Closed Thread
Page 2 of 4 First 12 34 Last
Results 26 to 50 of 93
  1. SupremeNetworkOverlord Moderator Ahriakin's Avatar
    Join Date
    Oct 2005
    Location
    ::1/128
    Posts
    1,798

    Certifications
    CCIE #23276-Sec, JNCIE-Sec #105, TCSE #2343,MCSE 2003-Sec,LPIC-1
    #26
    Quote Originally Posted by JDMurray
    Quote Originally Posted by sprkymrk
    I think Ahriakin has a good point with the "private club" comment. That could cause the certification to stagnate into a "good 'ol boy" priveledge where your brother, father, uncle or best friend has to get you in.
    I don't think clubs like the Elks, Kiwanis, Rotary, and Masons have "stagnated" by being fraternal and somewhat exclusive. That's one way they provide quality control for their membership and organization. Besides, with 45,000+ CISSPs worldwide in 70 countries it's not likely that nepotism will be the rule of the "CISSP secret society" anytime soon.
    I guess here's my fundamental problem. There is a whole 'fraternity' mentality in the states that either doesn't exist or has minimal influence (depending on the nature of the club/fraternity) just about anywhere else in the world. And as you stated the CISSP is worldwide....

  2. SS -->
  3. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #27
    Quote Originally Posted by Ahriakin
    There is a whole 'fraternity' mentality in the states that either doesn't exist or has minimal influence (depending on the nature of the club/fraternity) just about anywhere else in the world.
    The "fraternity mentality" in the USA was inherited from our ancestral ties with Britain and Western Europe. If you look closely, you will see that in every society in the world--in every government, in every church, in every militia, and in every township--there are fraternal brotherhoods of one sort or another. It's a very normal and human condition that--like anything else--can be used for great good or for great evil.

    If this sort of realization weirds-you-out, try not to read any news articles with the word "Bilderberg" in the title.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  4. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #28
    Quote Originally Posted by milliamp
    Sometimes "being involved with the security community" only equates to having bias.

    Example someone says to you "I need a security solution to do X and X, what should I do?"

    You being "involved" now have a CISSP friend that works for a company that sells a product to do exactly that. Which product do you recommend?

    Obviously you /should/ recommend the best product for the job, but is this what actually happens? No, especially if said CISSP endorsed you so that you could sit the exam. It becomes a game of "I scratch your back, you scratch mine".

    Look also at how most security products for Windows are scareware, they seem more concerned with scaring the user into spending more money than educating them to make more informed choices in the future. The same concepts apply elsewhere too. What else do you expect when you enlist the help of a company that profits on fear?

    The security industry is political and bias enough already, now subscribing to the leading party is a prerequisite.
    There are always what if's. And it would be naive to think this doesn't already happen in every arena of business. You're not describing a CISSP problem, you're describing a general concept and general business problem. You're basically giving a "what if" scenario of something that can't be controlled by ISC2 or any CISSP.

  5. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #29
    What I find strange is that in any other conversation other than this one, most people in IT make the claim that their upper management "does not understand their work" and "has no idea what they do", but then when it comes to this we're supposed to believe the opposite? I'm not so sure about that especially considering our audits have in large proved it to be more true than not true (at least concerning people going for the CISSP).

    Trying to make a comparison between this and a frat rush being a requirement to get a college degree makes no sense to me. I'm a member of a fraternity, I am a college graduate, and I am a CISSP and I don't see any connection between the three (at least in the context that you're attempting to make one in) It is simply a move to try and maintain integrity. MCSE, and MCSD, MCT was once the top Microsoft certifications. The world got flooded with paper MCSE's. The top cert is now MCA and you will certainly get to know one before you obtain this certication. You will go through interviews, and to top it off, you will spend a LOT of money. And again, I think the primary motivations were to maintain integrity at the top. I know there are a lot of people here who think that was strictly a money move, but I'm not 100% convinced of that. I'm convinced that if ISC2 had made a move like that, then the same people would be saying it's a money move. If anything, this takes money out of their pockets (ISC2).

    Don't be surprised to see a CISSP mentorship program kicking off where you apply, are introduced to a CISSP in your general neck of the woods, meet with him on somewhat of a regular basis (in a group setting) and be "under his wing" for a certain amount of time, maybe take a class (or something like a class), do a few real world assignments over a period of time, then be cleared to sit the exam and obtain the certication via that mentorship. (Don't forget you heard it here first ). I've already proposed it (yesterday) and submitted a rough draft of the program. I agree 100% that anybody who wants to earn the certification and willing to put the work in to get it should be allowed to do that, but having anyone who holds an important title in a company be the person attesting to the experience was never the best policy in my opinion.

    The anology that because someone pays you a lot of money means they can attest to your security experience is flawed as well. Again, a big salary does not mean you have a clue about any one of the 10 domains of the CISSP.

    I certainly and respectfully appreciate all the comments for and against and I truely hope you guys keep them coming. I can promise you that people at the very top of the CISSP chain will get to read these posts and hear directly from my mouth your concerns. Please continue to express how you feel about this decision, negative or positive.

    Keatron.

  6. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #30
    Keatron - I really appreciate the heads-up and comments you provide. Thank you.

    I guess my main question is this:

    With the current audit process in place and apparently working, why is there a need for the change in policy?

  7. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #31
    Quote Originally Posted by sprkymrk
    Keatron - I really appreciate the heads-up and comments you provide. Thank you.

    I guess my main question is this:

    With the current audit process in place and apparently working, why is there a need for the change in policy?
    The problem is the fact that they're not sure it is even working. Because not everybody is audited. So one of the biggest concern was this; If so many people who were randomly audited failed the audit misearbly, then there's concern about the much larger percentage who didn't get audited. So yes the audit process is working, it's working so well that it's showing some serious problems with honesty and integrity in some regards. So as a result of the audit process being successful, moves were made to address these serious issues. So the audit process itself is not changing, just the requirements to even get to the audit point in the first place is changing.

  8. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #32
    Any word on the % of test passers that were audited? I understand if that's proprietary information.

    Would making the audit process mandatory rather than random be a viable solution? Rather than create a work overload, maybe there is a way that current CISSP's in good standing could be required to help in the audit process, like maybe once a year or whatever? Create a documented guideline for the audit process, a check list, and maybe a 1 day seminar or online CBT on how to perform a simple audit of this nature? Then if the CISSP that performed the audit has any doubts he can flag that applicant for the ISC2 board (or whomever) to review and make the final call.

    That way everyone gets audited, applicants know they WILL be audited and are less likely to fudge their experience, the questionable ones are brought to the attention of the board members, and the board members only have to deal with a small number of candidates and those are likely the ones that need to be checked anyway rather than a random sample.

    I think that those who hold a CISSP are intelligent enough to learn how to perform a simple (as opposed to extensive) audit of someone's claimed experience and wouldn't have to devote a large amount of time to be required to do this once a year or so.

  9. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #33
    Quote Originally Posted by sprkymrk
    Rather than create a work overload, maybe there is a way that current CISSP's in good standing could be required to help in the audit process, like maybe once a year or whatever?
    This would be a violation of privacy. Getting a CISSP doesn't mean that you work for the (ISC)2. Although CISSP-certification requires being bound by the (ISC)2 code of ethics, such a person would have no legal liability to maintain the confidentiality of private information in the CISSP audit materials. I'd prefer that one day my CISSP audit be performed by someone professionally employed by the (ISC)2 whose is both ethically and legally bound to keep my private information under strict control.

    But, with your statement about the capacity of the (ISC)2 to perform audits, I think you hit the nail on the head. With thousands of CISSP exams being passed every year, and that number growing, the (ISC)2 may have been gradually reducing the percentage of candidates audited to keep its costs down. Opening up the CISSP worldwide also added problems in performing a thorough audit of a person originating/residing/working in a foreign county. Some additional method(s) of insuring candidate quality were certainly needed, and tasking its CISSP-certified members to provide an additional level of control is a clever way to do it..
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  10. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #34
    Quote Originally Posted by JDMurray
    Quote Originally Posted by sprkymrk
    Rather than create a work overload, maybe there is a way that current CISSP's in good standing could be required to help in the audit process, like maybe once a year or whatever?
    This would be a violation of privacy.
    Not if a candidate had to agree to his information being disclosed to another member for the purpose of the audit. I doubt any more information would need to be provided than when one posts a resume on monster or dice, and not many people seem to have a problem with that. With the information provided in a standard resume a current CISSP could contact the applicant for a short interview, his current/past employer to see what kind of job responsibilities and tasks(with examples) were performed. This kind of information is hardly an invasion of privacy.

    Quote Originally Posted by JDMurray
    Some additional method(s) of insuring candidate quality were certainly needed, and tasking its CISSP-certified members to provide an additional level of control is a clever way to do it..
    In what way? Control, yes. Quality, not necessarily.

  11. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #35
    Quote Originally Posted by sprkymrk
    This kind of information is hardly an invasion of privacy.
    It would depend on what kind of information is necessary for the CISSP audit, and that I do not know. I would assume that it's more than just what information is on a typical resume.

    Quote Originally Posted by sprkymrk
    Quote Originally Posted by JDMurray
    Some additional method(s) of insuring candidate quality were certainly needed, and tasking its CISSP-certified members to provide an additional level of control is a clever way to do it..
    In what way? Control, yes. Quality, not necessarily.
    In requiring that a CISSP candidate be endorsed by a certified CISSP, the CISSP would likely perform their own pre-audit of the candidate. As keatron pointed out, if the name of a CISSP whose candidate fails an audit were to be published, it is likely that CISSP would performed their own audit to make sure that the candidate is legit before they submit their application to the CISSP. This is how CISSPs can help audit candidates without receiving any private candidate information from the (ISC)2. I think it's a very clever way to add an additional layer of control. Quality gained is by not adding another ill-qualified person to the ranks of the CISSP.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  12. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #36
    Quote Originally Posted by JDMurray
    Quote Originally Posted by sprkymrk
    This kind of information is hardly an invasion of privacy.
    It would depend on what kind of information is necessary for the CISSP audit, and that I do not know. I would assume that it's more than just what information is on a typical resume.
    I don't know either, but I can't imagine what kind of information would be needed outside of an employment record. You don't need the candidates home address, home phone, spouse name, mother's maiden name, hobbies, surfing habits, or bank accounts.


    Quote Originally Posted by JDMurray
    In requiring that a CISSP candidate be endorsed by a certified CISSP, the CISSP would likely perform their own pre-audit of the candidate.
    I fail to see the difference then, except that a candidate would get to choose which CISSP to whom he wishes to disclose his work history. So in many cases it will still be a crap-shoot. Using myself for an example, I would have to seek out and find a stranger that holds a CISSP, develop some sort of working/mentoring relationship with him (which in itself could be difficult since you are imposing on his time and good nature), then somehow prove myself and my work background, then hope he trusts me enough to stick his own reputation on the line to sponsor me.

    Quote Originally Posted by JDMurray
    I think it's a very clever way to add an additional layer of control.
    Although I do have the utmost respect for you , I have to respectfully disagree this time. And unfortunately, it will likely take at least a couple of years to see if this was a wise decision or not.

  13. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #37
    People are extremely sensative to the word "privacy" these days. So yes, I think there would be an outcry concerning your proposal Mark.

  14. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #38
    Quote Originally Posted by keatron
    People are extremely sensative to the word "privacy" these days. So yes, I think there would be an outcry concerning your proposal Mark.
    You and JD are probably right.

    But two things I am pretty sure I'll be right about are:

    1. The CISSP will drop in popularity - that's neither good nor bad, just something I see happening.

    2. The pool of candidates from which new CISSP's emerge will become more condensed, less dynamic, and not as diverse as it is now. The requirement to have an existing CISSP sponsor you, and the potential for a good-standing CISSP to lose his own cert if he vouches for someone he is not 100% sure is qualified will tend to make the candidates all come from companies that currently employ CISSP's.

    CISSP's should not exist in isolation or in a vacuum. I don't need to BE a teacher to recognize a good one when I see one. I don't need to BE a good leader to be able to elect one. Neither do I think it should take a CISSP to open the door for the next one.

    I hope I'm not offending either of my esteemed and respected senior moderators by my comments, but...
    Quote Originally Posted by Keatron
    Please continue to express how you feel about this decision, negative or positive.

  15. Senior Member
    Join Date
    Feb 2005
    Posts
    137
    #39
    What qualifications is a candidate required to meet before Joe CISSP should be willing to grant him an endorsement?

  16. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #40
    Quote Originally Posted by milliamp
    What qualifications is a candidate required to meet before Joe CISSP should be willing to grant him an endorsement?

    Is this just "this guy knows his stuff", or is it also "I believe this guy has 5 years of relevant experience"?
    If I were a CISSP and someone asked me for an endorsement, I would make sure that he meets the posted (ISC)2 requirements and qualifications for CISSP before I signed any of his/her paperwork. If the candidate ended up failing the audit, I would approach the (ISC)2 as his/her advocate and try to determine exactly what aspect of the candidate's credentials was rejected. And because the CISSP sponsor's reputation is on the line, I assume that there's an appeals process.

    This brings up a good point: what's the benefit for a CISSP to be a sponsor for a CISSP candidate? I understand the punishment factor for recommending a candidate that fails the audit, but what's the reward for one who passes?
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  17. Senior Member
    Join Date
    Apr 2004
    Posts
    1,939

    Certifications
    yes
    #41
    WOW, where the hell have I been? The CISSP is now created by its cult following members like "B" rated horror flicks. I do not know one CISSP (exception: keatron the best CISSP) so I am now forced with a decision to either cram this exam and jeopardize possible long term memory of information to merely pass the exam before Oct 1st or finish studying the exam at normal pace and jeopardize actualy obtaining the certification for lack of knowing a real world CISSP? A pass is a pass right? Or is it?

  18. Member
    Join Date
    Jul 2006
    Posts
    99

    Certifications
    A+, Network+, Security+, Linux+, LPIC-1, SFCAR, SFCSR, SFCSE, CEH, B.S. in MIS, M.Sc. in Info Security (NSTISSI No. 4011 - CNSSI No. 4013)
    #42
    Quote Originally Posted by garv221
    WOW, where the hell have I been? The CISSP is now created by its cult following members like "B" rated horror flicks. I do not know one CISSP (exception: keatron the best CISSP) so I am now forced with a decision to either cram this exam and jeopardize possible long term memory of information to merely pass the exam before Oct 1st or finish studying the exam at normal pace and jeopardize actualy obtaining the certification for lack of knowing a real world CISSP? A pass is a pass right? Or is it?

    Endorsement
    Once a candidate has been notified they have successfully passed the CISSP examination, he or she will be required to have his or her application endorsed by a CISSP before the credential can be awarded. If a CISSP is not available, another qualified professional with knowledge of information systems or an officer of the candidate's corporation can validate the candidate's professional experience.

    The endorser attests that the candidate's assertions regarding professional experience are true to the best of their knowledge, and that the candidate is in good standing within the information security industry.

  19. Junior Member
    Join Date
    Aug 2008
    Posts
    1
    #43

    Default Question about the requirments

    I really appreciate if any one can respond to my question.
    I have more than 10 years of experience in Desktop support, I created local accounts, installed smart cards, help users with password and access problems and everything that a desktop support would do. does that count as security experience?

  20. Drops by now and again astorrs's Avatar
    Join Date
    May 2008
    Location
    Vancouver, Canada
    Posts
    3,141

    Certifications
    I have numerous certs from VMware, Citrix, Microsoft, EMC, Nimble Storage, Palo Alto Networks and more...
    #44

    Default Re: Question about the requirments

    Quote Originally Posted by afhamed
    I really appreciate if any one can respond to my question.
    I have more than 10 years of experience in Desktop support, I created local accounts, installed smart cards, help users with password and access problems and everything that a desktop support would do. does that count as security experience?
    I don't think it will meet what they're looking for. Have a look here for more details on the applicable domains: https://www.isc2.org/cgi-bin/content.cgi?category=1187

    Also:

    Valid experience includes information systems (IS) security-related work performed as a practitioner, auditor, consultant, investigator or instructor, that requires IS security knowledge and involves the direct application of that knowledge. The five years of experience must be the equivalent of actual fulltime IS security work (not just IS security responsibilities for a five year* period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.

  21. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #45
    The CISSP experience requirement is for work that involves planning, designing, or managing Information Security policies, processes, or systems. Start the CISSP Exam Overview Flash presentation at www.cccure.org and look at sections 6, 7, and 8 to get a better idea of the work experience required for the CISSP.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  22. The Colosus of Clout Paul Boz's Avatar
    Join Date
    Oct 2006
    Location
    Baton Rouge, LA
    Posts
    2,607

    Certifications
    CCNP, CCIP, CCDP, CCDA, CCNA, CCNA Security, NSTISSI 4011, GSEC, GCFW, GCIH, GCIA
    #46
    The knowledge and experience isn't my problem. I've got five years of telecom infrastructure and network security engineering and I just got a new job doing risk management, risk assessments, pen testing, etc. I'm studying the CISSP resources available to me intensely. My problem is that I do not know any CISSPs and I don't know anyone that can vouch for me. I guess my plan is to sit the exam, pass it, then see what my options are. There are four people working on the CISSP at my new employer including myself, but until someone actually obtains it my company has no one that can vouch and I don't know anyone in a professional sense that holds a CISSP and will go out on a limb to vouch for me either. Now, assuming that a non-CISSP at my company (the CTO for example) can vouch for my experience, I'm fine. But if you actually need a CISSP to vouch for you as proposed, I'm screwed.

  23. Senior Member
    Join Date
    Mar 2007
    Posts
    12,308
    #47
    There are several people here who have offered to endorse candidates.

    http://techexams.net/forums/viewtopic.php?t=36120

  24. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #48
    You can also petition the (ISC)2 for a proxy endorser to be appointed for you. It's on the the (ISC)2 endorsement form.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

  25. Junior Member
    Join Date
    Sep 2008
    Posts
    5

    Certifications
    Security+, CISA, Infinidox ISMCP
    #49

    Default Re: New Requirements for CISSP.

    Quote Originally Posted by keatron
    Dear (ISC)2 Member,


    The new requirements include the following components:
    • The minimum professional experience requirement for CISSP certification will be 5 years of relevant work experience in two or more of the 10 domains of the CISSP CBK, or four years of work experience with an applicable college degree or a credential from the (ISC)2-approved list. The current requirements for the CISSP call for four years of work experience in one or more of the 10 domains of the CISSP CBK, or three years of experience with an applicable college degree or a credential from the (ISC)2-approved list.
    • Candidates for any (ISC)2 credential will be required to obtain an endorsement of their candidature exclusively from an (ISC)2-certified professional in good standing. The professional endorsing the candidate can hold any (ISC)2 certification – CISSP, SSCP or CAP. Currently, candidates can be endorsed by an officer from the candidate’s organization if no CISSP endorsement can be obtained. The board believes that only an (ISC)2-credentialed professional bound by its Code of Ethics should provide a candidate endorsement.
    Does anybody know what exactly it means to have an "an applicable college degree" ?

  26. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,600
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #50
    This has been debated in other threads in this forum, and I'm sure in the forums at www.cccure.org as well.

    The bottom line is only the (ISC)2 can determine what they consider to be an acceptable college degree. But if you have a 4-year undergrad degree from a mainstream university you are probably good. They may want to limit people with only Associates degrees and degrees from "odd" institutions of learning.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray

Closed Thread
Page 2 of 4 First 12 34 Last

Social Networking & Bookmarks