Re: DPO as CISSP work experience

CristinaDeLisle · ‎02-06-2019

Hello,

I am currently a Data protection officer and I was wondering if my work experience in this role can be considered valid for a CISSP certification. Does it fall traditionally under at least 2 of the 8 domains?

Thank you for your time and have a great day!

wimremes · ‎02-06-2019

I think it depends on a few factors :

* what are your responsibilities as a DPO? My understanding is that the general tasks of a DPO are as follows:

a. monitoring an organisation’s compliance

b. informing and advising on its data protection obligations

c. and acting as a contact point for data subjects and the relevant supervisory authority

* Is the DPO role a full time position or not?

Given the current 8 domains, I would only see the work of a DPO (based on the description above) fitting "Security and Risk Management" for the FTE time you spend on it.

Current 8 domains for reference :

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security

Sic semper tyrannis.

CristinaDeLisle · ‎02-06-2019

Thank you for your answer. Indeed, it seems to fit into that domain, those are the tasks I am performing. Currently I perform 50% of my time working as a DPO and I'm doing so for the last year.

I am considering to advance to doing the other 50% of my time as a System Administrator, which can lead me to getting a SSCP credential in the following years.

I have also a 4 years college degree and I'm preparing to get a IAPP-EU and a CIPM certifications.

I was wondering if sitting at a ISC2 exam for a CISSP is a valid option, considering my career plans and how long it will take me to have the right amount of years of experience as DPO and Sys. admin. (or if that fits in the certification requirements).

Have a nice day and thanks again for your answer!

rslade · ‎02-06-2019

> CristinaDeLisle (Viewer) posted a new topic in Certifications on 02-06-2019

> Hello

Hi, there.

> I am currently a Data protection officer and I was wondering if my
> work experience in this role can be considered valid for a CISSP certification.
> Does it fall traditionally under at least 2 of the 8 domains?

I'd say three: Asset Security, probably Identity and Asset Management, and Security Operations.

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

CristinaDeLisle · ‎02-06-2019

Thank you for you answer! Do you by any chance know if the experience as system administrator can enter in some of the domains? It is indicated clearly for a SSCP credential, but I was wondering if it could qualify also for a CISSP. A system administrator is a more traditional career than a DPO for assessing the relevant work experience, so I assume there is a practice so far which was established. If it does, I could add both experiences for validation, after sitting for an Associate of ISC2 with the CISSP pathway.

Have a nice evening and thank you again for you time!

wimremes · ‎02-07-2019

Hi Cristina,

Most system administrators perform a lot of different tasks that are not always clearly identified as separate responsibilities so I would definitely take some time to list them individually. Deploying GPOs across an IT estate seems like an atomic task but it also involves asset management, risk management, etc. etc. to manage it successfully. The same goes for firewall administration, patch management, and a load of other tasks you would perform on a daily basis.

I would say it is definitely worth it to sit for the exam and go for the Associate of ISC2 if it turns out you're not having the required years of experience.

Sic semper tyrannis.

CristinaDeLisle · ‎02-07-2019

Ok, thanks for the answer. Indeed, my option is to sit for an Associate degree for now and make these questions to be my problems for the next 6 years available to validate the necessary work experience.

Have a wonderful day!