+ Reply to Thread
Results 1 to 12 of 12
  1. Junior Member
    Join Date
    Nov 2017
    Posts
    16
    #1

    Question Work requirements for CISSP?

    I have switched careers and been 100% information security and compliance for the past two years, 20 years of IT / tech ops experience and managed IT directly for several years but there was a gap in time between. Certainly enough for 5 years worth.

    How does ISC2 measure this? Do they check references?

    I would like to take the CISSP exam this year but question the criteria for experience.
    Reply With Quote Quote  

  2. SS
  3. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    514

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE, CISSP
    #2
    You need 5 years experience in 2 of the domain, not have a title with "security" for 5 years. Map your experience to the 8 domain of CISSP. I would assume that you can easily map 5 years of experience in Dom 4: Communication and Networking.

    I have 16 years of mixed IT / Networking/Sec / consulting experience, and it was a no-brainer to have the experience required. You just have to highlight the security aspect of your experience.

    In my case, I have been at the same company for 16 years, they asked for a letter from my superior to confirm my employment.
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Oct 2017
    Posts
    20
    #3
    So I have the same question - I worked for one contractor for 12 years, and just started at a new position in the past 3 months.

    What do I need to provide and when will they ask for it?
    Reply With Quote Quote  

  5. Senior Member mbarrett's Avatar
    Join Date
    Apr 2016
    Location
    DC
    Posts
    395

    Certifications
    CISSP CEH CCNP Security
    #4
    Whatever information that you provide to support your application, assume that they will want to verify it.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Mar 2011
    Location
    Chicago
    Posts
    1,382

    Certifications
    CISSP-ISSAP, HCISPP GPEN, GSEC, GSNA, GCIH, E|CH, ECSA, Security+
    #5
    A great deal of discussion has happened over this topic over the years but never anything that has moved the needle one way or another. The ISC(2) certainly has more than enough money to actually investigate backgrounds and qualifications but chooses not to at this time.

    Basically, you can claim anything you want both pre and post certification. In OPs case you likely have more than enough experience to qualify, just a matter of applying the information in a resume friendly format both pre and post certification.

    - b/eads
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Nov 2013
    Posts
    12

    Certifications
    CISSP, CISM, CEH; CCNA Security; CCNA R/S
    #6
    It was recommended to me by Eric Conrad that if you pass the CISSP to create a separate resume for the purpose of ISC2 endorsement and really focus mapping your skills and experience to the domains. Your resume may have other content is not relevant which if phased-out and replaced with content that is more supportive.

    I used his advise for both the CISSP and CISSP-ISSMP endorsement process.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Nov 2017
    Posts
    16
    #7
    Well, I have a background that may look messy but grew to managing 9 teams and close to 100 people so I think I may have a good reason? My experience includes development / qa / suppport / IT / services (have even been in marketing/product management). I'm an IT mut? Began in QA > created a group > built and facilitated a installation and deployment group > created a security testing team and then began to acquire managing our IT team. Refit that and built a small but efficient team / designed and built the needed systems and infrastructure to support web hosting with a multi-tier data center and later into the cloud. Always owned the security function with our software and performed, trained on, and managed web vulnerability and penetration testing. Also owned everything in the way of compliance and directly supported these including HIPAA, PCI, SOC, and other standards. Certified one of our products with PA-DSS and helped many clients with PCI for their websites.

    As time went on, I felt I was doing too much, too wide spread, and wanted to refocus back down to QA and Dev Ops and did just that giving up IT, services, and anything not directly related to Quality and operations for our delivery.

    However, it was not until about 2 years ago, I shifted completely towards a title and career in information security including compliance for the entire company. Text book CISSP and ISO 27001 work.

    I'm sure I can adjust my resume so that what needs to stand out will be easier to find. My employer I'm sure would also vouch for me.
    Reply With Quote Quote  

  9. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,668

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #8
    Quote Originally Posted by beads View Post
    A great deal of discussion has happened over this topic over the years but never anything that has moved the needle one way or another. The ISC(2) certainly has more than enough money to actually investigate backgrounds and qualifications but chooses not to at this time.

    Basically, you can claim anything you want both pre and post certification. In OPs case you likely have more than enough experience to qualify, just a matter of applying the information in a resume friendly format both pre and post certification.

    - b/eads
    I'm don't think this is true. I've heard more than once of individual being audited.
    Currently working on: Linux and Python
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    514

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE, CISSP
    #9
    You almost did the right thing, just separate different stage in your career and assign all applicable CISSP domain to it. Your experience is relevant, you can map many years in domain 8 (Software dev), and some in domain 7 (Sec testing). It should be easy to get the endorsement.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Mar 2011
    Location
    Chicago
    Posts
    1,382

    Certifications
    CISSP-ISSAP, HCISPP GPEN, GSEC, GSNA, GCIH, E|CH, ECSA, Security+
    #10
    There has always been a mandatory random 10 percent audit over the years. Basically, 10 percent of all applicants and renewals are kicked for automatic audit. Nothing horrid about the experience its generally handled with some basic verification. I am up for my third renewal come February and have more than enough evidence to back up my claim that I have been a good boy and done more than the needed 40 + 40 + 40 and 30 hours necessary.

    As far as the new candidate is concerned its also a light to non-existent touch with the investigator contacting the audited for some more information or contact information, usually a boss, W-2 or similar. Again, no big deal its just part of the overall program. After reading comments over the years concerning the background investigation you'd think the FBI were doing the background investigations and the process was involved - it's not.

    So, is there an audit? Yes, its part of any certifications own audit cycle - somewhere in the ISO family but I haven't run across in that exact program in years.

    b/eads
    Reply With Quote Quote  

  12. Junior Member Registered Member
    Join Date
    Dec 2017
    Posts
    10
    #11
    1. You definitely want to recreate your app in a format that specifically outlines the domains you handled in each role.
    2. You only need 4 years if you have a college degree, so that makes it easier.
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Apr 2017
    Posts
    385
    #12
    I'm having ISC2 act as my endorser and from everything I've heard from people at my office, it's a pretty straight forward process. They verify your job history and experience from the contacts you provide. I've even heard if you submit employment verification letters they will accept that and not even contact your references. I guess it depends on how many applications they have to process in a given time.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks