• forward arrow
    Main Menu

  • Book & Article Categories

  • forward arrow
    Main Menu

  • Book & Article Categories

Home
Academics & The Arts Articles
Study Skills & Test Prep Articles
CISSP Articles

Requirements for CISSP Candidates

By
Peter H. Gregory
Lawrence C. Miller
Updated
2016-09-12 12:30:27
From the book
No items found.
Share
Personal Finance For Dummies
Explore Book
CISSP For Dummies
Explore Book
Buy NowSubscribe on Perlego
Personal Finance For Dummies
Explore Book
CISSP For Dummies
Explore Book
Buy NowSubscribe on Perlego
The Certified Information Systems Security Professional (CISSP) candidate must have a minimum of five cumulative years of professional (paid), full-time, direct work experience in two or more of the domains listed here.
  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communication and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security
The work experience requirement is a hands-on one — you can't satisfy the requirement by just having "information security" listed as one of your job responsibilities. You need to have specific knowledge of information security — and perform work that requires you to apply that knowledge regularly. Some examples of full-time information security roles that might satisfy the work experience requirement include (but aren't limited to)
  • Security Analyst
  • Security Architect
  • Security Auditor
  • Security Consultant
  • Security Engineer
  • Security Manager
Examples of information technology roles for which you can gain partial credit for security work experience include (but aren't limited to)
  • Systems Administrator
  • Network Administrator
  • Database Administrator
  • Software Developer
For any of these preceding job titles, your particular work experience might result in you spending some of your time (say, 25 percent) doing security-related tasks. This is perfectly legitimate for security work experience. For example, five years as a systems administrator, spending a quarter of your time doing security-related tasks, earns you 1.25 years of security experience.

Furthermore, you can get a waiver for a maximum of one year of the five-year professional experience requirement if you have one of the following:

  • A four-year college degree (or regional equivalent)
  • An advanced degree in information security from a U.S. National Center of Academic Excellence in Information Assurance Education (CAE/IAE)
  • A credential that appears on the (ISC)2-approved list, which includes more than 40 technical and professional certifications, such as various SANS GIAC certifications, Cisco and Microsoft certifications, and CompTIA Security+.

In the U.S., CAE/IAE programs are jointly sponsored by the National Security Agency and the Department of Homeland Security.

About This Article

This article is from the book: 

No items found.

About the book author:

Peter H. Gregory, CISSP, is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of CISSP For Dummies for more than 20 years.

Lawrence C. Miller, CISSP, is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.

This article can be found in the category: 

CISSP
No items found.

Get a Subscription