CISSP For Dummies
Book image
Explore Book Buy On Amazon
The Certified Information Systems Security Professional (CISSP) candidate must have a minimum of five cumulative years of professional (paid), full-time, direct work experience in two or more of the domains listed here.
  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communication and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security
The work experience requirement is a hands-on one — you can't satisfy the requirement by just having "information security" listed as one of your job responsibilities. You need to have specific knowledge of information security — and perform work that requires you to apply that knowledge regularly. Some examples of full-time information security roles that might satisfy the work experience requirement include (but aren't limited to)
  • Security Analyst
  • Security Architect
  • Security Auditor
  • Security Consultant
  • Security Engineer
  • Security Manager
Examples of information technology roles for which you can gain partial credit for security work experience include (but aren't limited to)
  • Systems Administrator
  • Network Administrator
  • Database Administrator
  • Software Developer
For any of these preceding job titles, your particular work experience might result in you spending some of your time (say, 25 percent) doing security-related tasks. This is perfectly legitimate for security work experience. For example, five years as a systems administrator, spending a quarter of your time doing security-related tasks, earns you 1.25 years of security experience.

Furthermore, you can get a waiver for a maximum of one year of the five-year professional experience requirement if you have one of the following:

  • A four-year college degree (or regional equivalent)
  • An advanced degree in information security from a U.S. National Center of Academic Excellence in Information Assurance Education (CAE/IAE)
  • A credential that appears on the (ISC)2-approved list, which includes more than 40 technical and professional certifications, such as various SANS GIAC certifications, Cisco and Microsoft certifications, and CompTIA Security+.

In the U.S., CAE/IAE programs are jointly sponsored by the National Security Agency and the Department of Homeland Security.

About This Article

This article is from the book:

About the book authors:

Lawrence Miller, CISSP, is a security consultant with experience in consulting, defense, legal, nonprofit, retail, and telecommunications. Peter H. Gregory, CISSP, is an executive advisor at a global security advisory firm. He is also a cybersecurity advisor and adjunct instructor for the University of Washington and the University of South Florida and the author of more than 40 books.

This article can be found in the category: