topic Re: What exactly is the requirement for getting CISSP certified in Exams

What exactly is the requirement for getting CISSP certified

fedoracore123 — Mon, 09 Oct 2023 09:56:05 GMT

Hi everyone,

This has been a concern for me, for sometime now (Almost two years). I am getting conflicting information regarding the requirements to get CISSP certified. According to Mike Chapple (Author of one of the resources) he is giving this answer "You need to have five years of cybersecurity experience to earn CISSP. I’d suggest starting with Security+"

Here mentions that "Cybersecurity experience" not just IT experience.

Who is correct here? I have second thoughts of taking the exam because of this. I have more than 14 years of experience. When I checked with other two CISSP certified individuals, they point out that you need experience in any one of the domains not "cybersecurity" specifically.

Re: What exactly is exact requirement for getting CISSP certified

AviOz — Thu, 08 Jul 2021 09:25:19 GMT

Hi fedoracore123,

You can find all the information details regarding to be a CISSP certified on the following link including the work experience.

https://www.isc2.org/Certifications/CISSP

Good luck on your CISSP study journey 🙂

Re: What exactly is exact requirement for getting CISSP certified

fedoracore123 — Thu, 08 Jul 2021 09:31:42 GMT

Thanks mate, So Mike Chappel is incorrect then.

Re: What exactly is the requirement for getting CISSP certified

fedoracore123 — Thu, 08 Jul 2021 11:42:00 GMT

Thanks this makes sense. I think Mike needs to correct his statement.

Re: What exactly is the requirement for getting CISSP certified

AndreaMoore — Thu, 08 Jul 2021 13:32:47 GMT

@Keerthana wrote:

i think this link may be helpful:

https://www.isc2.org/Certifications/CISSP/experience-requirements

@fedoracore123 it is best to use the information found on the isc2.org website. Use this link as a resource that was posted above.

Re: What exactly is the requirement for getting CISSP certified

fedoracore123 — Sat, 17 Jul 2021 11:07:27 GMT

Mike Chappell is giving a different answer...

Re: What exactly is the requirement for getting CISSP certified

denbesten — Sun, 18 Jul 2021 05:04:39 GMT

@fedoracore123 wrote:
Mike Chappell is giving a different answer...

This is an opportunity to understand how a CISSP would analyze this disconnect.

Mike Chappell, CISSP, is a well known author who wrote the "official study guide". He is employed by Notre Dame University, teaching grad-level cybersecurity. One generally would accept answers he gives to security topics.

Andrea Moore, on the other hand does not hold any certificates (to my knowledge), and does not profess to be a security expert. Her relevant claim-to-fame is being an (ISC)² employee who is charged with managing the community.

With respect to (ISC)² policies, I would pick Andrea's answer over Mikes every time. She is an (ISC)² employee, so in the domain of "(ISC)² policies", her words carry a much stronger weight than a CISSP -- even one of Mike's caliber. Further, Andrea cited an official source, whereas Mike restated in his own words (presumably). And, Andrea's response was current at the time of answering the question whereas Mike was current as of the time that the book was printed.

As a CISSP, when faced with multiple different answers, the job is to pick the best one, not just the first one that is "close enough".

... with apologies to Andrea and/or Mike if I offended.

Re: What exactly is the requirement for getting CISSP certified

fedoracore123 — Sun, 18 Jul 2021 05:41:07 GMT

Thanks for your comments. A year back I wanted to begin the CISSP journey. One of the reasons was the answer given in the CISSP study guide and by Mike deterred me from taking the exam. In the LinkedIn course, Mike mentions the same thing. Thanks for the input.

I wish he could correct it in the book and the video. Not sure why it's not corrected.

Re: What exactly is the requirement for getting CISSP certified

AndreaMoore — Mon, 19 Jul 2021 22:23:44 GMT

Any candidate who has questions about certification experience requirements should refer to the requirements listed on the (ISC)² website: https://www.isc2.org/Certifications/CISSP/experience-requirements. If they have further questions they should contact Candidate and Member Services at https://www.isc2.org/Contact-Us.

Re: What exactly is the requirement for getting CISSP certified

fedoracore123 — Tue, 20 Jul 2021 05:28:55 GMT

Thanks Andrea, my only concern is that Mike Chappel continues to give an answer that does not match with ISC2 and yet his book is the official study guide. It would be good if someone could contact Mike from ISC2 side to correct this. Statements from Mike seems to be causing confusion.

Thanks!!

Re: What exactly is the requirement for getting CISSP certified

denbesten — Tue, 20 Jul 2021 17:37:15 GMT

IMHO "five years of cybersecurity experience" seems like a good one-sentence summary of the requirements as laid forth on the official web site.

If you feel a correction is needed to any book, the general process is to contact the publisher, so it can be added to the errata. In this case, here is the publisher's Contact info (wiley.com) and the current errata for the book.

Re: What exactly is the requirement for getting CISSP certified

fedoracore123 — Wed, 21 Jul 2021 12:06:18 GMT

This again is a wrong interpretation. Cybersecurity is not must. Its just IT domains. I hope people stop interperting like this. It's causing a roadblock to prospective test takers...

Re: What exactly is the requirement for getting CISSP certified

MikeChapple — Wed, 04 Aug 2021 19:07:46 GMT

Hi folks,

This thread was just brought to my attention and I'd like to clarify. The statements that I make in the Official Study Guide and my LinkedIn Learning courses are correct. To earn your CISSP, you must have five years of experience in cybersecurity (with an exception if you qualify for the one-year experience waiver).

The only statement (ISC)2 has made here is referring people to the website that contains the detailed requirements. That does not contradict what I've said. To quote directly from the website: "Candidates must have a minimum of five years cumulative paid work experience in two or more of the eight domains of the CISSP CBK."

The eight domains of the CISSP CBK are the eight domains of cybersecurity. Therefore, you must have five years of experience in cybersecurity to earn the CISSP.

Someone here made the statement that you just have to have five years of IT experience. This is not correct. If you have IT experience that does not match one of the eight domains of cybersecurity, it does not qualify as required experience for the CISSP.

Best regards,

Mike

Re: What exactly is the requirement for getting CISSP certified

fedoracore123 — Thu, 05 Aug 2021 06:17:08 GMT

Thanks Mike, do you think I qualify for taking the CISSP exam? Here is my profile. Just to get some clarity. https://www.linkedin.com/in/binoy-chacko-105623a/ Most of the CISSP professionals that I check with are saying I qualify, I just want to hear your take. AndreaMoore Please let me know your thoughts as well. Personally think this needs clarity.

Here is my detailed resume as well.

Re: What exactly is the requirement for getting CISSP certified

Kaity — Thu, 05 Aug 2021 13:07:40 GMT

Hello @fedoracore123!

I just took a look at your LinkedIn. Please keep in mind that even though I work at (ISC)², this is my opinion and not an official endorsement 😉

Since you have a degree in electronics engineering, that waives one year of the required experience for CISSP. So, you only need 4 years in any 2 of the 8 domains.

Domain 1. Security and Risk Management
Domain 2. Asset Security
Domain 3. Security Architecture and Engineering
Domain 4. Communication and Network Security
Domain 5. Identity and Access Management (IAM)
Domain 6. Security Assessment and Testing
Domain 7. Security Operations
Domain 8. Software Development Security

In looking at your LinkedIn, I don't think you should have any issue qualifying your experience in the endorsement process.

Re: What exactly is the requirement for getting CISSP certified

fedoracore123 — Thu, 05 Aug 2021 13:12:39 GMT

Thanks! just what exactly is this "Cybersecurity" what Mike Chappell is emphasizing? He has responded to the thread. I think the terminology is causing confusion.

Re: What exactly is the requirement for getting CISSP certified

Kaity — Thu, 05 Aug 2021 13:20:58 GMT

Sure! I believe what Mike is saying is that it's not simply "five years of IT work" - but experience within the specific domains - which I listed in my last post - of the CISSP. You need to have job experience in at least two of those domains (looking at your LinkedIn, my guess for you is that you have experience in Communication and Network Security and Security Operations at least).

When he says "Cybersecurity" - he means the domains, specifically for that certification.

Other (ISC)² certifications have different domains and different experience requirements, so it's not as generic as simply "IT experience." I hope that makes sense!

Re: What exactly is the requirement for getting CISSP certified

fedoracore123 — Sat, 07 Aug 2021 07:57:22 GMT

Thanks. So, after looking at my resume and profile. I should definitely qualify for the exam right? Kindly confirm, It's a considerable investment time and money for this exam. I don't want to waste my time in pursuing something that I am not qualified to.

Re: What exactly is the requirement for getting CISSP certified

Kaity — Mon, 09 Aug 2021 13:38:09 GMT

Hi @fedoracore123 - as I said before, I can't promise that. You'll still need to go through the endorsement process after you pass the exam and have your experience verified by the team that is responsible for that process. But from your LinkedIn page, it looks good!

Re: What exactly is the requirement for getting CISSP certified

fedoracore123 — Mon, 09 Aug 2021 14:15:12 GMT

So basically any candidate taking the exam is in the dark till the endorsement works. Just curious what is the whole purpose so asking candidates if they qualify to take the exam?

Appreciate your response. I haven't still heard from Mike as to my eligibility to take the exam.