Possible to pass CISSP without "hardcore" experience?

VictorVictor5VictorVictor5 Member Posts: 77 ■■■□□□□□□□
Greetings all,

I am in the middle of studying for my attempt at CISSP icon_study.gif. Some of you know I come from a different background than "hardcore" (straight) Infosec, but I have some experience with it as well as other certifications.

For those with less time with IT/Infosec, do you think this exam is doable for someone a outside of the field, albeit technical in nature? I ask since I believe CISSP is coming at you from a managerial perspective, and I've read on the forum here (IIRC) that some that have a completely different background, like business/MBA, that have passed this exam.

And I am aware of the Associate of ISC2 designation - I'm only asking about the CISSP exam.

Thanks all!
B.S. Electrical Engineering, M.S. Electrical and Computer Engineering, PhD Electrical and Computer Engineering
J.D. Candidate (2L)
In the books: CompTIA Network+, Security+, CEH, Associate of (ISC)^2, GIAC: GSEC, GAWN, GCIH, GPEN, GCFA
ProBoard: FF I & II; HAZMAT: Awareness, Operations, and Technician; Fire Instructor I; NREMT: EMT-B. Next up: Fire Officer I
Currently Working on: PE-Electrical and Electronics, Patent and State Bars, and Juris Doctor (law degree)
Next after next: Med school!!!!! Lol


  • ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    I'm in the same situation as you. I have 3 1/2 years of diverse IT experience with 11 months in a direct security role and I'm going for my CISSP (decided against doing the SSCP first).

    I believe it's definitely possible with a lot of hard work and dedication to studying! The exam is not all technical either.

    Best of luck!
  • dhay13dhay13 Member Posts: 580 ■■■■□□□□□□
    At the time I took my CISSP I had just under 2 years at my current employer pretty much providing vulnerability scanning and remediation. Before that I had 4 years as a System Admin managing AD, firewall, GPO's, permissions, etc. Pretty much a jack of all trades. It definitely wasn't a 'security' role but I performed security related functions. I also have an A.A.S. in computer forensics & security so I did have an educational background. That being said, I was able to pass on my first attempt without a dedicated security role until my current job.
  • talbert80talbert80 Member Posts: 29 ■■■□□□□□□□
    My background is more IT project and program management, software development, some Identity and Access Management, but just begun to work InfoSec Governance at the time I took the CISSP exam. I failed the CISSP the first time, but took the SSCP and passed the same weekend. I took it again in September the same year (after 4/2015 updates) and passed. If you have experience in at least two domains, you should be fine. To pass the exam, place a strong focus on the NIST Special Publications (see below), specifically the business continuity, incident response, risk management publications. You will need to be able to identify specific steps or the publication.

    NIST Special Publications –
    FIPS 140-2 Security Requirements for Cryptographic Modules
    NISTIR 8053 – De-Identification of Personally Identifiable Information
    800-30 – Conducting Risk Assessments
    800-34 – Contingency Planning
    800-37 – Guide to applying the Risk Management Framework
    800-39 – Managing Information Security Risk
    800-53 – Security and Privacy Controls for Federal Information Systems and Organizations Rev 4
    800-61 – Computer Security Incident Handling Guide (understand the Incident Response Process)
    800-86 – Guide to Integrating Forensics Techniques into Incident Response (understand Forensics Process and what happens in each step)
    800-122 – Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Sign In or Register to comment.