CISSP Endorsement Month counting issue

myworldmyworld Member Posts: 32 ■■□□□□□□□□
Hi all

I just got my email saying i Passed CISSP exam. And I am very happy.

I have question regarding Months of experience on endorsement form. I dont have anybody to endorse me so i am applying for ISC2 to endorse me.

So here is my question:
i have experience in 5 CISSP domain from Sept 05 till Now. So it is about 68 Months in total.
So on application i think i have to break 68 months per domain i think? (Please correct me if i am wrong.)

So this is what i did on form:
Access Control = 12 months
Application Development Security
Business Continuity and Disaster Recovery Planning = 12 months
Cryptography
Information Security Governanceand Risk Management = 12 months
Legal, Regulations, Investigations, and Compliance
Operations Security
Physical (Environmental) Security
Security Architecture and Design = 12 months
Telecommunications and Network Security = 20 months

total = 68 months

So is this Right? or i need 60 months in each domain?

I also have MCSE if i need to use waiver for one year. but if what i did above is right then i may not need to apply for waiver.

Please give me your opinion about above math of counting months and the experience required for CISSP.

Thank you

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,664 Admin
    Congratulations on passing the CISSP exam! icon_thumright.gif
    myworld wrote: »
    Please give me your opinion about above math of counting months and the experience required for CISSP.
    From the (ISC)2 Web site it states:

    "You must have a minimum of five years of direct full-time security work experience in two or more of the[se] 10 domains of the (ISC)² CISSP CBK."

    Because I don't see the word "each" used, I interpret the required experience as cumulative across all domains worked rather than exclusive to each domain worked, so you should be good to go. However, regardless of what I think, it's up to the (ISC)2 to make the final determination.
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    Interesting question...
    JDMurray wrote: »
    Because I don't see the word "each" used, I interpret the required experience as cumulative across all domains worked rather than exclusive to each domain worked, so you should be good to go.
    Wouldn't that mean that a sysadmin could qualify after 1 year if he worked in 5 areas, e.g.
    Access Control
    Disaster Recovery Planning
    Operations Security
    Security Architecture and Design
    Network Security
    ?

    P.S. Congrats on passing the exam!
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • myworldmyworld Member Posts: 32 ■■□□□□□□□□
    Thank you for your answers.

    I actually called ISC2 and one of the Auditor told me this: if you have one year experience in 3 domains than you need to divide one year by 2 or 3 domain.

    so 12 months = 4 months in Domain 1 + 4 months in domain 2 + 4 months in domain 3
    OR 12 months = 6 months in domain 1 + 6 months in domain 2

    total must be 12 months not more than 12.

    so i think my 68 month math may be ok by ISC2.

    I will let you know once everything is done.

    thank you again.
  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    Your are correct. The logic behind it is, i(responding to chooselife), if you are claiming full-time experience in 5 domains, then you can't be doing any of them full-time, unless you are working a 200 hour work week.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,664 Admin
  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    Well, the more I think about it, the more I see a possibility that you could - goco's in Iraq working 88 hours a week would definitely count as full-time, but I wonder if someone working 35 hours/week (I think the normal workweek in parts of Europe, France maybe?) would they accrue 'experience' at the same rate as the goco, or higher?
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • ChooseLifeChooseLife Member Posts: 941 ■■■■■■■□□□
    Ah, okay, I got it now... So the requirement is to have 60 months of experience, with each time period counting towards only one of the domains, and no fewer than 5 domains covered by those 60 months. Is this correct?

    Another, somewhat related question - how is the experience calculated in case of a sysadmin job? Using myself as an example, I have spent the past 6 years doing following things:
    - designing and carrying out DR plans
    - writing security policies
    - designing, implementing, maintaining security infrastructure (firewalls, VPNs, IDS'es)
    - hardening servers
    - monitoring system logs, responding to incidents
    - performing security assessments/pen.testing
    - et cetera, et cetera...

    The thing is, all of these activities have always taken only part of the day, combined with a zillion of other tasks. How does this experience count, if it does at all? At a certain ratio? I don't really see a way to estimate or verify how much time was spent per certain activity....
    “You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896

    GetCertified4Less
    - discounted vouchers for certs
  • bdoub1eubdoub1eu Registered Users Posts: 7 ■□□□□□□□□□
    Uh oh...Think I did it the other way (meaning for each domain I had like 70 months or something like that since I figured that each day I dabbled in a few different domains). Submitted my info on April 20th...Should I contact them or will they figure it out? Got about 10 years of IT experience...
  • bdoub1eubdoub1eu Registered Users Posts: 7 ■□□□□□□□□□
    bdoub1eu wrote: »
    Uh oh...Think I did it the other way (meaning for each domain I had like 70 months or something like that since I figured that each day I dabbled in a few different domains). Submitted my info on April 20th...Should I contact them or will they figure it out? Got about 10 years of IT experience...

    Called (ISC)2 and they said that they should be able to figure it out based on my resume and if they had any questions, they'd contact me.
Sign In or Register to comment.