Do I meet the work requirements?

Pastuso · April 2009

I am trying to see whether or not I satisfy the work requirements to earn the CISSP. Below is a summary of my work experience:

1) 3 years as an Army National Guard platoon leader (Armor) in the 1990's.
2) 4 years as a Network Administrator, with the normal duties of server/workstation/user/firewall oversight.
3) 2 years as a field IT consultant (official title is 'Network Engineer')servicing small-medium businesses, handling nearly all aspects of their IT, including: IDS, firewalls, digital certs, patch management, general network security, backups, disaster recovery, etc
4) I have a 4-year college degree in Business Administration.

Thank you for any input.

JDMurray · April 2009

The only people that can accurately answer that question are at the (ISC)2 itself. Try emailing your question to registrar@isc2.org. Please post back what they say.

Kasor · April 2009

I think endorsement is the issue that you need to look into.

(ISC)² Security Transcends Technology

Pastuso · April 2009

JDMurray wrote: »

The only people that can accurately answer that question are at the (ISC)2 itself. Try emailing your question to registrar@isc2.org. Please post back what they say.

Thanks for the reply, JD. I've been reading your blogs--good stuff!

I did email registrar@ISC2 this morning. Here is their reply: "We do not pre-qualify candidates for the exam. Please visit our web site at www.isc2.org. Click on CertificationPrograms. Then review both the Associate and CISSP certification programs. They should provide you with more information than I could in an e-mail or on the phone. You should also be able to find a detailed Description of the 10 CBK domains. If I can be of any further assistance please let me know."

I did search the ISC website as well as Googling the topic. I'm having a hard time finding out if I'm qualified. I do have a sponsor (former boss).

Thanks to all for any more info and/or advice.

JDMurray · April 2009

Hmmm, there have been people who said they received help from the (ISC)2 in determining if they met the prerequisites for the full CISSP cert, but maybe those days are over. Policies do change, or are at least tightened-up.

From the work experience you listed, you only need four years of InfoSec work (because of the degree) for full CISSP certification. Generally, just working as a sysadmin or netadmin who occasionally tweaks a firewall or IDS is not considered enough InfoSec experience. They want years of working at an actual InfoSec job (preferably one with the word "Security" in the title) where you implement and control security policies and processes every work day.

The best I can say is pass the CISSP exam and send in your endorsement. Rewrite your resume to emphasize the InfoSec aspects of your past and present jobs. It also may help if your endorser is long-time or high-up InfoSec person too.

Good luck! Getting the "CISSP" both in your brain and on your resume is well worth the effort.

unsupported · April 2009

One important step that I performed when submitting my CV was to break down each of my responsibilities as they related to the 10 domains of the CISSP. Once that was done it was clear to see that I had enough experience.

Either way, if you manage to pass the CISSP and fail the experience audit, then you would just be designated with Associated of ISC2 until you get all your experience.

Do I meet the work requirements?

Comments