Couple CISSP Questions

wes allenwes allen Member Posts: 540 ■■■■■□□□□□
Hope all is well - first post here!

I studied for the CISSP off an on for a year or so, then lost motivation and put the book down in January. Got motivated again last week and decided to do Sec+ as a refresher / warmup. Picked up Darril's book Wednesday, read through it once taking notes on stuff I was solid on. Finished that Sunday afternoon. Reviewed notes Sunday night and Monday AM (in testing center parking lot) and passed with 850. Thought a handful of questions were not in the book or were vague/kinda dumb, but it didn't feel too bad.

So, now I am ready to pick up with CISSP again. I am self employed, so have to pay for everything out of my shallow pockets. I have the 1st edition Syngress study guide, but I noted they have a 2nd edition now. Is it worth it to buy that, or should I look at still using it and maybe adding a 2nd book? I like the Syngress pretty well - seems to the point and not too dry. Any other resources I can look into?

Also, for the experience requirement, I want to make sure I am correct in my calculations. I have been doing networking for twenty years now - security work has always been a good chunk of that time - Proxy/ISA/TMG, NT/Netware ACL's, router/switch ACLs, backup planning, securing wireless, installing firewalls, GPO, password policy, etc. If I estimate that I had averaged about 25% of my time on security over those 20 years, does that equal the 5 years they require? And, if not, what formula should I use?

Thanks much!


  • JDMurrayJDMurray Admin Posts: 12,869 Admin
    Hi Wes. Welcome to posting on TE! :D

    You can take the CISSP at any time. The experience requirement only comes into play after you pass the CISSP exam and enter the endorsement stage to become fully CISSP-certified. With your Security+ cert, you only need four years of verifiable professional experience in (at least) two domains of the CISSP CBK. It looks like you have the domains Comm/Networking and Access Controls pretty well nailed. You need your work experience to be verifiable by a former employer or senior co-worker. You will also need an endorser, who is someone who already has an (ISC)2 cert and is preferably personally familiar with your work experience.

    Oh, PM me if you eventually want to change your member name.
  • wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    Cool, and thanks much! I noticed that MCSE is also on the waiver list, does that mean I would only technically need three years? I feel comfortable claiming five, but just want to make sure I am well covered.

    No problem with the endorser, I have several friends that are CISSPs.

    Also, seems the 1st edition book is still fine for the test, so will get started tomorrow.

    Thanks much!
  • cyberguyprcyberguypr Mod Posts: 6,927 Mod
    Negative. You can only waive one year with either a degree or any of the approved certs. Still need to show 4 years of experience in at least 2 domains.
Sign In or Register to comment.