Passed CISSP exam, question regarding endorsement.

Techguru365

I passed the CISSP exam yesterday 6/22/2016 and I have the security+ which knock a year off, I have two years that could be directly related to IT security, so I am falling short of 2 years. question is, can I use self employment for the additional year? I have ran my own side business for the last couple of years and I think know its not a enterprise, maybe that experience would be relatable to risk management and BCP . would love to hear if anyone has ever used self employment or any other advice as to what I might be overlooking.

Remedymp

Congrats on your pass. What is your academic background?

Techguru365

Thanks. currently pursuing my bachelors in IT.

beads

Given what you've said I would not in good conciseness endorse a candidate with these credentials. Please reapply for the SSCP exam until you are fully qualified.

- b/eads

cyberguypr

The guidelines say "actual fulltime Information Security work (not just Information Security responsibilities for a five year period)". It doesn't sound like you qualify for it.

beads

And you people wonder why there are so many paper CISSPs out there.

Techguru365

So let me get this straight, anyone who doesnt have 5 plus years in a security job is a paper CISSP? I cant actually have good knowledge in security, study hard and passed the exam based on those merits. I wonder where I got the knowledge to actually pass the exam from in that case, maybe its the exam **** that i studied..... oh thats right, there are no **** for the CISSP.

Techguru365

why would I need to apply for the SSCP? I passed the CISSP already, either I have the full 5 years or I am an associate until then.

TheFORCE

You would be falling short, but you kever know until you submit your paperwork.

Techguru365

Thanks. I plan to do that and let them tell me I need to wait. also, I was a firefighter for two years, and did stuff like code inspection, helped trained company employees in fire drill scenarios, fire extinguisher and sprinkler system checks etc. based on what i studied, it seems like that would fall under the physical (environmental) security domain. I plan to add that as well.

Remedymp

Note: Effective April 15, 2015, the CISSP exam will be based on a new exam blueprint. Please refer to the Exam Outline andFAQs for details.
Note that if certain circumstances apply and with appropriate documentation, candidates are eligible to waive one year of professional experience:

• One year waiver of the professional experience requirement based on a candidate’s education Candidates can substitute a maximum of one year of direct full-time security professional work experience described above if they have a four-year college degree, or regional equivalent OR an advanced degree in information security from the U.S. National Center of Academic Excellence in Information Assurance Education (CAE/IAE).

OR

• One-year waiver of the professional experience requirement for holding an additional credential on the (ISC)² approved list
  Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, investigator or instructor, that requires Information Security knowledge and involves the direct application of that knowledge. The five years of experience must be the equivalent of actual fulltime Information Security work (not just Information Security responsibilities for a five year period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.

My chapter only stated the above.

sameoj

Congrats

ITSpectre

I have said it before and I will say it again.....

You do not need 4-5 years of exp to sit for the exam. The website says that as clear as a window. People always are telling others that they need to wait to take the CISSP when even the website says "if you don't have the experience you can sit for the exam and be an associate of ISC2." If you study and learn the information and you pass the exam just be an associate of isc till you have the years of exp. They give you SIX years to get the exp....

ITSpectre

Techguru365 wrote: »

why would I need to apply for the SSCP? I passed the CISSP already, either I have the full 5 years or I am an associate until then.

Congrats on the CISSP pass. IDK why but people think you have to have 5 years of exp to take the CISSP..... but in reality it comes down to learning the materials, retaining the knowledge, and growing. If you are doing that.... then don't let the nay sayers discourage you...

isc2 Website: https://www.isc2.org/cissp-how-to-certify.aspx QUOTE: Don't have the experience? Become an Associate of (ISC)² by successfully passing the CISSP exam. You'll have 6 years to earn your experience to become a CISSP.

Mikeotuus

ITSpectre wrote: »

Congrats on the CISSP pass. IDK why but people think you have to have 5 years of exp to take the CISSP..... but in reality it comes down to learning the materials, retaining the knowledge, and growing. If you are doing that.... then don't let the nay sayers discourage you...

isc2 Website: https://www.isc2.org/cissp-how-to-certify.aspx QUOTE: Don't have the experience? Become an Associate of (ISC)² by successfully passing the CISSP exam. You'll have 6 years to earn your experience to become a CISSP.

I wish there was a like button... I would have liked your comment. I don't take delight in people who will want to belittle others, meanwhile the instructions are clear on ISC2 website that you can become an associate.

beads

ITSpectre wrote: »

Congrats on the CISSP pass. IDK why but people think you have to have 5 years of exp to take the CISSP..... but in reality it comes down to learning the materials, retaining the knowledge, and growing. If you are doing that.... then don't let the nay sayers discourage you...

isc2 Website: https://www.isc2.org/cissp-how-to-certify.aspx QUOTE: Don't have the experience? Become an Associate of (ISC)² by successfully passing the CISSP exam. You'll have 6 years to earn your experience to become a CISSP.

You've simply agreed with what I said above in a most indirect way. Yes, this is what the SSCP is designed to accommodate. Those with a lack of paid experience but can pass the exam.

I've meet people who could pass a physician board of examination but that doesn't qualify them to be called a physician or "Doctor".

And while your at it. Lets skip over the whole ethics portion of the certification. Since your willing and evidently more than ABLE to lie about the credential while should I or anyone else believe anything you have to say either verbally or written form? Really, if you cannot trust your security person with the trivial details you two think we should endow you with company secrets? Passwords? Access to affect people's livelihoods?

Please passing an exam is only part of it. Perhaps you've understand when you have to work with an individual who tells you to "just make something up like I did for my CISSP..." True story. Took less than 90 days to get that one fired but if you can't trust em, get rid of them.

Read ALL the requirements. Don't **** the exam it only lessens the value for those who completed properly and at least pretend to follow the cannons of the organization, please. The ISC(2) is not a Bar or charter in the legal, engineering or medical sense so its not taken seriously for this very reason. Any yahoo can take and pass an exam and call themselves a "security practitioner"

Lame excuses from both of you.

- b/eads

Techguru365

beads wrote: »

You've simply agreed with what I said above in a most indirect way. Yes, this is what the SSCP is designed to accommodate. Those with a lack of paid experience but can pass the exam.

I've meet people who could pass a physician board of examination but that doesn't qualify them to be called a physician or "Doctor".

And while your at it. Lets skip over the whole ethics portion of the certification. Since your willing and evidently more than ABLE to lie about the credential while should I or anyone else believe anything you have to say either verbally or written form? Really, if you cannot trust your security person with the trivial details you two think we should endow you with company secrets? Passwords? Access to affect people's livelihoods?

Please passing an exam is only part of it. Perhaps you've understand when you have to work with an individual who tells you to "just make something up like I did for my CISSP..." True story. Took less than 90 days to get that one fired but if you can't trust em, get rid of them.

Read ALL the requirements. Don't **** the exam it only lessens the value for those who completed properly and at least pretend to follow the cannons of the organization, please. The ISC(2) is not a Bar or charter in the legal, engineering or medical sense so its not taken seriously for this very reason. Any yahoo can take and pass an exam and call themselves a "security practitioner"

Lame excuses from both of you.

- b/eads

What the heck is your problem dude? .........seriously! I was unsure about some of my past experience being accepted and attempted to ask the community their opinions on their qualifying factor. where did I say anything about wanting to lie?

There is nothing unique about you, I come across arrogant pricks like you in this field every day. The sour attitude hater who likes being "king of the cubicle" and show disdain to younger techs who are probably excelling at a more rapid pace than they were at this point in their career. People like you are the disgrace of the IT community, because instead of encouraging the younger guys who will be the ones taking the baton and advancing the profession, you attempt to tear them down because of hate and I guess insecurity.

In the future, if you have nothing good to say, I encourage you to keep your mouth shut and be an observer from the sidelines. having this dirty, ignorant attitude is not only a poor reflection on you as an individual, but gives credence to the notion that IT guys are assholes.

storch

I agree with beads, it feels great to pass the exam and you definitely deserve to be proud of that, but what separates the CISSP from other designations is the full time work experience required in the field of IT security. Let's be honest here, the CISSP is still an IT designation focusing on a broad knowledge of security controls. if I was interviewing you and you told me part of your CISSP experience was being a fireman for 2 years and testing smoke alarms I would be wondering if you are in the right interview room. Same thing would be if someone was to tell me part of their CISSP experience was cleaning virus's from their friends laptop in their spare time using Malwarebytes.

cyberguypr

Well, that escalated quickly.

ITSpectre

beads wrote: »

You've simply agreed with what I said above in a most indirect way. Yes, this is what the SSCP is designed to accommodate. Those with a lack of paid experience but can pass the exam.

I've meet people who could pass a physician board of examination but that doesn't qualify them to be called a physician or "Doctor".

And while your at it. Lets skip over the whole ethics portion of the certification. Since your willing and evidently more than ABLE to lie about the credential while should I or anyone else believe anything you have to say either verbally or written form? Really, if you cannot trust your security person with the trivial details you two think we should endow you with company secrets? Passwords? Access to affect people's livelihoods?

Please passing an exam is only part of it. Perhaps you've understand when you have to work with an individual who tells you to "just make something up like I did for my CISSP..." True story. Took less than 90 days to get that one fired but if you can't trust em, get rid of them.

Read ALL the requirements. Don't **** the exam it only lessens the value for those who completed properly and at least pretend to follow the cannons of the organization, please. The ISC(2) is not a Bar or charter in the legal, engineering or medical sense so its not taken seriously for this very reason. Any yahoo can take and pass an exam and call themselves a "security practitioner"

Lame excuses from both of you.

- b/eads

There are no requirements.... IF you do NOT have the experience you can still take the exam but you are NOT a CISSP until you are endorsed AND you have the experience...

You are basically saying he is not qualified to be CISSP yet so he should take the SSCP instead. I mean he already passed the CISSP which is the hardest part... the next part is getting the experience within that 6 year time frame. THAT is next and can be completed.

You have to understand that yes anyone can pass a test but the experience adds to the credentials... Anyone can go to school but school does not give you experience... school helps you get the job to GET more experience, certs help you GET a job to gain more exp... he is not going around saying "Im CISSP" he just made a post saying he passed the exam... and he is 1 step closer to being a full CISSP.

Anyone can lie about anything... we live in a world where people can pretend to be someone they are not... But certs are not taken seriously yes... but people like me and the OP take them seriously....

to the OP - Go get your exp and level up!

ITSpectre

Techguru lets meet up sometime for a beer.... im in VA too near woodbridge and not to far from Alexandria.

Techguru365

I agree with beads, it feels great to pass the exam and you definitely deserve to be proud of that, but what separates the CISSP from other designations is the full time work experience required in the field of IT security. Let's be honest here, the CISSP is still an IT designation focusing on a broad knowledge of security controls. if I was interviewing you and you told me part of your CISSP experience was being a fireman for 2 years and testing smoke alarms I would be wondering if you are in the right interview room. Same thing would be if someone was to tell me part of their CISSP experience was cleaning virus's from their friends laptop in their spare time using Malwarebytes.






Nothing is wrong with having that opinion, but at the same time ISC2 who happens to be the governing body for the exam has decided that physical/environmental security is to be considered as an integral part of the security posture in a company.

I agree that if that was my only experience, then it would be fair, but you aren't taking into consideration that I have other hands on experience that applies to the other domains as well as the knowledge I acquired while studying to pass the cert, albeit just 3 years.

Techguru365

ITSpectre wrote: »

Techguru lets meet up sometime for a beer.... im in VA too near woodbridge and not to far from Alexandria.

sounds good, I am in Richmond but will reach out to you when I am coming to the area.

Techguru365

ITSpectre wrote: »

There are no requirements.... IF you do NOT have the experience you can still take the exam but you are NOT a CISSP until you are endorsed AND you have the experience...

You are basically saying he is not qualified to be CISSP yet so he should take the SSCP instead. I mean he already passed the CISSP which is the hardest part... the next part is getting the experience within that 6 year time frame. THAT is next and can be completed.

You have to understand that yes anyone can pass a test but the experience adds to the credentials... Anyone can go to school but school does not give you experience... school helps you get the job to GET more experience, certs help you GET a job to gain more exp... he is not going around saying "Im CISSP" he just made a post saying he passed the exam... and he is 1 step closer to being a full CISSP.

Anyone can lie about anything... we live in a world where people can pretend to be someone they are not... But certs are not taken seriously yes... but people like me and the OP take them seriously....

to the OP - Go get your exp and level up!

Exactly! Thanks for seeing what I meant.
I have no intentions of crashing the party at their "exclusive country club". I guess that's the idea entrenched in the mind of a lot of ppl who holds that CISSP title , and the more ppl that attain the cert, the less exclusive the club seems.

beads

Really we've seen lots of people with zero experience pass the exam. Most fail on the job in no time.

Its a matter of trust and experience. If you have neither, whats the point your trying to make? No one is insinuating passing a single exam is going to make you rich or more attractive to the opposite sex but at this time and place you really haven't proven much for all that ranting outside the two of you are getting together to share a beer.

If you cannot trust your security person in the first place you should not be in security. Nothing has changed of my belief in this statement in well over a decade.

Best way to separate CISSPs? The lowest number wins. Also a great way getting the first few rounds bought for ya... See ya' guys (errr... posers!)


- b/eads

ITSpectre

beads wrote: »

Really we've seen lots of people with zero experience pass the exam. Most fail on the job in no time.

Its a matter of trust and experience. If you have neither, whats the point your trying to make? No one is insinuating passing a single exam is going to make you rich or more attractive to the opposite sex but at this time and place you really haven't proven much for all that ranting outside the two of you are getting together to share a beer.

If you cannot trust your security person in the first place you should not be in security. Nothing has changed of my belief in this statement in well over a decade.

Best way to separate CISSPs? The lowest number wins. Also a great way getting the first few rounds bought for ya... See ya' guys (errr... posers!)


- b/eads

My point is telling someone that they HAVE to have 5 years of experience to sit for the exam is not true.... even ISC2 does not say that. Usually a security person has more then 1 yr of exp and has a desire to learn security would know to learn to crawl before they walk... that is common sense. It is more about experience then trust.... because you have to have experience to be trusted.

You can't get a CISSP job without the CISSP... AND in order to be a CISSP you have to have the years of exp + endorsement. People will slip through the cracks in any certification.... there are people with Sec+ that know nothing about basic security concepts.

My whole point is ISC2 said that you can sit for the exam without the experience... YOU are saying without the necessary experience you should not sit for the exam... so let me ask this....

How many people that go to college have the experience of college? How many Dr's get experience before they go to college? Lawyers go to college first then get the experience.... My point is.... you can get take the exam THEN get the experience and then become a CISSP.... there is no law, or requirement that says "get the exp first, then sit for the exam"

That is like telling a lawyer "go get your experience first, pass the bar exam, then go to law school"

To be a Lawyer you go to school first, to be a Dr you go to school first... any field you want to get into wether security, networking, law, teching, etc.... you go to school or get the proper certification.... then you get the needed experience....


I think you need a big hug..... cmon bring it in...:D

ITSpectre

beads wrote: »

And you people wonder why there are so many paper CISSPs out there.

I think beads has been hurt by many paper CISSPs... so he takes it out on those that aspire to be CISSP....

JDMurray

There are very few certifications that require verifiable professional work experience BEFORE sitting for the exam. Therefore, complaining that many people pass InfoSec cert exams without having any InfoSec experience, or that most InfoSec certifications are "paper certs," is just stating the obvious that we've seen here at TE for over ten years now.

Certifications are only ONE measure of a job candidate. Any employer who hires an InfoSec professional based mostly on the candidate having passed the CISSP (or any other) exam deserves everything they get from that candidate. Learning experiences occur on both sides of the hiring table.

Techguru365

JDMurray wrote: »

There are very few certifications that require verifiable professional work experience BEFORE sitting for the exam. Therefore, complaining that many people pass InfoSec cert exams without having any InfoSec experience, or that most InfoSec certifications are "paper certs," is just stating the obvious that we've seen here at TE for over ten years now.

Certifications are only ONE measure of a job candidate. Any employer who hires an InfoSec professional based mostly on the candidate having passed the CISSP (or any other) exam deserves everything they get from that candidate. Learning experiences occur on both sides of the hiring table.

Nothing to disagree with there. my problem with what he said regarding "paper cert" though, was that he was basically calling me a idiot because I didn't have whatever the amount of years is, that he thinks make you a credible person in the field.

[Deleted User]

Congrats Techguru365! In reality, since you passed the exam without the experience actually makes you quite a smart cookie imo! Since you are pursuing your bachelor's program, i take it you are in your 20's (not trying to judge just wondering)? In reality, they will decline getting the full CISSP without the experience of full time paid work experience. Being self employed won't count unless you are making money and can have proof of revenue. I would say just use your Sec+ for your 1 year waiver use your 2 years of IT Sec work experience and get 2 more years. Trust me it will go by fast. They give you 6 years to get 2 years of experience! Not a bad deal imo. I have seen other certs like CISA where if you don't have the experience by the time you apply for the cert after passing the exam, all the money and time goes down the drain. I wouldn't view this as a negative but more as a positive. It's all perspective my friend! Anyone can say o they are a paper this and that. I have had people say to me O you are a paper CCNA because I passed my CCNA while finishing my bachelor's program. If you know your stuff, your employer and the hiring person will know. Screw what other people say or think. If you passed legit fair and square, they can be jealous since you passed @ a young age. Way to be!

ITSpectre

JDMurray wrote: »

There are very few certifications that require verifiable professional work experience BEFORE sitting for the exam. Therefore, complaining that many people pass InfoSec cert exams without having any InfoSec experience, or that most InfoSec certifications are "paper certs," is just stating the obvious that we've seen here at TE for over ten years now.

Certifications are only ONE measure of a job candidate. Any employer who hires an InfoSec professional based mostly on the candidate having passed the CISSP (or any other) exam deserves everything they get from that candidate. Learning experiences occur on both sides of the hiring table.

THANK YOU!!!!