CISSP - Required Experience Questions?
Hello,
My biggest goal for 2016 is to get the CISSP. I can waiver 1 year for my IS degree or my Security+/CEH. That gives me 4 years that I need. However, what exactly does "requiring four years of direct full-time professional security work experience in 2 or more of the 8 domains of the CISSP CBK" even mean?
For example, I had my own IT consulting company (for 7 years) from when I was in early college. I supported many small businesses and did all kinds of security related tasks such as custom routers/firewalls using pfSense, set up surveillance camera, encryption, back up plans and disaster recovery etc.
Then I consulted for 8 months where I managed a small network of 45 computers. This place had very limited bandwidth/resources so I setup a proxy to block certain entertainment websites that wasted unnecessary bandwidth and QOS. I also had to wipe data from 100+ hard drives/flash drives following DOD standards since they were a government contractor.
Then for 4 years I was in desktop support. Senior tech for 3 years then a manager for 1 year. The last 2 years of it I worked with the IRT and SOC teams almost daily. Some things I did was troubleshooting with wireshark, log analysis, VPN, lots of things related to Check Point. Had to participate in several training of non IT employees about identity theft, how to handle PII, how to encrypt data, signing emails with your cert etc. On top of that I wrote SOP's on few security related topics. Also did security scans for foreign hardware and a huge smart card deployment where I was heavily involved with kinking out the bugs until it was stable.
Last 6 months I have been the Lead [FONT=&]Systems Security Engineer for a fairly new start up. This is my first "full time 8 hours per day security only" job.
Is this experience enough to be able to get my CISSP if I were to pass the test? How do they handle self employed experience? I have tons of clients I could use as referrals. Just uncertain if my role has to be directly with Security 100% to get the cert.
Thanks!
[/FONT]
My biggest goal for 2016 is to get the CISSP. I can waiver 1 year for my IS degree or my Security+/CEH. That gives me 4 years that I need. However, what exactly does "requiring four years of direct full-time professional security work experience in 2 or more of the 8 domains of the CISSP CBK" even mean?
For example, I had my own IT consulting company (for 7 years) from when I was in early college. I supported many small businesses and did all kinds of security related tasks such as custom routers/firewalls using pfSense, set up surveillance camera, encryption, back up plans and disaster recovery etc.
Then I consulted for 8 months where I managed a small network of 45 computers. This place had very limited bandwidth/resources so I setup a proxy to block certain entertainment websites that wasted unnecessary bandwidth and QOS. I also had to wipe data from 100+ hard drives/flash drives following DOD standards since they were a government contractor.
Then for 4 years I was in desktop support. Senior tech for 3 years then a manager for 1 year. The last 2 years of it I worked with the IRT and SOC teams almost daily. Some things I did was troubleshooting with wireshark, log analysis, VPN, lots of things related to Check Point. Had to participate in several training of non IT employees about identity theft, how to handle PII, how to encrypt data, signing emails with your cert etc. On top of that I wrote SOP's on few security related topics. Also did security scans for foreign hardware and a huge smart card deployment where I was heavily involved with kinking out the bugs until it was stable.
Last 6 months I have been the Lead [FONT=&]Systems Security Engineer for a fairly new start up. This is my first "full time 8 hours per day security only" job.
Is this experience enough to be able to get my CISSP if I were to pass the test? How do they handle self employed experience? I have tons of clients I could use as referrals. Just uncertain if my role has to be directly with Security 100% to get the cert.
Thanks!
[/FONT]
Comments
-
hilld Member Posts: 42 ■■□□□□□□□□You will have to list the work history and I would highlight anything that fits in the 8 domains during your work experience. The CISSP that will endorse you will have to contact your employers or somehow verify with your clients the work you did and then submit your experience to (ISC)^2. If they don't question or audit you, you should expect to get your credentials in 4-6 weeks. Worst case is that they audit you and want to see more proof, but from your description, you should be ok.