Passed CISSP exam, question regarding endorsement.

goatama

So take this for what it's worth, but from the endorsement form itself that has to be submitted for the certification to be conferred:

Professional Experience Guidelines. Experience in the specified credential domains qualifies as security experiencebut may not qualify as professional experience. Non-professional or para-professional work, even in the applicablecredential domains, does not satisfy the requirement. Professional work is usually compensated by salary, retainer,fee, or commission rather than per hour. It is, by definition, exempt from the wage and hour laws.

This means that if you're an hourly contractor for 10 years your experience doesn't count. Personally I think it's bullshit, but since they make the rules, and enforce the rules, and are a private certification body, they can pretty much say what they want.

Remedymp

goatama wrote: »

So take this for what it's worth, but from the endorsement form itself that has to be submitted for the certification to be conferred:



This means that if you're an hourly contractor for 10 years your experience doesn't count. Personally I think it's bullshit, but since they make the rules, and enforce the rules, and are a private certification body, they can pretty much say what they want.

That's why I don't like EC-Council and ISC. It's an extremely radical approach that in this day and age does not make sense. We have several L1 analyst who are contractors and we only hire contractors for the last few years and yet they're supposed not take the exam even though they do the same exact work as a FTE? Smh...

Techguru365

just to follow up, the endorsement process has been successfully completed and my full certification was approved and granted by (ISC)2.

wayne_wonder

Techguru365 wrote: »

just to follow up, the endorsement process has been successfully completed and my full certification was approved and granted by (ISC)2.

Congrats and good luck

shoey

storch wrote: »

I agree with beads, it feels great to pass the exam and you definitely deserve to be proud of that, but what separates the CISSP from other designations is the full time work experience required in the field of IT security. Let's be honest here, the CISSP is still an IT designation focusing on a broad knowledge of security controls. if I was interviewing you and you told me part of your CISSP experience was being a fireman for 2 years and testing smoke alarms I would be wondering if you are in the right interview room. Same thing would be if someone was to tell me part of their CISSP experience was cleaning virus's from their friends laptop in their spare time using Malwarebytes.

First off, congrats TechGuru on the exam pass, and approval! For what it's worth...

It's always interesting to me when people discuss CISSP requirements and solely focus on the IT industry. Requirements say "...experience in two or more of the domains..." When I worked as an ops manager for a private security firm, a lot of people went for the CISSP because they were in the security industry - not because they were in the IT industry. Experience is just that.. experience. It doesn't specify IT experience.

Yes, when hiring for an IT position would I question the candidate further if they used being a firefighter as part of their experience; but that's specifically because that candidate has applied for an IT job. I don't believe experience outside of the IT industry is a negative or reflects poorly on the candidate. If this were the case (ISC)2 would specify that experience come solely from the information technology sector.

For example: if you were in the military and your job was infantry (obviously not IT related), could this experience be considered for the CISSP? Well, according to (ISC)2 yes (I called them), if you did guard duty, asset protection, force protection, etc. Just because an individual uses non-IT related experience to obtain a CISSP, doesn't diminish the certifications value or the value of a candidate.