CISSP

Hi Guys,
I have 3 years of experience in supporting ERP project implementation and about 6 years as an Information systems support analyst. I would want to take the CISSP exams, however, and get into security full time. With all this experience, can someone please advise if I have the needed experience to take the exams?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

SteveLavoie

I would suggest you to read all domain and see if if your task and experience can applied.

DZA_

As Steven said, I would recommend going through the exam outline to confirm if your experiences line up with any of the criteria. In best cases, you want to have direct experience with the criteria. Be sure to have another ISC2 CISSP holder validate your experience. I don't necessarily see how the ERP implementation holding a lot of weight however you might be able to satisfy some of the check marks with your information systems support analyst. e.g. dealing with user account provisioning / delegating access.

SteveLavoie

As DZA_ said, it could be easier to find CISSP holder to review your experience than to submit a task vs domain resume for ISC2 to audit. There are domain easier to get experience like Communication and Networking or Security Operation when working on a more standard IT job.

JDMurray

I sounds like you don't have any experience in information security, in which case the CISSP is not for you yet. Have a look at the objectives of the Security+ certification to get an idea if InfoSec is something that you want to do as a career path.

mawuquo

@JDMurray my experience as a support analsyt has given me the opportunity to support the security team in my organization in implementing security policies and applications (Forescout counteract) in remote offices. Would you count that as an experience in information security?

stryder144

mawuquo said:

@JDMurray my experience as a support analsyt has given me the opportunity to support the security team in my organization in implementing security policies and applications (Forescout counteract) in remote offices. Would you count that as an experience in information security?

I believe that @JDMurray is referring to the 5 years of experience in 2 out of the 8 domains that you must have to be awarded the CISSP certification. If you have a bachelor degree or a qualifying security certification, such as the CompTIA Security+ certification, then you can take off one year of experience. That means that you would only need 4 years instead of the 5 that is required otherwise.

beads

Keep in mind that the ISC(2) now considers the CISSP to be an 'operations and management' of security exam, placing more and more emphasis on past experience than in the past. If you read the 8 domains first, then ask these questions concerning the exam we could provide you with better, more targeted answers instead of these softball answers above.

If your asking for permission to study and sit for an exam than by all means - study your heart out. The CISSP is not a difficult exam to sit for when you have tons of InfoSec experience but people find the exam to be quite painful without said hands on experience. To that point, anyone who has practiced in the field for more than 5 years will tell you of the horror stories of people who have miraculously sat and passed the exam only to be shown the door 3 days after hire because they didn't have a clue as to what they were talking abCout in the first place. Don't be that person if your not ready to sit for the exam.

Good luck and keep asking questions!

- b/eads

CISSP curmudgeon