CISSP Exam Requirements

Hello everyone,

I'm thinking to go for the CISSP in two or three months (start the big study).
Bevore I go for it, I've got some questions:

1) Is it true that I need (new) 5 years experience in information security according to the 10 domains of the CBK? or 4 years?
2) Am I right that the CompTIA Security+ certification counts for 1 year experience?
3) Do I have to show/let ISC2 know about my real world experience BEVORE I take the exam?

Its just that the infoSec so the CISSP stuff is very interessting and I would like to study and write the exam...
My main problem is my real world experience... I work in the IT/Telco environment but have not got a job as a security professional or in a security project.

I've heard of the ISC2 Associate Certificate (after somebody passed the CISSP exam but have not the real world experiences required to be a CISSP) and that would also be great for me

)

Are these things right that I'm writing in my poor english here?

Thanks for advice

.CyberCeline

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

JDMurray

CyberCeline wrote:

1) Is it true that I need (new) 5 years experience in information security according to the 10 domains of the CBK? or 4 years?

As of October 1, 2007, the requirement will change from four years of required experience to five years. https://www.isc2.org/cgi-bin/content.cgi?page=1227

CyberCeline wrote:

2) Am I right that the CompTIA Security+ certification counts for 1 year experience?

Yes. https://www.isc2.org/cgi-bin/content.cgi?page=1016

CyberCeline wrote:

3) Do I have to show/let ISC2 know about my real world experience BEVORE I take the exam?

Yes. You will basically attest to the education, certification, and experince that you have which is relevant to meeting the CISSP exam requirements. https://www.isc2.org/cgi-bin/content.cgi?category=1187

If you don't yet meet all of the requirements, you may still be award the Associate of (ISC)² status for passing the CISSP exam. https://www.isc2.org/cgi-bin/content.cgi?category=1334

CyberCeline wrote:

I've heard of the ISC2 Associate Certificate (after somebody passed the CISSP exam but have not the real world experiences required to be a CISSP) and that would also be great for me )

Yes, I'm going this route as well.

CyberCeline wrote:

Are these things right that I'm writing in my poor english here?

Your English is perfectly understandable. And it's nice to see someone with the Wireless# certification too.

CyberCeline

Many thanks for your fast and detailed response JDMurray.

That's great!

CyberCeline

Another question came up...

Is it true when I'm looking for a job that a CISSP certificate is more worth than a BSc degree? Can I say a CISSP certificate is more respected than a BSc degree in the IT/telco/security industry?

JDMurray

CyberCeline wrote:

Is it true when I'm looking for a job that a CISSP certificate is more worth than a BSc degree? Can I say a CISSP certificate is more respected than a BSc degree in the IT/telco/security industry?

No, this is completely false. IT certification and degreed education are not the same thing and cannot be compared in this way. A degree is acquired through several years of intense academic study, while an IT certification is obtain by passing only one (or more) exams. Yes, there is actual work experience required for some IT certifications, but this not always verified by the certification agency.

Having a CISSP certification with no education and minimal experience will not get you a very good job. The CISSP is only one of many credentials that you will need for a successful career in information security, and is by no means a substitute for an academic degree. Education, certification, and experience; you need all three.