I am a Senior Oracle DBA with 10+ years of experience in multiple Sectors including Telecommunications, Retail and Insurance. I have decided recently to fully transition into Security and currently studying for the CISSP exam. My question is, when I tried to book the exam earlier, I was faced with a question to whether I want to take the Associate route or if I have experience in two of the domains. Now as a Senior DBA, Security was a significant part my every day work, so I have covered Access control, encryption, patching, dealing with vulnerabilities, etc. from the Database Security prospective. My last role was a Database Security Manager responsible for the security of several database technologies and worked exclusively on patching, Policy and Vulnerability compliance. I implemented TDE (Transparent Data Encryption across all databases) and worked on SIEM products such as Arcsight.
I have all the paperwork from HR to prove my years of experiences but I do not know anyone who has CISSP who can vouch for me. So which route do I follow? I feel the Associate route is more designed for graduates with no experience but I am happy for you to correct me if my understanding is incorrect.
I appreciate any help you can offer with this!
If you feel mature and have 5 years experience in 2 of the domains from the CISSP - I do not see a reason for you to not go directly for it. Prepare to provide details about how have you fulfilled the 2 domains for the last 5 years and if all is ok - CISSP should be the one for you.
After pass the exam, associate designation option is used when you haven't security experience in two domains required, and you have 6 years to gain experience in two domains to request the certification. The other option is used to pursuing the certification in a period of 9 months after pass the exam. However, if you don't feel confident to go for the second option, you should go directly to associate until you can clarify whether you cover two domains in the CISSP certification.
Like you I did not know anyone who already had the CISSP who could vouch for me. I took the exam and when looking for the endorsement after passing you have two options, 1 being t have a CISSP to vouch for you, the other is to submit the information to (ISC)2 and they check it over for you.
I did the second option and am pleased to say they verified the evidence and I am now certified.
As You have all the papers needed, why stop at Associate level? As You already noticed, it is oriented towards younger IT specialists who are seeking certification but lack experience.
In Your case You can choose (ISC)2 to review and endorse Your work experience. Anyway You'll get Associate level until Your application will be reviewed 🙂
@Cyberman6877 Thank you for your inquiry. You are correct, the Associate of (ISC)² status is there for individuals who have passed an (ISC)² exam but do not have the required work experience to hold the certification at that time. The Associate of (ISC)² working towards CISSP status will provide individuals with 6 years to obtain the 5 year requirement in 2 of the 8 domains. As long as you have at least 5 years of full-time, paid work experience in at least 2 of the 8 domains, you will be eligible to submit your endorsement for full certification.
If you do not know an (ISC)² member in good standing that will act as your endorser, when completing the endorsement application, you would check the assistance application, where (ISC)² acts are your endorser. The application is the same as the normal endorsement, however, you will be required to submit the proof of employment for (ISC)² to validate.
Please feel free to reach out to me directly at any time.
I think you have enough experience to apply for the CISSP.
In my optinion, you surely covered more than two domains with
your listed work experience.
So, just pass the exam and then apply for the CISSP.
If you do not know any other CISSP for the needed endorsement,
here is the note from https://www.isc2.org/endorsement:
Sorry for the late reply and thank you very much for your help.
One final question if I may. Can I choose the associate route, take the exam (pass it hopefully) and then fill out the necessary forms for experience validation while my status is set to associate?
Many thanks again!
@Cyberman6877 It is my pleasure! Yes, you may absolutely register for the Associate of (ISC)² status prior to taking the exam (this is done during the exam registration process). Once you pass the exam, you will automatically become an Associate and will still be able to submit your endorsement application for review. Once your endorsement has been reviewed and passed, our endorsement team will clear your Associate of (ISC)² status and make you a full CISSP.
I truly recommend you to go with CISSP if you are confident. Or you can attempt CCSP followed by CISSP exam. This can help you to get complete understanding on cyber security practice while your career.
2 certification can boost your credit and later you can select the ultimate specialized certification like CISSP Concentrations - Architecture or CISSP Concentrations - Management. I prefer to go with official certification books and lots of practice of CCSP or CISSP online mock test like edusum and other open mock test providers.
Have a least 2 CISSP books and take regular assessments to see how well you're understanding the material.
My journey to the CCSP was different than most. I had been working hands-on in/with the Public Cloud space for a number of years prior to the CCSP. My primary reference for preparing for the exam was the ISC2 CCSP CBK and practice with almost 2000 plus questions with edusum mock tests