Which Job Titles Count As Direct Experience For CISSP?

Hi all. For the 5 year experience requirement for the CISSP it does not really indicate exactly which specific job title is approved. The language just says "experience in any of the eight domains" of the CISSP. So here then are they gonna approve the following job titles where the roles include integrated exposure to the eight domains in addition with other IT responsibilities:

Deskside Support (includes Asset Security, as well as Identity/Access Management)
Helpdesk Support (Roles include exposure to Identity & Access Management, Asset Security, Network Security)
System Analyst (Roles include exposure to Identity & Access Management, Asset Security, Network Security)
Database Admin (Database admins have exposure to Identity & Access Management as they have to add, update, remove access permissions to DB users)

I think you all see my point. Although none of these job titles are Security Analyst, Identity & Access Manager, or SOC Analyst they all include daily responsibilities where the individuals have to perform tasks within those domains.

So would the above 4 job titles then count as experience towards the 5 year requirement for CISS?

Find more posts tagged with

CISSP passed in first attempt

requirements

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

advanex1

I wasn't aware the job titles mattered. They are only looking for experience within the domains. Job titles.. they could care less. I don't even know why that would be a qualifying factor.

That Random Guy

advanex1 said:

I wasn't aware the job titles mattered. They are only looking for experience within the domains. Job titles.. they could care less. I don't even know why that would be a qualifying factor.

Of the jobs he's mentioned, would you say that passes under the domains considered? I'm likely in the same boat but I don't dwell in cyber security.

PCTechLinc

The job titles do not mean anything when you submit your application for review. When you post your credentials for a certified member to review, it asks specifically about the duties that you performed while in those positions, and the total cumulative experience you have in each domain.

egrizzly

PCTechLinc said:

The job titles do not mean anything when you submit your application for review. When you post your credentials for a certified member to review, it asks specifically about the duties that you performed while in those positions, and the total cumulative experience you have in each domain.

You're kidding me!!! So you saying that something like Help Desk roles which I have probably a good 10 years of experience in. They would consider that for the 5 year requirement since a significant amount of helpdesk is Endpoint Security (specifically the use of endpoint security solutions such as McAfee Antivirus, Symantec Antivirus, etc) to remove malware from endpoints (Laptops, Workstations, etc)

advanex1

@egrizzly That is correct. If you're dealing with Identity & Access Management (Active Directory, PKI, etc) and if you're doing asset security (this is fairly broad), as well as, network security.. your roles do not matter. If you passed the exam and if you have 5 or more years in 2 or more domains.. you're good. It's why the 5 year requirement really isn't hard to meet. You basically just have to have worked in IT for the last 5 years.

Let me be clear here though.. if you put I've had "exposure" to technologies.. that's not the same as working or active experience. Don't get those two mixed up.

advanex1

That Random Guy said:

advanex1 said:

I wasn't aware the job titles mattered. They are only looking for experience within the domains. Job titles.. they could care less. I don't even know why that would be a qualifying factor.

Of the jobs he's mentioned, would you say that passes under the domains considered? I'm likely in the same boat but I don't dwell in cyber security.

100%. Job titles do not matter. If he can explain how he worked in those domains effectively for at least 5 years.. it doesn't matter.

egrizzly

@advanex1 this is a breath of ocean fresh air!!! I have 20+ years experience in IT pretty much doing either Network Support, Help Desk, or lately, Cybersecurity. All of these have major elements of security as part of the main job duties. Well, I'll certainly start the process immediately.

Would you need statements from former co-workers/managers or anything of that nature? ....or are the folks at ISC2 basing this on the honor system where they trust you'll be honest in how you were involved in security in the past roles?

advanex1

You're going to have to provide contact information for former supervisors/individuals who can vouch for your work history anyways. All that matters is how you write and submit your experience. You need to write your job description/work duties to be in line with those domains and be sure that your coworkers/supervisors agree and can confirm that you did them. If you didn't work in those domains or in those duties, then when they call to verify your experience you wouldn't pass the endorsement test. Just make sure you're telling the truth and you'll be good to go.

lucky0977

It's easier if you have a friend/co-worker who possesses a CISSP to validate your work experience. It almost appears as though you'll have someone at ISC2 validate your work experience. In that case, you may get lucky and they take your word for it, accept the information you provided and award you the certification or they may actually do their due diligence and do an actual audit. But from my experience, all they want is your money.

beads

Anything you want to assign on to as having security experience. Its a rule that I doubt has ever really been enforced pas the time we (the ISC(2)) changed from quality of the candidates to purely getting the numbers up.

egrizzly

beads said:

Anything you want to assign on to as having security experience. Its a rule that I doubt has ever really been enforced pas the time we (the ISC(2)) changed from quality of the candidates to purely getting the numbers up.

Wow, you're affiliated with ISC(2) ? Thanks for the insight from your side of the CISSP endorsement world.

egrizzly

lucky0977 said:

It's easier if you have a friend/co-worker who possesses a CISSP to validate your work experience. It almost appears as though you'll have someone at ISC2 validate your work experience. In that case, you may get lucky and they take your word for it, accept the information you provided and award you the certification or they may actually do their due diligence and do an actual audit. But from my experience, all they want is your money.

Thanks for the valued opinion @lucky0977 . I'm certainly going to start lining up those individuals from my work history. Just out of curiosity, how was your endorsement experience with ISC2? Can you share how long it took from the time you filled out the form on their website to when you got your official notification that you had been endorsed as CISSP?

lucky0977

egrizzly said:

lucky0977 said:

It's easier if you have a friend/co-worker who possesses a CISSP to validate your work experience. It almost appears as though you'll have someone at ISC2 validate your work experience. In that case, you may get lucky and they take your word for it, accept the information you provided and award you the certification or they may actually do their due diligence and do an actual audit. But from my experience, all they want is your money.

Thanks for the valued opinion @lucky0977 . I'm certainly going to start lining up those individuals from my work history. Just out of curiosity, how was your endorsement experience with ISC2? Can you share how long it took from the time you filled out the form on their website to when you got your official notification that you had been endorsed as CISSP?

Can't remember. I think it was a month

egrizzly

lucky0977 said:

egrizzly said:

lucky0977 said:

It's easier if you have a friend/co-worker who possesses a CISSP to validate your work experience. It almost appears as though you'll have someone at ISC2 validate your work experience. In that case, you may get lucky and they take your word for it, accept the information you provided and award you the certification or they may actually do their due diligence and do an actual audit. But from my experience, all they want is your money.

Thanks for the valued opinion @lucky0977 . I'm certainly going to start lining up those individuals from my work history. Just out of curiosity, how was your endorsement experience with ISC2? Can you share how long it took from the time you filled out the form on their website to when you got your official notification that you had been endorsed as CISSP?

Can't remember. I think it was a month

Nice, nice! ....this is sounding very promising.