From the course: ISC2 Certified Information Systems Security Professional (CISSP) (2024) Cert Prep

Meeting the experience requirement

From the course: ISC2 Certified Information Systems Security Professional (CISSP) (2024) Cert Prep

Start my 1-month free trial Buy for my team

Meeting the experience requirement

- [Instructor] One of the reasons the CISSP is so highly regarded is also one of the biggest challenges facing aspiring CISSP candidates, the work experience requirement. Earning the CISSP requires that you prove that you've been employed as an information security professional and that you have practical experience under your belt. Candidates for the CISSP credential must have the equivalent of five years of full-time work experience where they are directly working as security professionals. If you're already working as a full-time security professional, you may be able to simply document your current job to meet that requirement. Full-time experience as accumulated on a monthly basis, and it's defined as working at least 35 hours per week for a month. Any month where you worked at least four 35 hour weeks counts as a month of full-time experience. In a change to past requirements, ISC2 now allows candidates to use part-time work experience to meet the CISSP requirements. This is defined as working in a security position for at least 20 hours per week. Each time that you accumulate 1040 hours of part-time experience, that counts as six months of full-time experience. In another change, ISC2 now allows internships to count as work experience whether they were paid or unpaid. You will need to have documentation from the company or your school confirming your internship experience. In addition to meeting these requirements, your CISSP experience must include positions that covered at least two of the eight domains of information security. You may have two separate jobs that each cover one of the domains, or you may have one job that covers both of the domains. ISC2 offers a waiver program that allows candidates to substitute educational or certification attainment for one of the five years of work experience. You may only use this waiver once and you still must demonstrate at least four years of work experience. There are two paths to earning the waiver. If you have a four year college degree in computer science, IT or a related field, that qualifies you for the waiver or you can earn the waiver if you have a graduate degree in information security from a school recognized as a National Center of Academic Excellence in Information Assurance education. Possession of an information security certification from the ISC2 approved credentials list also qualifies you for the waiver. This lengthy list includes some popular certifications including certified Information Systems Auditor, CISA, certified Information Security Manager, CISM, CompTIA Security+ or CySA+ certification, or ISC2's SSCP or CCSP certification. If you don't currently meet one of these requirements, perhaps the quickest path is to take the CompTIA Security+ certification exam. This is a proctored multiple choice test and you'll find that the questions are very similar in style and content to those on the CISSP exam. If you're ready for CISSP, you're probably also ready for security plus. In addition, I have an entire series of courses on the site that can help prepare you for the security plus exam. Unfortunately, there aren't any shortcuts to the experience requirement other than the one year educational waiver program. You simply must fulfill the experience requirement before earning your CISSP certification. That said, try to think creatively about your present situation. Is there any possibility that your job might meet the direct professional security experience requirements? If it's close but not quite there, can you work with your employer to modify your position so that you're working as a full-time security professional? If you're able to modify your position, you'll still need to rack up at least four years of experience, but at least you'll be on the right path. Finally, you don't need to have all of your experience in hand before you sit for the exam. If you pass the exam without meeting the experience requirement, ISC2 will award you the associate of ISC2 designation. After earning this credential, you'll have six years to accumulate the required work experience. The associate credential may be just the bump you need to land a full-time security position, and then you'll be headed down the road towards CISSP certification. You must be able to prove the experience that you claim, but the process isn't difficult. You'll need to provide a copy of your resume to an ISC2 certified professional in good standing. This person will then verify your experience with your current and or past employers, confirm the experience meets the requirements, and then complete the CISSP applicant endorsement form. If you can't find a certified CISSP in your workplace or professional circles, ISC2 will conduct the endorsement process for you. You'll need to fill out a more detailed endorsement assistance form and you should be aware that this process may take up to six weeks. If you can find someone, you're much better off getting endorsed by a colleague. Once you've completed the process, sit back and wait for your credential to arrive. Some candidates may be randomly selected for an experience audit During this process. If you're selected, you'll have to provide evidence of your experience to ISC2. They'll send you instructions on meeting the requirements of the audit if you're selected. If you don't receive an audit request, the next envelope you open may contain your CISSP credential.

Contents