In the process of studying for the CISSP and need a bit of advice on the experience requirement.
Been working for the same institution for twenty years and ten of which as the sole security specialist as we did not have an ISO but my contractual title was Senior Systems Administrator. My institution would undoubtedly offer a letter of reference but am unsure if this would be enough to satisfy the requirement. Been ISO for two years now and still a security team of one.
@Mucklor It does not matter what your job title is / was but rather what job duties you performed. There tend to me many roles in which people are involved with security but do not even realize it because it is not in their title or job description.
It's definitely about the content of your actual experience, rather than job title or even your actual job description. In most jurisdictions carrying out a duty without protest means that it becomes part of your job responsibilities, as if your written job description had been varied. All you need is for the person verifying your application to know what you've actually been doing in your job and how that relates to the various domains.
If you are using a book or something that outlines the domains in detail, allow yourself a few moments after reviewing the section to reflect on your career. Does a task or tasks I performed fit the domain I'm studying? How often did I perform the task? Relating to the domains in terms of your work experience may help you in future job interviews, help make the material a little less dull, and help you complete your application for endorsement.
I used one of my CISSP study books to assign job tasks to domains. I also made sure to include more domains than needed in case the endorser disagreed with my assessment.
Prior to endorsement, make sure your resume/cv includes experience and technologies that match up to the years of experience and domains of the certification needed. You also need to make sure the endorser also has a CISSP or in some cases (thinking government supervisor) can validate that you performance was in those areas. So basically if I was endorsing you having worked with you but not at other positions or companies I would look at the position description you provided, years at that position/company, and then see if anything in the description matches up to the domain.