CISSP experience requirements and endorsement
Hello all,
I am an IT auditor with around 4,5 years of external IT audit experience in big fours (ITGCs and IT dependencies audit) as well as nearly a year of IT internal audit experience. I would please like to ask if any of you had an exclusively IT general audit background and passed CISSP ? Also I do not know an ISC member in my current position, does any of you have experience with endorsement process by ISC?
I would please like to be sure I can get the certification with my current experience before investing in the exam costs
Thanks a lot in advance for your help
I am an IT auditor with around 4,5 years of external IT audit experience in big fours (ITGCs and IT dependencies audit) as well as nearly a year of IT internal audit experience. I would please like to ask if any of you had an exclusively IT general audit background and passed CISSP ? Also I do not know an ISC member in my current position, does any of you have experience with endorsement process by ISC?
I would please like to be sure I can get the certification with my current experience before investing in the exam costs
Thanks a lot in advance for your help
Comments
-
E Double U
Member Posts: 2,233 ■■■■■■■■■■
As an IT auditor, you might have gained enough knowledge to be able to understand the domains just fine. If I had to guess, you would probably feel comfortable with the following domains:
1: security & risk mgmt
2: asset security
6: security assessment & testing
Keep in mind that you are only required to have experience in two of the eight domains. Reference https://www.isc2.org/Certifications/CISSP/experience-requirements for certification requirements and https://www.isc2.org/Endorsement for the endorsement process. (ISC)2 itself can act as your endorser.
Have you considered ISACA credentials? CISA would be a no-brainer if you do not already have it. Plus it can be used to substitute one year of experience.
Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
SBA
Member Posts: 3 ■□□□□□□□□□
Thanks for your reply E Double U
Indeed when I pass through the content I did not find yet blocking points, knowledge is not problem. I have CISA and considered CISM, but I find CISSP also has a technical emphasis which can be certainly valuable in security processes audits.
What I wonder is whether ISC² accept experience solely as an auditor assessing security risks and controls, or whether they require necessarily hands-on security controls design/implementation/operation experience. -
E Double U
Member Posts: 2,233 ■■■■■■■■■■
If no one else here with your background can chime in then I would recommend that you contact (ISC)2 directly. I assume that they will have no problem allowing someone to take their exam as that plus the annual maintenance fees benefits them financially
Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
SBA
Member Posts: 3 ■□□□□□□□□□
Thanks I agree, they can allow but the problem is they can provide status as "associate of ISC²" (provided annual fee is paid) without the certification, so will check directly with them to know clearly if experience applies