Hi everyone,
This has been a concern for me, for sometime now (Almost two years). I am getting conflicting information regarding the requirements to get CISSP certified. According to Mike Chapple (Author of one of the resources) he is giving this answer "You need to have five years of cybersecurity experience to earn CISSP. I’d suggest starting with Security+"
Here mentions that "Cybersecurity experience" not just IT experience.
Who is correct here? I have second thoughts of taking the exam because of this. I have more than 14 years of experience. When I checked with other two CISSP certified individuals, they point out that you need experience in any one of the domains not "cybersecurity" specifically.
No, I wouldn't say you're "in the dark" as you know your experience best and can read the CISSP requirements to know if you meet them. As an organization, (ISC)² cannot tell you prior to testing with 100% certainty that you qualify, because the formal review process must still be done for your experience, background qualifications and endorsement from another certified member.
And since I'm not in that department, I don't want you to misunderstand my opinion of your experience as an official endorsement.
If anyone is able to pass the CISSP exam and but falls short of the experience requirements, they become an Associate of (ISC)² and have up to 6 years to earn the required experience. Once you earn it, you let us know and then you become a CISSP-certified member based on your already-passed exam.
Thanks for the response. I think we seem to going in circles. CISSP says you need certain requirements to take the exam. If the candidate thinks they qualify based on the criteria, ISC2 still decides whether the CISSP should be awarded.
Any rate I see process to be very vague/ambiguous. Just my take. Probably I am misunderstanding the endorsement process. It is a lot of commitment in terms of money and time for an aspiring CISSP. If ISC2 cannot guarantee that a candidate is qualified to take the exam then not sure how this works....
Thanks again!
it's not going into circle.
Just to be clear on your statement. You have mentioned "CISSP says you need certain requirements to take the exam", it's not entirely correct.
I rephrase a bit "ISC2 never says you need certain requirements to take the exam".
it's a "big" difference, I have experienced on other security certification from other certification body (I don't name it here) which I need to provide "proof" I have sufficient year of experience ( the certification Body will need to perform reference check on my "eligibility application") before I can be eligibility to take the exam. I need to pay for this "eligibility application" and then pay for the exam later. I am not commenting who is good or bad here.
ISC2 never said you need to may any requirement to take the exam, however, to be "certified" in CISSP, you need to have meet the experience requirement and endorsed by either ISC2 member or ISC2 can endorse you after you have provisoning pass the CISSP exam..
Regardless of experience, you can still take the CISSP and Kaity ( in good faith) has also indicated your experience observed from Linkedin seem able to match the requirement (without "official" stamp of course)
The official stamp can only be granted after you have submitted your application after you have provisional pass the exam and being endorsed.
If you believe you are qualified in term of knowledge and domain working experience, then just prepare for the exam and go for it.
Even you are not fully meeting year of experience required for certification, you still can go for the exam and enter the "associate" path, and certification of CISSP will defer a bit until you have earn the require year of experience.
I know it could be confusing in the very beginning and you come to the right forum where you got the right support already. (I wish I did this early, asking the right people for certification).
You have got nothing to lose in my opinion. If you are serious, I encourage you just go for it.
Hope this help.
Thanks John.
You are welcome.
Like you, I wish I could have asked the same question and got guidance from experience professional 10 year ago, then maybe I could be more successful ( at least my journey can start earlier).
Anyway, it's never too late. Good luck.