Just thought this to be the best platform to look for clear-cut answer.
I have extensive experience in IT and OT. I have about 7 years of experience in SCADA network. Though I dont have any experience directly related to the domains of CISSP prereq mentioned in the website I have been involved in different technologies like Symantec, Carbonblack and Fireeye implementations and management to some degree. Now my question is I am eligible to sit for CISSP? If not what path do you guys suggest.
I have about 7 years of experience in SCADA network. Though I dont have any experience directly related to the domains of CISSP prereq mentioned in the website I have been involved in different technologies like Symantec, Carbonblack and Fireeye implementations and management to some degree.
Questions like this seem to be asked a lot. It's really hard to say "this industry" or "that job title" qualifies or not. My advice is find a CISSP or two who knows what you do, and ask him or her if your experience qualifies and if so, would they vouch for that with the (ISC)2 if need be.
Now, if it doesn't qualify, there is the associate route, but it would seem as though some sort of job change would be necessary. One of the challenges we've always had in technology is specialization, and that bumps up against the breadth of experience that the CISSP calls for. That's a good thing because security really demands a broad skill set. You have to work details as well as be able to communicate in a board room. The problem is across many industries, we don't foster that kind of experience. We put people in front of a monitor, tell them that if they see a red light, click this button, call them a "security analyst."
I tend to agree with @JoePete without seeing a CV and understanding your education (remember, you can claim1 year's experience for a degree), it makes it difficult but at a minimum, you could definitely do the associate's route.
I come from an ICS environment and would hazard a guess that you have more experience in Security than you might expect.
When you mention the tools, were you responsible for the implementation, configuration, running or analyzing the outputs? Or did you simply watch the installation.
Additionally, look at the Domains of the CISSP. Have you been involved in the Administration of accounts (that is, have you had to approve who has access to what? and where?) Lots to think about.
Have you been involved in ensuring only the right folks gain access to the data generated by systems?
For the CISSP you need to demonstrate five years experience in at least two of the domains, With a BA, four years experience.