Hope that someone can point me in the right direction. I recently passed the SCCP and am now studying for the CISSP.
Having spent the best part of 20 years working in the citrix, vmware, windows arena. My question is does this qualify me for membership ?. I noticed when I run through the endorsement process it asks me for an ISC2 member to endorse me. The challenge I face is. I do not know any ISC2 member in person. Apart from meeting my instructor on the CISSP course which I attended through a training company called ITGovernance. Another challenge is I am self employed and can only be vetted by my previous managers i worked with.
How does someone like myself achieve ISC2 membership ? or do I just follow the path of an associate ?
Assuming that you will be able to pass the CISSP exam, you need to demonstrate to have worked in at least 2 of the 8 domains during at least 5 years. The five domains are Security and Risk Management, Asset Security, Security Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations and Software Development Security.
I think that somebody like you, that has worked with Citrix, VMware and Windows, probably has experience in at least the Identiy and Access Management domain, the Security operations (e.g. rights management etc.) and probably Communications and Network security domains So, given that you can provide references to proof this, you may well already qualify. It is, of course, up to the judgement of (ISC)2, but I think you can be confident that you stand a good chance here, after all you have been in the field for 20 years.
About the endorsement: if you do not know any (ISC)2 certified person, you can ask (ISC)2 itself to endorse you. The endorser only needs to know you sufficiently enough to attest that your assertions regarding professional experience are true to the best of the endorser’s knowledge, and that you are in good standing within the cybersecurity industry.
Thanks for your detailed response Heinrich.
I agree with Heinrich above. I myself worked with VMWare, Citrix, Windows, and Unix/Linux for 20 years. Back when I started there wasn't a separation between SYS Admins and Security in the first company I worked at. We did a bit of everything IT related in the company. Showing that you have experience working in 2 of the 8 domains should not be that big of an issue if you can find a way to show it. I also spent several years being in charge of SCCM and server patching and fw administration which sparked my interest in Security. Good Luck and Put your Best Foot Forward!!!
Congratulations on passing your SSCP.
Unfortunately, at this time we are not able to let you know prior to receiving your application if you qualify for the certification. You will need to complete an application for our team to review. I
If you do not know an (ISC)2 certified member, you can ask (ISC)2 to endorse your application. When you log into the endorsement application, you can select (ISC)2. You would complete the application and provide supporting documentation. Then your application will be sent to an (ISC)2 staff member to review your work experience.
For more information about the endorsement process, please feel free to contact our Endorsment Team at firstname.lastname@example.org.
I just asked ISC2 to endorse me when I passed the CAP. I filled out their questionnaire and the process was easy. I was even audited and it went like a breeze. I was very happy with the process as I didn't know any other people who where CAP certified.