question on requirement for associate of isc2 and cissp

GarudaMinGarudaMin Member Posts: 204
I understand that I need 5 years of direct full time security professional work experience in two or more of ten domains or 4 years + a year waiver (college degree, master degree or a credential from approved list). It would have been cool if it was 3 years + college degree + credential, but it is not the case and thus I am short on experience requirements.
Regarding direct full time security professional work experience in two or more of ten domains, I would like to get input from the forum's community on whether my job duties count or not. I am a systems administrator and I deal with user creation/deletion, build/maintain servers, design/implement/maintain systems (which is one of the given job duties). I have built and maintain terminal servers (2003, 200icon_cool.gif, anti-virus system for external machines, internet monitoring and filtering for internal machines, operations manager for servers and services, databse for asset inventory, etc. So, will I get credit for Access Control, Operations Security, Application Security, and other related technology oriented domains? Would this position count?
Before I was systems administrator, I was computer/desktop/helpdesk specialist (building, maintaining, repairing, etc...) Some aspects of my job duties are in technology oriented domains, even though it's not direct experience. Would these positions count? If not, I just need one more year as system administrator to get that 4 years experience.

Another thing is I understand I can become associate of ISC2. But from their website, I have to submit a minimum number of CPEs per year for the duration of associate status and have to pay Annual Maintenance Fees. Any clue on how much CPE and AMF per year? would it be better to wait for one more year as sysadmin (to get 4 years of experience, assuming the experience is eligible) then take CISSP?

I won't ask for endorsement yet since I can sign the waiver request and submit to isc2 for review. Unless you guys have any advice on that area.

Sorry for the long post and any input would be greatly appreciated.

Comments

  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    You should look at taking the CompTIA Security+ to take another year off that requirement. You should be able get through it in a month or two, and it's going to be a nice introduction to the material you're going to be working on. https://www.isc2.org/cgi-bin/content.cgi?page=1016

    Unfortunately, I'm not familiar enough with this to give you more specific answers to your other questions.
  • GarudaMinGarudaMin Member Posts: 204
    My understanding is you can only get one year off of 5 years requirement, be it college degree or cert. I already have college degree in computer science and mathematics. So, I only need 4 years. If I can get another year off with certs then I am ready to take the exam, since I have 3 years of experience and I hold other certs (some are in the approved list).
  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    I thought you could drop it down to 3, but re-reading the information, it does look like it's one or the other. The fee and CPEs for an Associate are probably going to be the same as what's listed at the bottom of this page: https://www.isc2.org/cgi-bin/content.cgi?category=1186
  • GarudaMinGarudaMin Member Posts: 204
    Thanks for the Maintenance Requirements section (I missed it first time). That answers some question. Now if only someone got input on eligibility base on my job duties, I'd be set.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,671 Admin
    GarudaMin wrote:
    My understanding is you can only get one year off of 5 years requirement, be it college degree or cert. I already have college degree in computer science and mathematics. So, I only need 4 years. If I can get another year off with certs then I am ready to take the exam, since I have 3 years of experience and I hold other certs (some are in the approved list).
    You can get one year off for have one of the certs listed, and another year off by having an Information Security degree from one of the universities approved by the (ISC)2. So it is possible to get the CISSP certification with only three years of actual work experience.

    You should also have a look at Clement Dupuis' CISSP Exam Overview Flash presentation at cccure.org. These are the sort of questions that are addressed by it.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,671 Admin
    I just had a look at the CISSP exam online application, and it does clearly state that at most one year can be removed from the experience requirements by any combination of certifications and education, so I stand corrected. It's very odd to think that in at least one way the Security+ cert is equal to a 3-year Masters degree in InfoSec from an NSA/CAE university. In not sure how that equating adds integrity to the CISSP certification. icon_scratch.gif
  • GarudaMinGarudaMin Member Posts: 204
    I just double checked with isc2, 4 years is the minimum exp needed with cert or degree (can't go down to 3 years). Since i am short a year, would it be better to take the exam now and get associate title or go work on cissp-ccie then come back and take cissp when i got 4 years. any input?
    if i were to take it, i think i am ready for August 9th.
  • RTmarcRTmarc Member Posts: 1,082
    Personally, I'd go ahead and sit the exam if you are ready for it. Get that out of the way and then work on the year of experience you need. During that time, you can work on completing the final requirement for CISSP while working towards other goals.
  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    Agreed. As an associate, you're given six years to fulfill the requirements, so you might as well take it if you're prepared.
  • penguinkingpenguinking Member Posts: 80 ■■□□□□□□□□
    JDMurray wrote:
    I just had a look at the CISSP exam online application, and it does clearly state that at most one year can be removed from the experience requirements by any combination of certifications and education, so I stand corrected. It's very odd to think that in at least one way the Security+ cert is equal to a 3-year Masters degree in InfoSec from an NSA/CAE university. In not sure how that equating adds integrity to the CISSP certification. icon_scratch.gif

    JD, on page 3 of Shon Harris' 4th edition CISSP All-in-One book, she writes the following:
    To meet the certification requirements of a CISSP, you must have one of the following:

    ...

    At least three years experience in two (or more) of the ten domains and a four-year college degree or master's degree in information security from a National Center of Excellence, plus a professional certification from the following list....."

    I bolded the important parts. From what I can tell, a person with a college degree (in any discipline) and an MCSE can be eligible to become a CISSP after just 3 years of relevant experience.

    Just an FYI.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,671 Admin
    That information is no longer accurate. Always go to the (ISC)2's Web site for the most up to date information on the CISSP applicant requirements.
Sign In or Register to comment.