CISSP Professional Experience Requirements

**BWW1981** · 12 August 2008, 05:57

Do you have any other certs? (MCSE etc) Some of those knock a year off the required experience.

**Dante** · 12 August 2008, 09:39

They are not mega strict on dates but they do contact employers to ask.

I had been working in associated fields for 10 years but never solely in security. i.e I was Infrastructure support in one contract where I looked after firewalls for 25% of the time - so that counted...

I told them about the relevant bits of the relevant jobs and it was approved with no problem.

The exam is easy but very long and boring. You'll meet some proper freaks on the day. I did mine in Egham and there were bods fro all over India with zero security experience who turned up just to 'write the exam'.

Madness.

**Advocate** · 12 August 2008, 09:44

Yep,

The requirements have recently changed, you now need 5 years direct experience across 2 domains.

It depends how security focussed your previous work was; it sounds like it wasn't full time direct work,I believe help-desk wouldn't count.

Dante's (fellow Egham(er)) right though they're not mega strict, look on the approved list for waivers etc too.

**ratewhore** · 12 August 2008, 12:24

Overated certification imho, but a necessary evil to get past dumbass pimps...

**Advocate** · 12 August 2008, 12:38

Originally posted by ratewhore View Post

Overated certification imho, but a necessary evil to get past dumbass pimps...

WHS

**DieScum** · 12 August 2008, 12:52

Thanks for the replies guys.

Talking to people it seems a well regarded cert from people who don't have it. Probably because the books look big and foreboding.

Can't hurt to get it.

I've certainly got experience across multiple domains but I don't kknow how hard I can spin things to get the five years.

I actually did about nine months working as a cryptography consultant... but it wasn't hardcore stuff just telling people how to implement a simple API for the product. Could probably shift the dates a bit to a year.

The last three years been working on various things touching some vaguely security stuff but not full time. So patch management, risk analysis. Also done a fair bit of ITIL stuff so done business continuity stuff.

Even if that counts I still need another year... I wonder if I could spin AD support as security related... anyway I can still sit the exam without the experience and become an associate and then get CISSP when the experience is done.

**ratewhore** · 12 August 2008, 12:54

Associate CISSP will still come up in a pimps keyword search

**ft101** · 28 August 2008, 17:07

I've got it, agree with whats said previously. I wouldn't say its easy but not that hard either.

**moorfield** · 8 September 2008, 18:25

Originally posted by DieScum View Post

Even if that counts I still need another year... I wonder if I could spin AD support as security related... anyway I can still sit the exam without the experience and become an associate and then get CISSP when the experience is done.

Looking at doing this too, I'm thinking more about life after development in IBs now and this is a field that actually interests me. So you can do the exam first then before starting the experience? - that would be a handy to have on the CV for me.

CISSP Professional Experience Requirements