Looks like ISC2 does not mind about needing experience for there certificatons
CCSP Spotlight: James Simonetti - (ISC)2 Blog
Years in IT: 8
Years in cybersecurity: 1
[FONT=Arial, sans-serif]Cybersecurity certifications: CCSP, CISSP, Security+[/FONT]
[FONT=Arial, sans-serif]How you get the CISSP and CCSP with only 1 years security experience??
Assuming the 8 years in IT covered him but then why say only 1 year in cybersecurity?[/FONT]
Years in IT: 8
Years in cybersecurity: 1
[FONT=Arial, sans-serif]Cybersecurity certifications: CCSP, CISSP, Security+[/FONT]
[FONT=Arial, sans-serif]How you get the CISSP and CCSP with only 1 years security experience??
Assuming the 8 years in IT covered him but then why say only 1 year in cybersecurity?[/FONT]
Comments
-
cyberguypr Mod Posts: 6,928 ModMaybe a case like mine. I've been doing security related functions forever but 100% dedicated cyber security stuff for just 4 years.
-
gespenstern Member Posts: 1,243 ■■■■■■■■□□Is normal. Most infosec folks come from network, infrastructure or development backgrounds where they did IT for years. All of these backgrounds have something to do with security and corresponding knowledge is an essential part of the CISSP CBK.
I come from physical/electronic security background and while, unlike network or infrastructure, it has this magic word "security" in it, I can tell that it has less to do with the CISSP than network or infrastructure. -
beads Member Posts: 1,533 ■■■■■■■■■□The definition as to what is or is not acceptable changed many years ago under Tipton who demanded we increase the number of certified members over having more "purity" of experience. It was quite the shouting match between camps.
- b/eads -
Mike7 Member Posts: 1,107 ■■■■□□□□□□The CISSP requirement is for 5 or more years of accumulated experience. Some of the cybersecurity folks I know have years of experience in network engineering, system engineering and/or application development. The knowledge and understanding helps.
Reminds me of this saying by Lesley Carhart
- To hack something (or defend it from hacking), you must have a solid understanding of how that thing works. -
636-555-3226 Member Posts: 975 ■■■■■□□□□□All you need is a boss to sign the paperwork, the bar for proving your skillset is based primarily on the honor system, or at least it was way back in the day when I took it
-
markulous Member Posts: 2,394 ■■■■■■■■□□Technically resetting passwords would count towards security experience. Heck, I worked as a security guard for a year and that should qualify as experience also.
-
beads Member Posts: 1,533 ■■■■■■■■■□Has anyone heard of someone post they were denied on any board, at anytime? Ever?
Doubtful.
- b/eads -
dhay13 Member Posts: 580 ■■■■□□□□□□I wondered about that myself. I worked in law enforcement for 6 years but also did armed security for 10 years. One of the contracts our company had was to watch the local water treatment plant after 9/11. we secured the perimeter and manned the gate but they also had a computer system and I'm sure a SCADA system. We didn't specifically secure the computer system but we indirectly did by securing the perimeter
-
ivx502 Member Posts: 61 ■■■□□□□□□□Before I sat for the CISSP I served in the military for four years. I did four years physical security and auditing before I transitioned to information security. I have heard of someone getting their experience declined, but that was only one person out of I don't know how many.
-
tedjames Member Posts: 1,182 ■■■■■■■■□□Has anyone heard of someone post they were denied on any board, at anytime? Ever?
Doubtful.
- b/eads
I wasn't denied, but I was audited. I've known a few others who were audited. Just a temporary setback. You just have to resubmit your experience. -
JDMurray Admin Posts: 13,092 AdminHow you get the CISSP and CCSP with only 1 years security experience??
Assuming the 8 years in IT covered him but then why say only 1 year in cybersecurity? -
rob1234 Banned Posts: 151The CISSP certification requires "professional information security" experience, of which "cybersecurity" is only a subset. The blog author calling the CISSP (and CSSLP and Security+) a "cybersecurity certification" is inaccurate. All of these certs cover areas of InfoSec not found in cybersecurity.
Never knew there was a known definition for cybersecurity? -
JDMurray Admin Posts: 13,092 AdminNever knew there was a known definition for cybersecurity?
It's a US Gov term; Google Search is your friend
https://www.dhs.gov/topic/cybersecurity -
JockVSJock Member Posts: 1,118I wasn't denied, but I was audited.
Its too bad that ISC doesn't audit the ethics of CISSP holders once they obtain the cert, since test taker are required to know and understand the code of ethics. I know of one CISSP that took part in domain squatting in order to make some cash and another that falsified their experience in order to test.***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown -
JockVSJock Member Posts: 1,118***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown -
JDMurray Admin Posts: 13,092 AdminThe (ISC)2 doesn't actively monitor the public activities of it's cert holders for ethics violations. They rely mostly on verifiable reports of unethical behavior from their membership and other sources. Probably the same for SANS/GIAC too.
The auditing is random and normal for ensuring the quality and integrity of the (ISC)2 exam results. -
beads Member Posts: 1,533 ■■■■■■■■■□There is now a standing ethics committee but haven't heard of who is on it or of any proceedings.
- b/eads -
JDMurray Admin Posts: 13,092 AdminMy guess is that it privately investigate reports of unethical behavior within the (ISC)2 membership and is not a public-facing body.
-
JockVSJock Member Posts: 1,118The (ISC)2 doesn't actively monitor the public activities of it's cert holders for ethics violations. They rely mostly on verifiable reports of unethical behavior from their membership and other sources. Probably the same for SANS/GIAC too.
The auditing is random and normal for ensuring the quality and integrity of the (ISC)2 exam results.
Then why test for a code of ethics?
It going thru the motions to make as much money as possible...***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown -
JDMurray Admin Posts: 13,092 AdminEthics is one of the topics in the Security and Risk Management domain of the CISSP CBK, so it is tested for. Also, if you are expecting your membership to follow a specific body of rules, you need to determine if they understand how they are expected to act and not to act. This does not come into play until after the CISSP exam is passed, but before endorsement is completed.
As for steering this discussion to "IT'S ALL A MONEY GRAB!!", there are much easier ways to make much more money as a USA business than offering InfoSec education and certification to the global community. -
JockVSJock Member Posts: 1,118Ethics is one of the topics in the Security and Risk Management domain of the CISSP CBK, so it is tested for. Also, if you are expecting your membership to follow a specific body of rules, you need to determine if they understand how they are expected to act and not to act. This does not come into play until after the CISSP exam is passed, but before endorsement is completed.
As for steering this discussion to "IT'S ALL A MONEY GRAB!!", there are much easier ways to make much more money as a USA business than offering InfoSec education and certification to the global community.
Its a question of honesty and integrity, which leads us down a twisted and narrow path of "IT'S A MONEY GRAB!!!"
Why does ISC have rules, along with ethics part that is tested on, if they aren't enforced to those who have successfully passed?
They should just forgo the rules and ethics and let anybody and everybody test, who has the money, because a customer with money is a customer with money.***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown -
JDMurray Admin Posts: 13,092 AdminJockVSJock wrote: »They should just forgo the rules and ethics and let anybody and everybody test, who has the money, because a customer with money is a customer with money.
-
JockVSJock Member Posts: 1,118I think you need to take up this issue directly with the (ISC)2.
I have a better chance of winner the lottery, then successfully discussing this issue with (ISC)2.
Admin it, these certs companies are a business, and their only goal is to make alot of money***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown -
JDMurray Admin Posts: 13,092 AdminJockVSJock wrote: »Admin it, these certs companies are a business, and their only goal is to make alot of money
-
rob1234 Banned Posts: 151
Do not see anywhere where they define cybersecurity? Just see the use of the buzzword a lot.
Also not being US I tend to prefer a more global definition, if you have one of them it would be great. -
E Double U Member Posts: 2,233 ■■■■■■■■■■JockVSJock wrote: »these certs companies are a business, and their only goal is to make alot of money
Primary goal maybe, but not the only goal.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
JockVSJock Member Posts: 1,118They are education businesses, but if their goal is to make a lot of money then they choose the wrong product.
IT certs must be a profitable product,
CompTIA Executive Compensation: Big Profits From Nonprofits - Page: 1 | CRNComputing Technology Industry Association, better known as CompTIA, was paying high salaries to its top executives, including a controversial $1 million bonus to then-CEO John Venator in 2006, despite the association's status as a nonprofit and tax-exempt organization.
If other companies, like ISC2, could have a little light shined on them too, there are probably details like this as well.
And education is a big business with big profits, just spend some time Googling around and you'll see.
I rest my case.***Freedom of Speech, Just Watch What You Say*** Example, Beware of CompTIA Certs (Deleted From Google Cached)
"Its easier to deceive the masses then to convince the masses that they have been deceived."
-unknown