I would like to become a CISSP, but am wondering about the experience req's.
I have a 4-year college degree.
I have 10+ years of professional work experience selling hardware and software technology solutions to B2B clients. Most recently as an account executive for an IT MSP. My work experience consists of prospecting, business development, lead/demand generation, presentations, qualifying customer requirements, proposals, contract negotiation/closing; revenue generation, client/account,management, pipeline and quota attainment RFP responses, etc..My compensation is at least half commission.
The contracts I negotiate and close are for help desk, network, security services, app dev, pen testing, security/vulnerability assessments, IT projects, procurement, cloud hosting, backups, MDM, etc. Most everything my employer delivers provides value in at least one of the CBK domains. I'm knowledgeable of and conversant in most of the domains -- inch deep, mile wide style usually in the context of value props/ROI.
I've never worked tech support or been a server/network admin, technician or coder. I sell services in those realms to technical buyers. To fulfill the contracts I negotiate with clients, my company has its own SMEs in a given domain or outsources/sub-contracts to fill the need.
I feel If I put in the effort I could learn the CBK material enough to pass the exam. But, does my professional work experience qualify me for certification?
If you're actually involved in the scoping of the technical aspects of the security related solutions you sell, then, yes, that's potentially valid experience.
Some of the usual jobs/tasks that qualify as valid experience are hands-on, but there are many more that are more consultative in their nature and pre-sales activities can encompass some of those jobs/tasks.
However, by the sounds of it, you likely have SMEs doing all of the scoping and then just passing you a BoM to quote, and then you perform commercial negotiations from there. If that is the case, then, no, that's not valid experience.
Thanks for the reply,
Another facet to consider: About1/2 of my compensation comes from commissions from sales contracts that I close. Meaning: By design, my position is financially incented/motivated to close contracts, if I don't sell I don't earn (a level of income that I want anyway). My personal interests are served by closing deals with customers. Customers must of course do their own due diligence to ensure ROI and CBA for the contracts I offer are acceptable to them - and they are typically "win/win.". Does any of this conflict with the ISC code of ethics?
The code of ethics is here:
The 4 main canons are:
As long as your goods and services deliver security for your customers, then you're already performing canons 1 and 4. Canons 2 and 3 are related to how you act as a professional.
Nowhere does it say you can't earn a good living from providing your goods and services.