This has been a concern for me, for sometime now (Almost two years). I am getting conflicting information regarding the requirements to get CISSP certified. According to Mike Chapple (Author of one of the resources) he is giving this answer "You need to have five years of cybersecurity experience to earn CISSP. I’d suggest starting with Security+"
Here mentions that "Cybersecurity experience" not just IT experience.
Who is correct here? I have second thoughts of taking the exam because of this. I have more than 14 years of experience. When I checked with other two CISSP certified individuals, they point out that you need experience in any one of the domains not "cybersecurity" specifically.
You can find all the information details regarding to be a CISSP certified on the following link including the work experience.
Good luck on your CISSP study journey 🙂
i think this link may be helpful:
@fedoracore123 it is best to use the information found on the isc2.org website. Use this link as a resource that was posted above.
Mike Chappell is giving a different answer...
This is an opportunity to understand how a CISSP would analyze this disconnect.
Mike Chappell, CISSP, is a well known author who wrote the "official study guide". He is employed by Notre Dame University, teaching grad-level cybersecurity. One generally would accept answers he gives to security topics.
Andrea Moore, on the other hand does not hold any certificates (to my knowledge), and does not profess to be a security expert. Her relevant claim-to-fame is being an (ISC)² employee who is charged with managing the community.
With respect to (ISC)² policies, I would pick Andrea's answer over Mikes every time. She is an (ISC)² employee, so in the domain of "(ISC)² policies", her words carry a much stronger weight than a CISSP -- even one of Mike's caliber. Further, Andrea cited an official source, whereas Mike restated in his own words (presumably). And, Andrea's response was current at the time of answering the question whereas Mike was current as of the time that the book was printed.
As a CISSP, when faced with multiple different answers, the job is to pick the best one, not just the first one that is "close enough".
... with apologies to Andrea and/or Mike if I offended.
Thanks for your comments. A year back I wanted to begin the CISSP journey. One of the reasons was the answer given in the CISSP study guide and by Mike deterred me from taking the exam. In the LinkedIn course, Mike mentions the same thing. Thanks for the input.
I wish he could correct it in the book and the video. Not sure why it's not corrected.
Any candidate who has questions about certification experience requirements should refer to the requirements listed on the (ISC)2 website: https://www.isc2.org/Certifications/CISSP/experience-requirements. If they have further questions they should contact Candidate and Member Services at https://www.isc2.org/Contact-Us.
Thanks Andrea, my only concern is that Mike Chappel continues to give an answer that does not match with ISC2 and yet his book is the official study guide. It would be good if someone could contact Mike from ISC2 side to correct this. Statements from Mike seems to be causing confusion.