Hello from Japan.
I'm planning to take CISSP exam in April 2019, and I am wondering if my experience would satisfy the requirement as far as its length is concerned. I have Security+ for one-year waiver, so the required experience would be 4 years.
I started working for my current program in August 2015 (I had no previous cybersecurity experience), and I have a plan to study abroad in October 2019, so I am planning to leave the program at the end of July 2019.
If I can be cetified for CISSP, it will be a very good way for me to prove my experience to my future employer, but I am a little concerned because my experience will be like "precisely" 4 years.
Given the above schedule of my timeframe, should I still aim to be certified before I start studying abroad, or should I postpone being certified and settle at Associate status first? (Of course, after passing the exam)
Good luck with your CISSP studies!
In terms of the experience requirements these are defined here:
As long as the work you are currently doing is across 2 or more of the current 8 CISSP domains then it should all count.
Then the main question to answer is will you have completed 48 months of at least 35 hours' work for each month by the time you leave your current role?
If you didn't start at the beginning of August 2015 or will leave before the end of July 2019, or if you were on vacation / sick leave at any point and didn't make up the work to total at least 35 hours for each month then technically you are below the requirement.
Thank you for your reply! I'll do my best!
Thanks also for the precise description of the requirement! I'll think about it and if I go for it and the endorsement process says no, then I'll stay Associate for a while 🙂
Ooops - I put 35 hours per month! That should be 35 hours per week!
I should also add, if you are below the requirement, given you are going on to do studies rather than further employment, then go for Associate. This way you get 6 years to earn the extra experience needed for the CISSP as opposed to 9 months to complete a CISSP endorsement.
I thought so about the 35 hours 😛
I guess there is no harm in waiting for being certified. In the case where I decide to stay Associate, I'll make sure to keep in touch with my current employer so I can prove my experience in Japan later.
Any evidence you might have such as a signed contract of employment showing your start date, and an acceptance of resignation letter showing your end date are a big help to an endorser - although if these are written in Japanese your endorser will also need to speak that language for them to be useful!
Another option you could consider if you're short of the experience requirement is part-time work during your studies. You can work between 20-34 hours per week part-time and count this towards your experience. See the link I posted in my first reply for full details.
... if you were on vacation / sick leave at any point and didn't make up the work to total at least 35 hours for each
monthweek then technically you are below the requirement.
Think like a CISSP, not a techie. They are asking for 5-years full-time experience (or equivalent). They are not asking for 10,000 hours of experience.
Don't overthink it and don't focus on the technicalities. The spirit of the rule is that if you were continuously employed in a job that is defined as 35 or more hours per week, it is full-time, from the first day worked till the last day worked. Paid time-off normally does not count against a job being considered full-time.
I am very new on ICS training and certifications.
I am still confused requirement.
For example, I graduated Electronic Engineer. Currently my position is System Engineer. I deploy and conduct security solutions to customers. I have 4 years experience and I was doing Network Engineer, System administrator before. I work 40hours week.
Also I have an professional certifications.
Can I take CISSP certification exam? How can prove to I have enough experience?
Thanks denbesten - I appreciate your input.
I have endorsed a number of CISSPs down the years and have always made sure they have fulfilled the experience requirements down to the hour!
I have already been told by someone from ISC2 the checks I make on the CISSP candidates who ask me to endorse them are far more thorough than those they would do themselves.
Although, if ISC2 was to query any of my future endorsements, I'm not sure I would be comfortable saying I was following the spirit of the rule when the rule is spelled out in black and white quite clearly - I'd rather know that they 100% have met the criteria before providing my endorsement.
"Full-Time Experience: Your work experience is accrued monthly. Thus, you must have worked a minimum of 35 hours/week for four weeks in order to accrue one month of work experience."
All of the details you need are contained in the above link.
You should be able to use your Microsoft certs to cover 1 year of the experience requirements. Ironically none of the security focused ones you have will count!
Although, from memory, Microsoft certs never expire (e.g. I will take my Microsoft Exchange 5.5 MCP to my grave!), so I don't know if the MCSA/MCSE needs to be on current vendor supported version? The requirements only state that you hold the certification.
Assuming you can use the Microsoft certs, or perhaps if your degree was a 4-year course, then as long as the work you have been doing for 4 years covers 2 of the 8 current CISSP domains then you should be OK. It sounds like it should.
Please read the rest of the thread regarding exactly how much experience you need? My opinion is you should be able to account for the time down to the exact number of hours required (4 years x 12 months x 4 weeks x 35 hours). Others follow a spirit of the rule where time off/sick leave shouldn't count against you.
In terms of proof, when you go for endorsement you can provide evidence of employment, you will also be asked to provide contact details for your supervisor(s) during the periods of employment you list in your endorsement application so the endorser can follow up with them for verification.
You're probably no clearer on whether or not you meet the requirements after reading this, but hopefully someone from ISC2 will give a definitive answer soon!