Experience Verification

dorawedorawe Member Posts: 106
in SSCP
Hello all,
Just a quick question on this topic.....how exactly does ISC(2) verify that you have the required experience? I currently have a dual-role, supporting SAP ERP applications, and Authorizataions. The application security part of my job does not show up on the generic job description I have, although I have been performing application security admin for various ERP (SAP, BPBS) systems for 10 years. Are they just going to call my boss and ask?

Thanks
Dano
· Share on FacebookShare on Twitter

Comments

  • CyanicCyanic Member Posts: 289
    I imagine they verify in the same way an employer would verify your previous experience; calling the HR department, your supervisor, etc.
    Cy

    http://www.mashtronauts.com
    · Share on FacebookShare on Twitter
  • unsupportedunsupported Member Posts: 192
    If you pass any ISC2 certification which requires experience verification, you need to provide them with a resume. The other ISC2 certified individual who is endorsing you, will need to verify the experience themselves. In the case of an ISC2 audit, I would assume they call and verify employment dates and activities.

    There is more information on enforcement and verification on ISC2 page, (ISC)² Security Transcends Technology.
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
    · Share on FacebookShare on Twitter
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    I remember reading somewhere they audit a certain amount at random.
    · Share on FacebookShare on Twitter
  • dorawedorawe Member Posts: 106
    I guess my concern is that since security admin has not been my full-time job, that this would not qualify me for the CISSP certification.
    · Share on FacebookShare on Twitter
  • GAngelGAngel Member Posts: 708
    dorawe wrote: »
    I guess my concern is that since security admin has not been my full-time job, that this would not qualify me for the CISSP certification.

    The title of the position isn't important. it's security related work from atleast 2 of the 10 domains that qualify you. A system admin wouldn't be full time security either but I know a few who have gotten cissp based on work.
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 12,868 Admin
    I strongly suspect it was my endorser's information that was relied upon when I submitted my application for certification. Half of the places that I've worked are either no longer in business or have no one there who would remember me. And no one I listed on my resume told me they were contacted by the (ISC)2 and asked for a reference.

    Having new CISSP candidates be peer-reviewed by members of the (ISC)2 membership not only lowers in rate of unqualified people becoming certified, but it also takes a lot of the administrative pressure off the (ISC)2 itself.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
Sign In or Register to comment.