In the process of studying for the CISSP and need a bit of advice on the experience requirement.
Been working for the same institution for twenty years and ten of which as the sole security specialist as we did not have an ISO but my contractual title was Senior Systems Administrator. My institution would undoubtedly offer a letter of reference but am unsure if this would be enough to satisfy the requirement. Been ISO for two years now and still a security team of one.
@Mucklor It does not matter what your job title is / was but rather what job duties you performed. There tend to me many roles in which people are involved with security but do not even realize it because it is not in their title or job description.
It's definitely about the content of your actual experience, rather than job title or even your actual job description. In most jurisdictions carrying out a duty without protest means that it becomes part of your job responsibilities, as if your written job description had been varied. All you need is for the person verifying your application to know what you've actually been doing in your job and how that relates to the various domains.
If you are using a book or something that outlines the domains in detail, allow yourself a few moments after reviewing the section to reflect on your career. Does a task or tasks I performed fit the domain I'm studying? How often did I perform the task? Relating to the domains in terms of your work experience may help you in future job interviews, help make the material a little less dull, and help you complete your application for endorsement.
I used one of my CISSP study books to assign job tasks to domains. I also made sure to include more domains than needed in case the endorser disagreed with my assessment.