nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Experience Verification

dorawe

Hello all,
Just a quick question on this topic.....how exactly does ISC(2) verify that you have the required experience? I currently have a dual-role, supporting SAP ERP applications, and Authorizataions. The application security part of my job does not show up on the generic job description I have, although I have been performing application security admin for various ERP (SAP, BPBS) systems for 10 years. Are they just going to call my boss and ask?

Thanks
Dano

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Cyanic

I imagine they verify in the same way an employer would verify your previous experience; calling the HR department, your supervisor, etc.

unsupported

If you pass any ISC2 certification which requires experience verification, you need to provide them with a resume. The other ISC2 certified individual who is endorsing you, will need to verify the experience themselves. In the case of an ISC2 audit, I would assume they call and verify employment dates and activities.

There is more information on enforcement and verification on ISC2 page, (ISC)² Security Transcends Technology.

tpatt100

I remember reading somewhere they audit a certain amount at random.

dorawe

I guess my concern is that since security admin has not been my full-time job, that this would not qualify me for the CISSP certification.

GAngel

dorawe wrote: »

I guess my concern is that since security admin has not been my full-time job, that this would not qualify me for the CISSP certification.

The title of the position isn't important. it's security related work from atleast 2 of the 10 domains that qualify you. A system admin wouldn't be full time security either but I know a few who have gotten cissp based on work.

JDMurray

I strongly suspect it was my endorser's information that was relied upon when I submitted my application for certification. Half of the places that I've worked are either no longer in business or have no one there who would remember me. And no one I listed on my resume told me they were contacted by the (ISC)2 and asked for a reference.

Having new CISSP candidates be peer-reviewed by members of the (ISC)2 membership not only lowers in rate of unqualified people becoming certified, but it also takes a lot of the administrative pressure off the (ISC)2 itself.