in another discussion about this same topic and yes, it applies to many of these sought after certs: PMP, CCIE, CISSP, et. al. If you truly qualify then sit for the exam but if you have to ask if your qualified - you aren't. Simple.

No hand wringing necessary. No apologies.

- b/eads

Rumblr33

E Double U wrote: »

b/eads never disappoints LOL

b/eads makes my day every time I read a post from him.

E Double U

REMOVED UNNECESSARY QUOTE

I like to invoke him in CISSP threads the way someone would call on Candyman or Bloody Mary LOL. Speak of the devil and he shall appear

riyan

Rumblr33 wrote: »

b/eads makes my day every time I read a post from him.

Since OT asked for community members opinion, he is not qualified as per beads humble & honest opinion.
But as we never heard of anyone being rejected so OT will survive it. Irony.....

Just like harry potter series...you cannot become wizard but rather you are born with wizarding capabilities.
Thus just reach out to your heart and honestly analyze your qualification and match it to ISC2 requirements.
Can you handle this burden of being CISSPIAN?
or leave it to ISC2 endorsement committee.

beads

REMOVED UNNECESSARY QUOTE

I take that straight from the horses mouth then... Leaving it to the "endorsement committee". Closest thing we have there is the prequalification and that appears to have an all but 100 percent pass rate. LOL.

No readers it depends on the individual to make the case. If your asking for a peer review your probably just passing the responsibility, yeah or nay to others. Humble opinion or not. Its as non-judgemental as one can get. The question really begs are you the intended audience for the exam or not? We've seen the 8 and 12 year old MSCEs in the past as well. I don't think that's what Microsoft had in mind but there was a race to get the youngest kid through the program for quite awhile. Amusing if nothing else.

Its going to depend on the community to police itself before any of this can be considered a profession. And self policing is considered a tenant of a profession.

@E Double U I almost made a joke about saying "you know whose name" three times at the proper hour. (*Poof!*) (*Smoke*) Automagic appearance all that. Sorry for those of you who may be caffeine deprived when reading this: its called 'snark'. And riyan always invokes the best 'snark' outta me.

- b/eads

luking

Thanks everyone who responded here. Now I feel more confident especially after digesting beads' posts

riyan

luking wrote: »

Thanks everyone who responded here. Now I feel more confident especially after digesting beads' posts

Dear OT, please enlighten us, which part of beads comments provided the assurances you were looking for. The part where he said ".....Reach out to your heart and trust your feeling...Are you worthy of CISSP or not?...." or the part where he suggested "...100% acceptance and no one ever heard of any rejection from endorsement committee provided one's make something up".......

Beads snark/comments are like one's mother in-law remarks. They might be harsh, real, honest & instantaneous but no one pay any heed to them.

Kindly take the above statement on the comments made by beads. However as a person, he is very nice & gentleman. I am sure when I have a chance to visit Chicago, we will have a caramel-latte drink. He will be gentleman-enough to pay the bill and honor the unwritten code of CISSP brotherhood.
"If thous shall see a fellow CISSP outside of your territory, it is incumbent upon you to offer a cup-of-tea". (unwritten code of CISSP Brotherhood).
I wonder why so many of community members are from Chicago?

bpenn

^

That mother-in-law bit hit the nail on the head (at least about mine).

analyst

beads wrote: »

... I have never heard anyone claim rejection as to not being qualified ...

I have. I know two people who applied for full CISSP status and got pushed by ISC2 into Associate status instead.

analyst

beads wrote: »

The exam is aimed at mid level career security practitioners not people trying to break in to the field half way through their careers.

My reading of the requirements as set forth by ISC2 is that mid-career IT professionals who have had significant infosec responsibilities in their jobs despite those responsibilities not being their primary roles are also eligible as long as the time spent doing infosec work amounts to 5 years (or 4, if you have a degree or another cert).

beads

@riyan;

This argument gets played both ways. Either the ISC appears to be lax and everyone should have at least the CISSP or you need to wait till you have the proper amount of time to get the credential. Just trying to present both sides of the argument here. Don't need to be accused of being too harsh nor the last word on the subject. You know how opinions go - everyone has one.

For laughs I can take you through a number of LinkedIn connections of CISSPs that... well if your into scratching your head as to how. Need a separate room for these... ummm people. I'll put them in a separate room called 'Joes and schmoes" - hows that?

Coffee? Black and bought by the tub. This isn't a mother-in-law's argument its an observation. Though I will proudly state I went nearly 20 years without meeting my mother-in-law so I'll have to take your word for whatever nonsense above indicates. And of course there is probably an Argo Tea or Starbucks near the downtown office, let me know ahead of time and I'll hotel there - usually Mondays and Fridays to tend to my flock of recent grads. Edited that last bit out as that was funny but mean. LOL

@analyst

Kudos for the (ISC)2 then but suspect that would be like getting a speeding ticket in Chicago (by a physical cop that is). You have to do something boneheaded and obvious to do so.

I am running with the audience for this and every other mid-career cert. Its not a matter of can you but should you be sitting for this exam.

- b/eads

p.s. Now go clean the dust bunnies under your bed. Its getting nasty down here.

riyan

@beads, we were talking about mother-in-laws of rest of us. I hardly remember mentioning or considering you in this particular bit....No sweat...

No matter what you do dust bunnies will be there. Even in your down-town Chicago office. ISC2 probably have one or many which have "adopted" ISC2 willingly/knowingly or ISC2 have adopted them unwillingly/unknowingly as a matter of fact this goes for every professions/field.

Have not seen any case that by virtue of CISSP or for that matter any IT certs you will get a job....Or by displaying CISSP card one can claim his right on any info sec job....This has been discussed numerous time in this forum....

Similarly no case was ever mentioned that a candidate is rejected by hiring team because he has acquired CISSP too early in his career & this was reported this to ISC2 for further action.....

As @analyst mentioned, ISC2 do refer some applicants to associate route....May be those were under age applicants....

beads

@riyan;

Unless I missed something in the following sentence:

Beads snark/comments are like one's mother in-law remarks. They might be harsh, real, honest & instantaneous but no one pay any heed to them.

Word of ancient wisdom: "Opinions are like back-ends - everyone has one.." I am hardly unique in that regard. Its OK I understand you think anyone who wants whatever certification should have one. Clearly your not reading the same batches of resumes recently crossing my desk.

-b/eads

jt2929

BlackBeret wrote: »

UNNECESSARY QUOTE

The endorser has to hold the same certification you're applying for.

Can you point me to where it says this? The ISC2 website says the Candidate Endorsement Form must be completed by an "ISC2 certified professional". This is anyone who "is an active ISC2 credential holder in good standing." No where does it say they have to have the same credential you are applying for.

beads

To clarify. The endorser only need be (ISC)2 certified. Generally people seek out current CISSPs but there would be nothing stopping you from finding a CAP or HCISPP to endorse you. Not that I have ever hear of that happening before but its in the rules.

I would have had a very difficult time finding someone to endorse me for either my ISSAP, which is rare enough or worse the HCISPP of which I was likely the second person to pass by exam. Most of the HCISPP holders at the time were ironically in Europe and were easier to find than anyone grandfathered in America. I had CISSPs sign off on both obviously well after my original CISSP.

- b/eads