Endorsement questions:

huddahudda Member Posts: 101
Hi Everyone,

Thank you all for sharing the information:

I have a quick two questions.
First, from what I understood the endorsement letter is needed after I passed my CISSP exam, Am I correct ?
Second, I have over 10 years’ of experience in IT field, but not in security. I have been working as support, and patch management as system admin, currently as Microsoft Lync/Skype for Business analyst, I also have MBA degree and 3 years college degree in Computer System Network Technology, and Certified, MCITP, MCSE, CompTIA Security+, and ITIL. I keep worrying about what (ISC)² will say or will ask me , since I did not work in Security field. I have planned to take this exam before the end of this year, but I keep getting destructed, please asking your expert advice…..

Thanks in advance!


  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    Yes the endorsement comes after you pass the CISSP. For the expires you need have 5 years experience in the CISSP domains listed. One year can be wait for a degree. So out of the 10 years you will need 4 years working directly in the CISSP domains.
  • cyberguyprcyberguypr Mod Posts: 6,927 Mod
    The experience requirement says that "candidates must have a minimum of 5 years cumulative paid full-time work experience in two or more of the 8 domains". There's no specific requirement to have an Infosec title or role. Any systems administrator, engineer, or many other roles can easily fulfill the requirement without being in a 100% security role. You mentioned patch management, which is totally valid. I only take offense when people try pass ridiculous tasks such as reading reports (with nothing actionable or practical) as security experience.
  • trueshrewkmctrueshrewkmc Member Posts: 107
    I counted a tech writing job because I spent time preparing documentation for risk management assessments. Time spent unlocking user accounts, creating user accounts, rebuilding PCs from preconfigured images, and other seemingly mundane tech support tasks are also related to IT security. Implementing or applying user controls is just as important as creating control requirements.

    Sec+ should count as 1 year of experience for waiver purposes.
Sign In or Register to comment.