Is my CISSP Experience valid??
Hi Guys,
I am a long time lurker in this forum.The information contained here is so useful.
I just wanted to check with you Guys if my experience is valid.
Background:Total 6.5 years of IT Experience. Started out as telecommunications engineer and Moved slowly into Security roles.
Here is the break up of my experience:
Oct 2008- Dec 2011 : 3 years 2 Months
Domain:Telecommunications -
Activities: Testing of IP PBX Solutions
1)VoIP ,SIP, ISDN, PSTN Network testing,
2)working with wireshark for packet analysis,working on SIP Gateways, media gateways,
3)Type 2 virtualization of communication servers
4)Inter-operability of IP PBX with WLAN /DECT wireless standard supported handsets.
Jan 2012- Dec 2013:2 Years
Domain: Telecommunications and network security, Cryptography
Activities:Testing of IP PBX Security Solutions
VOIP Security -
1)Encryption testing - Network and local encryption of phone calls over SIP trunks,IPsec VPNs
2)Building,maintaining and testing IPsec VPN tunnel between SIP Media gateways
3)Configuring, maintaining and testing TLS over SIP trunks using Thales Hardware security module
4)Key management - key generation using Thales Hardware security Module.
JAn 2014 - Nov 2014:2 years
Domain:Security Assessment and Testing
Activities: VAPT, PCI DSS
1)Network Penetration Testing on SAN/AIX/Networks/Public IP address etc using Metasploit, Backtrack etc.
2)Preparing Report on Compliance documentation for telecommunications client
3)Preparing hardening checklists based on CIS Benchmarks for network devices and Firewall.
Nov 2014 - Nov 2015 : 1 Year -
You can call it a Break in my IT career. Was working on my Dad's business due to some personal issues.
Nov 2015 - Present :6 Months
Domain: Security Governance and Risk Management
Activities:Managing a Risk Treatment plan to protect A leading company's most important data assets.
I know that most of the work done post 2012 January(3.5 Years) fall under "CISSP-security experience" scope.
1)However ,Will my experience from 2008-2012, be considered valid security experience.??
2) I have lost touch with My ex supervisors. I have also moved company. Would it be Ok instead for an ex-colleague of mine to vouch for my CISSP experience??
Please send in your comments.
P.S: I plan to write my exam early Septemeber or late august.I am halfway through Shon Harris' book.
BR
Shreenag
I am a long time lurker in this forum.The information contained here is so useful.
I just wanted to check with you Guys if my experience is valid.
Background:Total 6.5 years of IT Experience. Started out as telecommunications engineer and Moved slowly into Security roles.
Here is the break up of my experience:
Oct 2008- Dec 2011 : 3 years 2 Months
Domain:Telecommunications -
Activities: Testing of IP PBX Solutions
1)VoIP ,SIP, ISDN, PSTN Network testing,
2)working with wireshark for packet analysis,working on SIP Gateways, media gateways,
3)Type 2 virtualization of communication servers
4)Inter-operability of IP PBX with WLAN /DECT wireless standard supported handsets.
Jan 2012- Dec 2013:2 Years
Domain: Telecommunications and network security, Cryptography
Activities:Testing of IP PBX Security Solutions
VOIP Security -
1)Encryption testing - Network and local encryption of phone calls over SIP trunks,IPsec VPNs
2)Building,maintaining and testing IPsec VPN tunnel between SIP Media gateways
3)Configuring, maintaining and testing TLS over SIP trunks using Thales Hardware security module
4)Key management - key generation using Thales Hardware security Module.
JAn 2014 - Nov 2014:2 years
Domain:Security Assessment and Testing
Activities: VAPT, PCI DSS
1)Network Penetration Testing on SAN/AIX/Networks/Public IP address etc using Metasploit, Backtrack etc.
2)Preparing Report on Compliance documentation for telecommunications client
3)Preparing hardening checklists based on CIS Benchmarks for network devices and Firewall.
Nov 2014 - Nov 2015 : 1 Year -
You can call it a Break in my IT career. Was working on my Dad's business due to some personal issues.
Nov 2015 - Present :6 Months
Domain: Security Governance and Risk Management
Activities:Managing a Risk Treatment plan to protect A leading company's most important data assets.
- Agree with Resolution owners on their timelines to close remediation against the Infosec Plan.
- Provide assistance clarifying the reason of the remediation and what needs to be done by the Owner to close it.
- Follow up with Application owners until completion of remediation.
- Collect Evidences, Prepare MoMs, Present Remediation posture for Application owners.
- Request risk exception or apply workaround wherever necessary.
I know that most of the work done post 2012 January(3.5 Years) fall under "CISSP-security experience" scope.
1)However ,Will my experience from 2008-2012, be considered valid security experience.??
2) I have lost touch with My ex supervisors. I have also moved company. Would it be Ok instead for an ex-colleague of mine to vouch for my CISSP experience??
Please send in your comments.
P.S: I plan to write my exam early Septemeber or late august.I am halfway through Shon Harris' book.
BR
Shreenag