CISSP Professional Experience Requirement Question

I’m hoping to get an idea of whether I qualify for the professional experience before I dig in to the CISSP. I have many years of experience with IT Security, but it’s never been “direct, full-time security professional work experience” as I have worn other hats and never had the word “Security” in my formal title. I was the “Security Marshall” in my LOB within a large corporation, responsible for implementing and attesting to all of the corporate security guidelines. I’ve been responsible for implementation and management of access control, operations security, network security architecture, and physical security of multiple data centers for many years. I’ve worked extensively with internal and external auditors, including on PCI DSS v2 audits.

So if I have a generic title, like Director of Technical Services, and have security and non-security responsibilities, such as infrastructure, does that rule me out since it’s not “full-time security”?

Find more posts tagged with

Comments

MSP-IT

What they're looking for here is a role where your full time duties contain work within the domains of the CISSP.

How long have you been in your role, and how long have you been the "security marshal"? If you've had at least 5 years at the director (technical services) level, I can almost guarantee you'll be fine on getting the full certification without any further experience requirements. All you'll need is someone to endorse you.

scjay

I have 28 years total (mostly in infrastructure), including 8 at the director level. I was in the Security Marshal role at my previous company for 4 years, all at the director level responsible for multiple things, including all infrastructure. I have been responsible for access control, operations security, network security, and physical security for all of my 8 years as a director (including my current role). I have a BS and MS in Computer Science, and an ITIL v3 Expert certification, and have several CISSPs that can endorse me.

So I should be good? Just had some people making it sound like my full-time job had to be security.

pappyT

scjay wrote: »

I have 28 years total (mostly in infrastructure), including 8 at the director level. I was in the Security Marshal role at my previous company for 4 years, all at the director level responsible for multiple things, including all infrastructure. I have been responsible for access control, operations security, network security, and physical security for all of my 8 years as a director (including my current role). I have a BS and MS in Computer Science, and an ITIL v3 Expert certification, and have several CISSPs that can endorse me.

So I should be good? Just had some people making it sound like my full-time job had to be security.

You will probably get more and better feedback to this question by posing it in the ISC2 / CISSP forum, rather than the ISACA forum.

MSP-IT

I'm 99% sure you'll be fine with your experience set.

GoodBishop

99.99999% sure. (5 9's.)

scjay

Thanks everyone, and sorry for posting to the wrong forum. Now that I know what forum this is, what about the CISM? Is that better than the CISSP for someone firmly on the management side at this point of my career? Seems more straight forward that getting a CISSP and following it up with the CISSP-ISSMP concentration. I appreciate everyone's feedback.