Possible to pass CISSP without "hardcore" experience?

Greetings all,

I am in the middle of studying for my attempt at CISSP

. Some of you know I come from a different background than "hardcore" (straight) Infosec, but I have some experience with it as well as other certifications.

For those with less time with IT/Infosec, do you think this exam is doable for someone a outside of the field, albeit technical in nature? I ask since I believe CISSP is coming at you from a managerial perspective, and I've read on the forum here (IIRC) that some that have a completely different background, like business/MBA, that have passed this exam.

And I am aware of the Associate of ISC2 designation - I'm only asking about the CISSP exam.

Thanks all!
VV5

Find more posts tagged with

Comments

ITSec14

I'm in the same situation as you. I have 3 1/2 years of diverse IT experience with 11 months in a direct security role and I'm going for my CISSP (decided against doing the SSCP first).

I believe it's definitely possible with a lot of hard work and dedication to studying! The exam is not all technical either.

Best of luck!

dhay13

At the time I took my CISSP I had just under 2 years at my current employer pretty much providing vulnerability scanning and remediation. Before that I had 4 years as a System Admin managing AD, firewall, GPO's, permissions, etc. Pretty much a jack of all trades. It definitely wasn't a 'security' role but I performed security related functions. I also have an A.A.S. in computer forensics & security so I did have an educational background. That being said, I was able to pass on my first attempt without a dedicated security role until my current job.

talbert80

My background is more IT project and program management, software development, some Identity and Access Management, but just begun to work InfoSec Governance at the time I took the CISSP exam. I failed the CISSP the first time, but took the SSCP and passed the same weekend. I took it again in September the same year (after 4/2015 updates) and passed. If you have experience in at least two domains, you should be fine. To pass the exam, place a strong focus on the NIST Special Publications (see below), specifically the business continuity, incident response, risk management publications. You will need to be able to identify specific steps or the publication.

NIST Special Publications –
FIPS 140-2 Security Requirements for Cryptographic Modules
NISTIR 8053 – De-Identification of Personally Identifiable Information
800-30 – Conducting Risk Assessments
800-34 – Contingency Planning
800-37 – Guide to applying the Risk Management Framework
800-39 – Managing Information Security Risk
800-53 – Security and Privacy Controls for Federal Information Systems and Organizations Rev 4
800-61 – Computer Security Incident Handling Guide (understand the Incident Response Process)
800-86 – Guide to Integrating Forensics Techniques into Incident Response (understand Forensics Process and what happens in each step)
800-122 – Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)