cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
fedoracore123
Newcomer III

What exactly is the requirement for getting CISSP certified

Hi everyone, 

 

This has been a concern for me, for sometime now (Almost two years). I am getting conflicting information regarding the requirements to get CISSP certified. According to Mike Chapple (Author of one of the resources) he is giving this answer "You need to have five years of cybersecurity experience to earn CISSP. I’d suggest starting with Security+" 

 

Here mentions that "Cybersecurity experience" not just IT experience. 

 

Who is correct here? I have second thoughts of taking the exam because of this. I have more than 14 years of experience. When I checked with other two  CISSP certified individuals, they point out that you need experience in any one of the domains not "cybersecurity" specifically.

 

 

24 Replies
denbesten
Community Champion

IMHO "five years of cybersecurity experience" seems like a good one-sentence summary of the requirements as laid forth on the official web site.  

 

If you feel a correction is needed to any book, the general process is to contact the publisher, so it can be added to the errata.  In this case, here is the publisher's Contact info (wiley.com) and the current errata for the book.

 

fedoracore123
Newcomer III

This again is a wrong interpretation. Cybersecurity is not must. Its just IT domains. I hope people stop interperting like this. It's causing a roadblock to prospective test takers...

MikeChapple
Viewer II

Hi folks,

 

This thread was just brought to my attention and I'd like to clarify.  The statements that I make in the Official Study Guide and my LinkedIn Learning courses are correct.  To earn your CISSP, you must have five years of experience in cybersecurity (with an exception if you qualify for the one-year experience waiver).

 

The only statement (ISC)2 has made here is referring people to the website that contains the detailed requirements.  That does not contradict what I've said.  To quote directly from the website: "Candidates must have a minimum of five years cumulative paid work experience in two or more of the eight domains of the CISSP CBK."

 

The eight domains of the CISSP CBK are the eight domains of cybersecurity.  Therefore, you must have five years of experience in cybersecurity to earn the CISSP. 

 

Someone here made the statement that you just have to have five years of IT experience.  This is not correct. If you have IT experience that does not match one of the eight domains of cybersecurity, it does not qualify as required experience for the CISSP.

 

Best regards,

Mike

fedoracore123
Newcomer III

Thanks Mike, do you think I qualify for taking the CISSP exam? Here is my profile. Just to get some clarity. https://www.linkedin.com/in/binoy-chacko-105623a/ Most of the CISSP professionals that I check with are saying I qualify, I just want to hear your take.    Please let me know your thoughts as well. Personally think this needs clarity. 

 

Here is my detailed resume as well.

Kaity
Community Manager

Hello @fedoracore123!

 

I just took a look at your LinkedIn. Please keep in mind that even though I work at (ISC)², this is my opinion and not an official endorsement 😉

 

Since you have a degree in electronics engineering, that waives one year of the required experience for CISSP. So, you only need 4 years in any 2 of the 8 domains

  • Domain 1. Security and Risk Management
  • Domain 2. Asset Security
  • Domain 3. Security Architecture and Engineering
  • Domain 4. Communication and Network Security
  • Domain 5. Identity and Access Management (IAM)
  • Domain 6. Security Assessment and Testing
  • Domain 7. Security Operations
  • Domain 8. Software Development Security

In looking at your LinkedIn, I don't think you should have any issue qualifying your experience in the endorsement process. 

fedoracore123
Newcomer III

Thanks! just what exactly is this "Cybersecurity" what Mike Chappell is emphasizing? He has responded to the thread. I think the terminology is causing confusion. 

Kaity
Community Manager

Sure! I believe what Mike is saying is that it's not simply "five years of IT work" - but experience within the specific domains - which I listed in my last post - of the CISSP. You need to have job experience in at least two of those domains (looking at your LinkedIn, my guess for you is that you have experience in Communication and Network Security and Security Operations at least). 

 

When he says "Cybersecurity" - he means the domains, specifically for that certification. 

 

Other (ISC)² certifications have different domains and different experience requirements, so it's not as generic as simply "IT experience." I hope that makes sense!

fedoracore123
Newcomer III

Thanks. So, after looking at my resume and profile. I should definitely qualify for the exam right? Kindly confirm, It's a considerable investment time and money for this exam. I don't want to waste my time in pursuing something that I am not qualified to. 

Kaity
Community Manager

Hi @fedoracore123 - as I said before, I can't promise that. You'll still need to go through the endorsement process after you pass the exam and have your experience verified by the team that is responsible for that process. But from your LinkedIn page, it looks good!

fedoracore123
Newcomer III

So basically any candidate taking the exam is in the dark till the endorsement works. Just curious what is the whole purpose so asking candidates if they qualify to take the exam? 

 

Appreciate your response. I haven't still heard from Mike as to my eligibility to take the exam.