I have a question about the work experience I need to take the CISSP exam. I worked from 2009 - 2012 for a company as a security admin, but since then I am working in another line of business. Is there a rule that says that I have to work the last five Years in the field of security?
Thanks a lot
Nope! No such requirement about WHEN the experience took place, only that it's relevant to the domains. More info can be found here - https://www.isc2.org/Certifications/CISSP/experience-requirements
Thank you very much for this information. So I will start my training as a CISSP.
I am an IT auditor with around 4,5 years of external IT audit experience in big fours (ITGCs and IT dependencies audits) as well as nearly a year of IT internal audit experience. I would please like to ask if IT audit experience (i.e assessment of security risks and controls + recommendations and follow-up on associated action plans) qualifies as work experience towards CISSP or if hands-on design, implementation and operation of security controls is required ?
Thanks a lot in advance for your help
You need to work in the industry. Not just security. Please keep in mind all domains really are part of security.
If you work in
Your job description for each job, should have a line in there saying you must protect network ,etc, etc,etc. You need to supply your job descriptions to show proof.
If you have a degree this also counts as a year.
I think the only way experience wouldn't count is if you were not in the IT industry.
Hope this helps.