cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gen90
Newcomer I

Domain mapping for CISSP experience requirement

Hi,

i am trying to figure out if the following scenario would let me achieve cissp qualification after passing the exam

 

 

could i have 2 years of experience at one job in ONE domain ( say risk management only) and another 3 years of experience at ANOTHER job with ANOTHER one domain(say just the asset security)? will that be eligible for overall 5 years of experience?

 

OR do i need 2 domain experience in both of the jobs to make them both eligible individuallu to count towards experience

 

I hope it makes sense what i am trying to say

8 Replies
Steve-Wilme
Advocate II

You could argue that InfoSec is a risk management discipline in itself.  There would be no need for security controls unless there were risks.  A reasonable way to approach this would be to look beyond the job titles you've had and into the actual content of each role and figure out how this aligns to CBKs.  For example, I've held positions in which my title was manager, but in which I also did hands on work in many of the domains, due to staff shortages.  Also I'd suggest you discuss it with whoever you're intended to endorse your application before you make it.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
emb021
Advocate I

Its supposed to be *2* domains over 5 years.

 

Does it have to be the same domains over that period, no.  But you need experience in 2 domains.

 

I had the same thing with my ISACA certs.  I had to indicate what jobs and their periods and what domains over the 5 year period.

 

So long as I had experience in at least 2 domains, I was ok.

 

I think the same idea would be how ISC2 works.

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
gen90
Newcomer I

Those are job descriptions(summary), not the titles.
AppDefects
Community Champion

Sounds reasonable if you go ahead and map the number of months experience to a domain. Does matter if it is with different employers. 

emb021
Advocate I

Ok, maybe this will help.

 

From 2016-2017, at employer X, you held position such and such.

In that position, you did work that covers domain A, C, and D

 

From 2017-2018, at employer Y, you held a different position

In that position, you did work that covers domain A, B, and F

 

In 2019, at employer Y, you held yet a different position

In that position, you did work that covers domains B, C, and G

 

So for 5 years you did work in at least 2 domains, even if they weren't always the same.

 

I know when I applied for CISSP 4+ years ago, I submitted an edited resume that I made clear what domains I was involved with at my previous positions.  As the person endorsing me was a former co-worker, didn't have an issue in that regards.

 

Not sure how the current endorsement form works.  The above is similar to what I had to cover with my ISACA certs, FWIW.  To be simple, I left out months, but realistically, you'd have to account for that.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
gen90
Newcomer I

This is where my confusion comes, I am getting mixed answers. People above you mentioned its accumulative but you are saying it has to be 2 or more domains at each job.

So if i work at one job for 3 years on two domains ( says domain 1 and 3)

and next job 2 years but only worked at 1 domain ( say domain 2?)
Does that mean my last 2 years of job experience wont count? because it was only with 1 domain?

amandavanceISC2
Moderator

@gen90 Thank you for your inquiry. The 5 years in at least 2 of the 8 domains can be earned at separate times, they do not all have to be earned in the same place. 

 

Example:

Job A: 4 years and 11 months - domain 4

Job B: 1 month - domain 5

 

This is 5 years in at least 2 of the 8 domains

 

Best Regards,

Amanda Vance

Steve-Wilme
Advocate II

It used to be the case that you had to include a resume.  That was 10 years + ago though.

That should clear up any ambiguity regarding experience.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS