CISSP Work Experience Requirement for Attorneys
thexfactor
Member Posts: 9 ■□□□□□□□□□
in SSCP
Hey guys,
I previously worked in a major law firm's technology transactions group (which deals with the drafting and review of software/technology agreements along with data privacy matters) and currently as corporate counsel in charge of company wide technology agreements as well as data privacy issues.
I already have a CIPP and CIPT certification and I am looking into taking the CISSP certification due to the fact that I work so closely with the IT department and I thought it would be helpful for me possible in the future if I want to ever try to become a chief privacy officer.
My question is in terms of the two domains, obviously right now I do a log of the legal work for data privacy and the creation of an incident response plan ..., privacy policies... etc. , which covers 1 of the two domains (security and risk management). However, occasionally, I also work with our IT and risk management department to implement asset protection programs. However, my role is often in the legal perspective where in the meetings they will ask me what data privacy obligations and security obligations the vendor has to oblige by. This domain is a very small part of my every day job.
Do they care how much of your job is one domain vs the other? I deal with the first domain on a daily basis, however, the second domain is more of a minor part of the job. How big of an issue will this be when I try to get my work experience certified by the ISC?
Thanks in advance.
I previously worked in a major law firm's technology transactions group (which deals with the drafting and review of software/technology agreements along with data privacy matters) and currently as corporate counsel in charge of company wide technology agreements as well as data privacy issues.
I already have a CIPP and CIPT certification and I am looking into taking the CISSP certification due to the fact that I work so closely with the IT department and I thought it would be helpful for me possible in the future if I want to ever try to become a chief privacy officer.
My question is in terms of the two domains, obviously right now I do a log of the legal work for data privacy and the creation of an incident response plan ..., privacy policies... etc. , which covers 1 of the two domains (security and risk management). However, occasionally, I also work with our IT and risk management department to implement asset protection programs. However, my role is often in the legal perspective where in the meetings they will ask me what data privacy obligations and security obligations the vendor has to oblige by. This domain is a very small part of my every day job.
Do they care how much of your job is one domain vs the other? I deal with the first domain on a daily basis, however, the second domain is more of a minor part of the job. How big of an issue will this be when I try to get my work experience certified by the ISC?
Thanks in advance.
Comments
Advising or taking part in an IT meeting as part of your current job does not mean you work full time implementing the CISSP domains. I'm not saying you cannot try but it could be tough.
Makes sense. I am definitely not trying to take away (nor can I) the role of any IT professional. Rather I think this would be a great way for me to learn more technical knowledge so I can better interact with IT professionals.
I will contact ISC to see if they have any comments.