i am trying to figure out if the following scenario would let me achieve cissp qualification after passing the exam
could i have 2 years of experience at one job in ONE domain ( say risk management only) and another 3 years of experience at ANOTHER job with ANOTHER one domain(say just the asset security)? will that be eligible for overall 5 years of experience?
OR do i need 2 domain experience in both of the jobs to make them both eligible individuallu to count towards experience
I hope it makes sense what i am trying to say
You could argue that InfoSec is a risk management discipline in itself. There would be no need for security controls unless there were risks. A reasonable way to approach this would be to look beyond the job titles you've had and into the actual content of each role and figure out how this aligns to CBKs. For example, I've held positions in which my title was manager, but in which I also did hands on work in many of the domains, due to staff shortages. Also I'd suggest you discuss it with whoever you're intended to endorse your application before you make it.
Its supposed to be *2* domains over 5 years.
Does it have to be the same domains over that period, no. But you need experience in 2 domains.
I had the same thing with my ISACA certs. I had to indicate what jobs and their periods and what domains over the 5 year period.
So long as I had experience in at least 2 domains, I was ok.
I think the same idea would be how ISC2 works.
Sounds reasonable if you go ahead and map the number of months experience to a domain. Does matter if it is with different employers.