Experience for CISSP

AsupathyAsupathy Registered Users Posts: 4 ■□□□□□□□□□
Hi... I have 4+ years of experience in Data Loss Prevention. I am planning to prepare for CISSP. It is mentioned that we need experience in any 2 of the 8 domain. So am I eligible for the certification? Is it vaild?

Comments

  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Well lets see. Do you have experience in 2 of the domains?
  • AsupathyAsupathy Registered Users Posts: 4 ■□□□□□□□□□
  • kurosaki00kurosaki00 Member Posts: 973
    Well lets see. Do you have experience in 2 of the domains?
    Asupathy wrote: »
    Nopeicon_sad.gif

    lol end of thread
    meh
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    Are you sure you don't have any experience in 2 of the domains? There's a lot of overlap and you might be able to reach a little to qualify.
  • DatabaseHeadDatabaseHead Member Posts: 2,753 ■■■■■■■■■■
    markulous wrote: »
    Are you sure you don't have any experience in 2 of the domains? There's a lot of overlap and you might be able to reach a little to qualify.

    Creative writing?! :)
  • AsupathyAsupathy Registered Users Posts: 4 ■□□□□□□□□□
    Thanks Friend.. DLP is covered under both Asst Security and Security Operations(Incident management)... Hope I am eligibleicon_thumright.gif Can someone confirm this?
  • RuprechtRuprecht Member Posts: 6 ■■□□□□□□□□
    It’s fair to say that Data Loss Prevention is a desired outcome rather than a specific practice. Your work in DLP might be writing software with DLP as a design goal, you could be stuck in a warehouse throwing hard drives into a grinder all day, or a myriad of other variations with DLP as a primary or secondary goal.

    I don’t mean to be discouraging – when you consider the examples above and relate them to the CBK, you find other practices which are certainly in the CBK but for which you may not have considered qualifying for CISSP experience. If you were writing software, were you using a SDLC? If you were throwing hard drives into a grinder, were you recording serial numbers into a DB? Both of those contrived examples cover other areas of the CBK (Domain 8 and Domain 2 : Asset Management : Equipment Lifecycle)

    So I can’t confirm your particular experience, but once you immerse yourself in the CISSP content you will find that a lot of it isn’t security per say – it’s good IT practice.

    My advice – start studying. If you find you don’t have enough experience after the exam you should know how much you have remaining.
    I have a CISSP but haven’t bothered to update my profile.
  • mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
    From the ISC2 website:
    The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.
    Assume for the sake of discussion that you are somehow able to get sponsored, study & pass the CISSP. Are you comfortable representing yourself in this way? From the sound of it, I wouldn't think you have the kind of deep competence, skills & experience that this certification represents, if you are struggling with whether or not you have background in two of the domains through your job experience in a single area.

    ISC2 does have an Associate program for anyone who is able to pass the test without the necessary industry experience, giving the ability to gain work experience and to be endorsed towards full certification.
    More info: https://www.isc2.org/how-to-become-an-associate.aspx
Sign In or Register to comment.