i am trying to figure out if the following scenario would let me achieve cissp qualification after passing the exam
could i have 2 years of experience at one job in ONE domain ( say risk management only) and another 3 years of experience at ANOTHER job with ANOTHER one domain(say just the asset security)? will that be eligible for overall 5 years of experience?
OR do i need 2 domain experience in both of the jobs to make them both eligible individuallu to count towards experience
I hope it makes sense what i am trying to say
You could argue that InfoSec is a risk management discipline in itself. There would be no need for security controls unless there were risks. A reasonable way to approach this would be to look beyond the job titles you've had and into the actual content of each role and figure out how this aligns to CBKs. For example, I've held positions in which my title was manager, but in which I also did hands on work in many of the domains, due to staff shortages. Also I'd suggest you discuss it with whoever you're intended to endorse your application before you make it.
Its supposed to be *2* domains over 5 years.
Does it have to be the same domains over that period, no. But you need experience in 2 domains.
I had the same thing with my ISACA certs. I had to indicate what jobs and their periods and what domains over the 5 year period.
So long as I had experience in at least 2 domains, I was ok.
I think the same idea would be how ISC2 works.
Sounds reasonable if you go ahead and map the number of months experience to a domain. Does matter if it is with different employers.
Ok, maybe this will help.
From 2016-2017, at employer X, you held position such and such.
In that position, you did work that covers domain A, C, and D
From 2017-2018, at employer Y, you held a different position
In that position, you did work that covers domain A, B, and F
In 2019, at employer Y, you held yet a different position
In that position, you did work that covers domains B, C, and G
So for 5 years you did work in at least 2 domains, even if they weren't always the same.
I know when I applied for CISSP 4+ years ago, I submitted an edited resume that I made clear what domains I was involved with at my previous positions. As the person endorsing me was a former co-worker, didn't have an issue in that regards.
Not sure how the current endorsement form works. The above is similar to what I had to cover with my ISACA certs, FWIW. To be simple, I left out months, but realistically, you'd have to account for that.
@gen90 Thank you for your inquiry. The 5 years in at least 2 of the 8 domains can be earned at separate times, they do not all have to be earned in the same place.
Job A: 4 years and 11 months - domain 4
Job B: 1 month - domain 5
This is 5 years in at least 2 of the 8 domains
It used to be the case that you had to include a resume. That was 10 years + ago though.
That should clear up any ambiguity regarding experience.