CISSP job requirements - do I meet them?

Hello TE! I'm wrapping up my CCNA studies right now (tests scheduled June 4th and June 28th) and trying to get an idea on what to do next. I'm working on an Information Assurance degree at my state university that I'll achieve in early 2015, and I have the Security+ certification.

More importantly, I have a lot of work experience, but I'm not sure how much of it can be wedged into the ten CBK domains. One for sure is Physical Security. I've been managing an enterprise-wide surveillance system and the associated management/archive servers for over six years.

Everything else is sort of 'well I do some of that, but it's not a core function of my job'. I dabble in several of the other domains, but I wouldn't call any of them primary specialties. Recently I did officially join our disaster recovery team (by recently I mean within the last couple of weeks), and I've done some DR assistance in the past.

I guess what I'm really wondering is - if I have the Security+ to shave off one year and way more experience than I need in one domain, how much solid experience do I need in the second domain to cross ISC^2's threshold and be a CISSP candidate? Because it is an intense cert and I'm in school full-time I'm giving myself a year to get it, so I do have some time to pick up additional qualifying skills on the job. If I stay where I am, the DR planning process is likely to drag on for several fiscal years which should do the trick, but if I move on (which is starting to seem likely) I am going to have to start over on that second domain.

That is, unless the esteemed members of this board see a path forward in what I listed above. In which case, ONWARD CISSP.

Thanks in advance for any advice you have, even if it is 'don't do CISSP yet, do X instead'.

Find more posts tagged with

Comments

JDMurray

Welcome to TE!

The usual advice is if you have the work experience for the CISSP then you should go straight for it, although some people like to get the SSCP first as preparation for the CISSP. If you don't have the full work experience, you can still take the CISSP exam and be an Associate of the (ISC)2 for CISSP. You are then given six years to collect the needed work experience necessary for full CISSP certification.

Without seeing your resume (or LinkedIn page) I can't really say if you currently meet the work experience requirements for the CISSP. I would also say that you could consider the SSCP, CASP, or CCNA Security as an intermediate step to the CISSP if you don't want to start studying for it until you have the full work experience.

treehouse

Thank you for the response, and the welcome! I've been around, but mostly as a lurker. I have a feeling I'm going to become more active now that I'm entering the 'certs all day, every day' period of career building.

I looked at the SSCP and it seems like it might be more in my league, but none of the listed domains touch on physical security (as far as I could tell). Ironically, I think I'm a more solid fit for the CISSP in terms of applicable experience. Our network security specialist is also working on the CISSP, and he mentioned the 'Associate of (ISC)2' option. Does that look pretty hot on a resume? By that I mean, does a typical HR guy look at that and know it is related to the CISSP?

treehouse

I'd post a resume but I haven't updated it in forever (that's what happens when you stay at one place too long, right?) and my LinkedIN page is a mess. I'm working on updating both. My job title is technician-level, but most of what I actually do falls under 'other duties as assigned', which is great in terms of the experience I'm getting but frustrating because a cursory look at my job history makes it look like I've been doing tier 1 support for seven years. There's very little turnover where I work (one job opening in seven years), hence my earlier comment about maybe moving on soon.

bobloblaw

What do you want to do ultimately in InfoSec? Do you want to do network security? If so, I'd take that CCNA momentum and go for CCNA:S.

treehouse

bobloblaw wrote: »

What do you want to do ultimately in InfoSec? Do you want to do network security? If so, I'd take that CCNA momentum and go for CCNA:S.

This is something I've heard quite a bit from some of my peers, and CCNA: Security is definitely somewhere on my to do list. I am not sure how much it will help me in my immediate job search. But I've been thinking more and more about it, and I'm not sure CISSP will help either. I want to be a network security analyst (then administrator, and then ultimately architect), but jobs in that category tend to ask for experience I don't have and won't have until I've done something else for a few years. My next logical move career-wise is probably into a standard network analyst/admin/engineer position, so maybe I should put off CISSP and move directly on to CCNP. Do you think CCNA: Security is too niche, or should I tackle the security track while I'm also studying the R&S track?

bobloblaw

That's a question for the CCNA forum.

I think you answered your own question, though. If you think you want to continue with networking, you should continue your Cisco studies. The requisite experience will come regardless of whether you're going to take the CISSP down the road. I just think the CCNA plus a couple other related certs will mean more for what you want to do than an Associate of CISSP.

treehouse

bobloblaw wrote: »

That's a question for the CCNA forum.

I think you answered your own question, though. If you think you want to continue with networking, you should continue your Cisco studies. The requisite experience will come regardless of whether you're going to take the CISSP down the road. I just think the CCNA plus a couple other related certs will mean more for what you want to do than an Associate of CISSP.

I really appreciate the advice! I think I will wait on CISSP until after I've gone a bit further with Cisco.