Experience Verification

dorawedorawe Member Posts: 106
Hello all,
Just a quick question on this topic.....how exactly does ISC(2) verify that you have the required experience? I currently have a dual-role, supporting SAP ERP applications, and Authorizataions. The application security part of my job does not show up on the generic job description I have, although I have been performing application security admin for various ERP (SAP, BPBS) systems for 10 years. Are they just going to call my boss and ask?

Thanks
Dano

Comments

  • CyanicCyanic Member Posts: 289
    I imagine they verify in the same way an employer would verify your previous experience; calling the HR department, your supervisor, etc.
  • unsupportedunsupported Member Posts: 192
    If you pass any ISC2 certification which requires experience verification, you need to provide them with a resume. The other ISC2 certified individual who is endorsing you, will need to verify the experience themselves. In the case of an ISC2 audit, I would assume they call and verify employment dates and activities.

    There is more information on enforcement and verification on ISC2 page, (ISC)² Security Transcends Technology.
    -un

    “We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman
  • tpatt100tpatt100 Member Posts: 2,991 ■■■■■■■■■□
    I remember reading somewhere they audit a certain amount at random.
  • dorawedorawe Member Posts: 106
    I guess my concern is that since security admin has not been my full-time job, that this would not qualify me for the CISSP certification.
  • GAngelGAngel Member Posts: 708 ■■■■□□□□□□
    dorawe wrote: »
    I guess my concern is that since security admin has not been my full-time job, that this would not qualify me for the CISSP certification.

    The title of the position isn't important. it's security related work from atleast 2 of the 10 domains that qualify you. A system admin wouldn't be full time security either but I know a few who have gotten cissp based on work.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    I strongly suspect it was my endorser's information that was relied upon when I submitted my application for certification. Half of the places that I've worked are either no longer in business or have no one there who would remember me. And no one I listed on my resume told me they were contacted by the (ISC)2 and asked for a reference.

    Having new CISSP candidates be peer-reviewed by members of the (ISC)2 membership not only lowers in rate of unqualified people becoming certified, but it also takes a lot of the administrative pressure off the (ISC)2 itself.
Sign In or Register to comment.