CISSP Endorsement Month counting issue
Hi all
I just got my email saying i Passed CISSP exam. And I am very happy.
I have question regarding Months of experience on endorsement form. I dont have anybody to endorse me so i am applying for ISC2 to endorse me.
So here is my question:
i have experience in 5 CISSP domain from Sept 05 till Now. So it is about 68 Months in total.
So on application i think i have to break 68 months per domain i think? (Please correct me if i am wrong.)
So this is what i did on form:
Access Control = 12 months
Application Development Security
Business Continuity and Disaster Recovery Planning = 12 months
Cryptography
Information Security Governanceand Risk Management = 12 months
Legal, Regulations, Investigations, and Compliance
Operations Security
Physical (Environmental) Security
Security Architecture and Design = 12 months
Telecommunications and Network Security = 20 months
total = 68 months
So is this Right? or i need 60 months in each domain?
I also have MCSE if i need to use waiver for one year. but if what i did above is right then i may not need to apply for waiver.
Please give me your opinion about above math of counting months and the experience required for CISSP.
Thank you
I just got my email saying i Passed CISSP exam. And I am very happy.
I have question regarding Months of experience on endorsement form. I dont have anybody to endorse me so i am applying for ISC2 to endorse me.
So here is my question:
i have experience in 5 CISSP domain from Sept 05 till Now. So it is about 68 Months in total.
So on application i think i have to break 68 months per domain i think? (Please correct me if i am wrong.)
So this is what i did on form:
Access Control = 12 months
Application Development Security
Business Continuity and Disaster Recovery Planning = 12 months
Cryptography
Information Security Governanceand Risk Management = 12 months
Legal, Regulations, Investigations, and Compliance
Operations Security
Physical (Environmental) Security
Security Architecture and Design = 12 months
Telecommunications and Network Security = 20 months
total = 68 months
So is this Right? or i need 60 months in each domain?
I also have MCSE if i need to use waiver for one year. but if what i did above is right then i may not need to apply for waiver.
Please give me your opinion about above math of counting months and the experience required for CISSP.
Thank you
Comments
From the (ISC)2 Web site it states:
"You must have a minimum of five years of direct full-time security work experience in two or more of the[se] 10 domains of the (ISC)² CISSP CBK."
Because I don't see the word "each" used, I interpret the required experience as cumulative across all domains worked rather than exclusive to each domain worked, so you should be good to go. However, regardless of what I think, it's up to the (ISC)2 to make the final determination.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Wouldn't that mean that a sysadmin could qualify after 1 year if he worked in 5 areas, e.g. ?
P.S. Congrats on passing the exam!
GetCertified4Less - discounted vouchers for certs
I actually called ISC2 and one of the Auditor told me this: if you have one year experience in 3 domains than you need to divide one year by 2 or 3 domain.
so 12 months = 4 months in Domain 1 + 4 months in domain 2 + 4 months in domain 3
OR 12 months = 6 months in domain 1 + 6 months in domain 2
total must be 12 months not more than 12.
so i think my 68 month math may be ok by ISC2.
I will let you know once everything is done.
thank you again.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Another, somewhat related question - how is the experience calculated in case of a sysadmin job? Using myself as an example, I have spent the past 6 years doing following things:
- designing and carrying out DR plans
- writing security policies
- designing, implementing, maintaining security infrastructure (firewalls, VPNs, IDS'es)
- hardening servers
- monitoring system logs, responding to incidents
- performing security assessments/pen.testing
- et cetera, et cetera...
The thing is, all of these activities have always taken only part of the day, combined with a zillion of other tasks. How does this experience count, if it does at all? At a certain ratio? I don't really see a way to estimate or verify how much time was spent per certain activity....
GetCertified4Less - discounted vouchers for certs
Called (ISC)2 and they said that they should be able to figure it out based on my resume and if they had any questions, they'd contact me.