Experience Verification
Hello all,
Just a quick question on this topic.....how exactly does ISC(2) verify that you have the required experience? I currently have a dual-role, supporting SAP ERP applications, and Authorizataions. The application security part of my job does not show up on the generic job description I have, although I have been performing application security admin for various ERP (SAP, BPBS) systems for 10 years. Are they just going to call my boss and ask?
Thanks
Dano
Just a quick question on this topic.....how exactly does ISC(2) verify that you have the required experience? I currently have a dual-role, supporting SAP ERP applications, and Authorizataions. The application security part of my job does not show up on the generic job description I have, although I have been performing application security admin for various ERP (SAP, BPBS) systems for 10 years. Are they just going to call my boss and ask?
Thanks
Dano
Comments
-
Cyanic
Member Posts: 289
I imagine they verify in the same way an employer would verify your previous experience; calling the HR department, your supervisor, etc. -
unsupported
Member Posts: 192
If you pass any ISC2 certification which requires experience verification, you need to provide them with a resume. The other ISC2 certified individual who is endorsing you, will need to verify the experience themselves. In the case of an ISC2 audit, I would assume they call and verify employment dates and activities.
There is more information on enforcement and verification on ISC2 page, (ISC)² Security Transcends Technology.-un
“We build our computer (systems) the way we build our cities: over time, without a plan, on top of ruins” - Ellen Ullman -
tpatt100
Member Posts: 2,991 ■■■■■■■■■□
I remember reading somewhere they audit a certain amount at random. -
dorawe
Member Posts: 106
I guess my concern is that since security admin has not been my full-time job, that this would not qualify me for the CISSP certification. -
GAngel
Member Posts: 708 ■■■■□□□□□□
I guess my concern is that since security admin has not been my full-time job, that this would not qualify me for the CISSP certification.
The title of the position isn't important. it's security related work from atleast 2 of the 10 domains that qualify you. A system admin wouldn't be full time security either but I know a few who have gotten cissp based on work. -
JDMurray
Admin Posts: 13,092 Admin
I strongly suspect it was my endorser's information that was relied upon when I submitted my application for certification. Half of the places that I've worked are either no longer in business or have no one there who would remember me. And no one I listed on my resume told me they were contacted by the (ISC)2 and asked for a reference.
Having new CISSP candidates be peer-reviewed by members of the (ISC)2 membership not only lowers in rate of unqualified people becoming certified, but it also takes a lot of the administrative pressure off the (ISC)2 itself.
