CISSP Work Experience Requirement for Attorneys

Hey guys,

I previously worked in a major law firm's technology transactions group (which deals with the drafting and review of software/technology agreements along with data privacy matters) and currently as corporate counsel in charge of company wide technology agreements as well as data privacy issues.

I already have a CIPP and CIPT certification and I am looking into taking the CISSP certification due to the fact that I work so closely with the IT department and I thought it would be helpful for me possible in the future if I want to ever try to become a chief privacy officer.

My question is in terms of the two domains, obviously right now I do a log of the legal work for data privacy and the creation of an incident response plan ..., privacy policies... etc. , which covers 1 of the two domains (security and risk management). However, occasionally, I also work with our IT and risk management department to implement asset protection programs. However, my role is often in the legal perspective where in the meetings they will ask me what data privacy obligations and security obligations the vendor has to oblige by. This domain is a very small part of my every day job.

Do they care how much of your job is one domain vs the other? I deal with the first domain on a daily basis, however, the second domain is more of a minor part of the job. How big of an issue will this be when I try to get my work experience certified by the ISC?

Thanks in advance.

Find more posts tagged with

Comments

OctalDump

I can't speak 100% to this, but the total is "four years of direct full-time" paid experience - that's based on you having a 1 year waiver since you hold a 4 year degree (or equivalent). So that might also be a question for you. If you had 5 years of lawyering, but only 1 day a week of that was related to (at least two of) the domains, then you'd have problems. But 10 years of lawyering with an average of 2 days a week related to 2 or more of the domains would be fine.

TheFORCE

Quote from ISC2 website

The CISSP candidate must have at least 5 years of paid full-time experience in 2 or more of the above domains.

Advising or taking part in an IT meeting as part of your current job does not mean you work full time implementing the CISSP domains. I'm not saying you cannot try but it could be tough.

thexfactor

OctalDump wrote: »

I can't speak 100% to this, but the total is "four years of direct full-time" paid experience - that's based on you having a 1 year waiver since you hold a 4 year degree (or equivalent). So that might also be a question for you. If you had 5 years of lawyering, but only 1 day a week of that was related to (at least two of) the domains, then you'd have problems. But 10 years of lawyering with an average of 2 days a week related to 2 or more of the domains would be fine.

Makes sense. I am definitely not trying to take away (nor can I) the role of any IT professional. Rather I think this would be a great way for me to learn more technical knowledge so I can better interact with IT professionals.

I will contact ISC to see if they have any comments.

aftereffector

Just going by what you have mentioned, you already have more relevant work experience than some brand new CISSPs I have met. I can't speak for ISC2, of course, but I think you have a good chance at getting past the resume review.