topic Mike Chapple On CISSP Experience Requirement--Beyond ISC2 Requirement? in Become A Member

Mike Chapple On CISSP Experience Requirement--Beyond ISC2 Requirement?

BeardedLaity — Mon, 31 Dec 2018 19:58:21 GMT

Previously, I was under the impression that you could weight your employment history to meet the experience requirement. For example, 5 years as a network admin with 20% of duties in security = 1 year towards CISSP experience requirements.

I took a LinkedIn/Lynda.com class by Chapple in which he states the following:

"That definition of experience doesn't leave very much wiggle room. Let's break down a few of the key requirements. First, the experience must be paid. You may not count volunteer or informal positions toward the experience requirement. You must be employed full time in a security position. Part-time positions and part-time job responsibilities don't count. Experience must be directly in the information security field. Jobs that are simply related to security, or involve security-related responsibilities, don't count."

I know part of that is incorrect because (ISC)2 states on their CISSP experience requirements page that they accept part-time positions of 20-34 hours per week and paid or unpaid internships. I'm hoping he's mistaken on the "direct" experience also.

Has anyone been successful in getting (ISC)2 to endorse you with network and sysadmin titles in your background?

Re: Mike Chapple On CISSP Experience Requirement--Beyond ISC2 Requirement?

rslade — Tue, 01 Jan 2019 01:01:42 GMT

> BeardedLaity (Viewer) posted a new topic in Certifications on 12-31-2018 02:58

> Previously, I was under the impression that you could weight your employment
> history to meet the experience requirement. For example, 5 years as a network
> admin with 20% of duties in security = 1 year towards CISSP experience
> requirements.

Well, the first question to ask is: do you know any CISSPs to endorse you? The
experience requirement is mostly for the endorsement part of the certification
process. (Although, as a seminar facilitator, I was always very pleased by the fact
that, unlike most other educational situations, pre-requisites [vis: the five year
requirement] were actually taken seriously.)

I haven't endorsed many, but I'd agree with your take on it.

> I took a LinkedIn/Lynda.com class by Chapple in which he
> states the following: "That definition of experience doesn't leave very much
> wiggle room. Let's break down a few of the key requirements. First, the
> experience must be paid. You may not count volunteer or informal
> positions toward the experience requirement. You must be employed full time in
> a security position. Part-time positions and part-time job responsibilities
> don't count. Experience must be directly in the information security
> field. Jobs that are simply related to security, or involve security-related
> responsibilities, don't count." I know part of that is incorrect because
> (ISC)2 states on their CISSP experience requirements page that they accept
> part-time positions of 20-34 hours per week and paid or unpaid internships.

He's sort of got a point, but he's taking a pretty hard line on it. Yes, we want to
be sure you actually have security experience. But security is a pretty broad field,
and encompasses a lot. And most of us old-timers never had jobs with "security"
in the title when *we* got the cert.

Again, someone with a CISSP who knows you and your background will be a big
help. If you are self-endorsing, and submitting material to ISC2, you'll need to be
very explicit in your documentation about what "security" work you actually did
in a specific job.

> I'm
> hoping he's mistaken on the "direct" experience also. Has anyone been
> successful in getting (ISC)2 to endorse you with network and sysadmin titles in
> your background?

Me, personally? No. People in my seminars? Yeah, lots.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
Scientists are treacherous allies on committees, for they are apt
to change their minds in response to arguments. - C. M. Bowra
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

Re: Mike Chapple On CISSP Experience Requirement--Beyond ISC2 Requirement?

CISOScott — Wed, 02 Jan 2019 13:36:31 GMT

Has anyone been successful in getting (ISC)2 to endorse you with network and sysadmin titles in your background?

Yes. What I did when I submitted my CV is that I clearly broke down my experience for the ISC2 reviewers. For each job that I listed I showed what domains I had the experience in with time length clearly stated and then made sure that my resume backed it up clearly.

Don't make it hard on them. Clearly show where your experience lies. You know what you have done and can speak to it better than just a few lines in a paragraph.