cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Newcomer II

CISSP experience waiver vs. CSSLP/CCSP requirements

Good day,

I was looking at the portfolio of certifications offered to check what kind of degree can be used as an experience waiver and I noticed something strange. The CISSP certification offers a one-year waiver for persons already holding other credentials, including SSCP, under the "Prerequisite Pathway" offer. However, no other certification allows this, putting 1) SSCP worth two years instead of one for the CISSP track and 2) CISSP and CSSLP on the same level when considering "experience required", but not on the same level of benefits for persons interested in securing software architecture. Furthermore, CISSP is listed as a prerequisite waiver for CCSP, unlike CSSLP, despite them being otherwise on par with experience required for any person for whom the CISSP was not the first InfoSec certification pursued. Even though I understand the CSSLP is a niché certification for people who actively endorse cyber security rules in application development, this basically puts it WAY behind compared to CISSP, as they both have identical worktime experience (not considering having an IT degree) and the CSSLP domains are already contained in two or three domains of CISSP. Is this on purpose? Or was there supposed to be a "Prerequisite Pathway" for CSSLP that got dropped off later in the proces? And if so, will it be coming again one day?

2 Replies
Highlighted
Moderator

Re: CISSP experience waiver vs. CSSLP/CCSP requirements

@Illsteward Thank you for your inquiry. Please note, this was done on purpose, unfortunately, I am not able to discuss why. I will be happy to bring your feedback to management for review.

 

Best Regards,

Amanda Vance

Highlighted
Newcomer II

Re: CISSP experience waiver vs. CSSLP/CCSP requirements

Thank you @amandavanceISC2 for your reply. I just find it really sad, because it devaluates the CSSLP, or rather, it bascially tells anyone willing to take the exam that "this is a dead end". All while the scope and domains of the certificates are different enough. It simply seems like an operation overseer (CISSP suggested role) can have much less experience and still get much higher than a software engineer with hands-on security development experience (CSSLP suggested role).