CISSP Cert - Experiences that qualify?
I am interested in becoming CISSP certified but do not work in the IT field. I am an electric power engineer working with SCADA and control systems. Security is becoming a much larger focus in this area and I feel a CISSP certification would be helpful. I fell I'll be able to handle the CEU requirements as I do a lot of different training/educational events. My concern is what can I use to meet the 'X years of experience' requirement.
Interested to hear how others outside of a traditional IT field have accomplished this.
Thanks
Andy
Interested to hear how others outside of a traditional IT field have accomplished this.
Thanks
Andy
Comments
-
MSP-IT
Member Posts: 752 ■■■□□□□□□□
This is the biggest hurdle that most people face. The certification is geared towards individuals who work directly in the the Information Security industry. That being said, even though I am more or less against the idea of people twisting their experience in order to seemingly meet the requirement, I believe that if you have a role where you actively maintain access control systems, as I would believe SCADA could qualify, you should be able to use that as a qualifier for one of the domains. You must also meet the experience requirement for at least two domains, and receive an endorsement by a current (ISC)2 member.
You are also able to sit for the exam and receive an Associate status with the (ISC)2, then you will have a certain amount of years to meet the experience requirement without having to sit the exam. -
jamthat
Member Posts: 304 ■■■□□□□□□□
I am interested in becoming CISSP certified but do not work in the IT field. I am an electric power engineer working with SCADA and control systems. Security is becoming a much larger focus in this area and I feel a CISSP certification would be helpful. I fell I'll be able to handle the CEU requirements as I do a lot of different training/educational events. My concern is what can I use to meet the 'X years of experience' requirement.
Interested to hear how others outside of a traditional IT field have accomplished this.
Thanks
Andy
What's your educational background and how'd you get into that field?? I assume electrical engineering. I'm just curious - I sometimes wish I went down a path that took me there, but by the time I gained any kind of interest it was too late
. I've always felt like an ICS-CERT-type job would be pretty cool! -
Amurray22
Member Posts: 18 ■□□□□□□□□□
Thanks for the quick replies.
I have a BS in electrical engineering, with a concentration in power systems. I have been specifying, evaluating systems, programming and troubleshooting SCADA (System Control And Data Acquisition) as well as associated devices. SCADA is basically the systems utilities use to monitor and control the power system, things like circuit breakers, transformers. All the systems have security components - users management, control and logging of important functions, physically securing the devices, firewalls & VPNs for remotes access and/or data exchanges. Another aspect of my job more recently (~2 years) has been with regulations that many utilities have to follow for cyber-security (NERC-CIP). I participated in a ICS-CERT hands-on training, including a Red-Blue competition that was an excellent experience.
I feel that I my work covers:
Telecommunications and Network Security - specify & setup ethernet based systems
Information Security Governance and Risk Management - compliance with the federal & local regulations; presentations and training for clients and their employees
Legal, Regulations, Investigations and Compliance - - compliance with the federal & local regulations
I am just not sure if I am correct in these assumptions & how to convey these so it is accepted. I understand if someone thinks I am not an appropriate person for this certification. I see that as a possibility.
Thanks
Andy -
MSP-IT
Member Posts: 752 ■■■□□□□□□□
If you've had those duties for 5+ years, I'd say you'd meet the requirement, as I'm almost positive that you can't add experience together to make 5 total years. I'm fairly sure they have to be defined by different roles.
Also, welcome to Tech Exams! I didn't realize this was your first post. -
Amurray22
Member Posts: 18 ■□□□□□□□□□
Ok, I have been working for ~15 years, but just not sure how to document it as the tasks are not the only thing I do. I guess I'll try filling out different job description forms for each of the types of work and outline the times I have spent on the tasks across different projects.
Thanks for the welcome. Been reading a lot of the posts about the exam & found this forum very informative. Hopefully I'll have a 'Passed' post soon.
Andy