Home
Academics & The Arts Articles
Study Skills & Test Prep Articles
CISSP Articles

Requirements for CISSP Candidates

By: 
Peter H. Gregory
Lawrence C. Miller
|
Updated:  
2016-09-12 12:30:27
|
From The Book:  
No items found.
Personal Finance For Dummies
Explore Book
CISSP For Dummies
Explore Book
Buy On Amazon
The Certified Information Systems Security Professional (CISSP) candidate must have a minimum of five cumulative years of professional (paid), full-time, direct work experience in two or more of the domains listed here.
  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communication and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security
The work experience requirement is a hands-on one — you can't satisfy the requirement by just having "information security" listed as one of your job responsibilities. You need to have specific knowledge of information security — and perform work that requires you to apply that knowledge regularly. Some examples of full-time information security roles that might satisfy the work experience requirement include (but aren't limited to)
  • Security Analyst
  • Security Architect
  • Security Auditor
  • Security Consultant
  • Security Engineer
  • Security Manager
Examples of information technology roles for which you can gain partial credit for security work experience include (but aren't limited to)
  • Systems Administrator
  • Network Administrator
  • Database Administrator
  • Software Developer
For any of these preceding job titles, your particular work experience might result in you spending some of your time (say, 25 percent) doing security-related tasks. This is perfectly legitimate for security work experience. For example, five years as a systems administrator, spending a quarter of your time doing security-related tasks, earns you 1.25 years of security experience.

Furthermore, you can get a waiver for a maximum of one year of the five-year professional experience requirement if you have one of the following:

  • A four-year college degree (or regional equivalent)
  • An advanced degree in information security from a U.S. National Center of Academic Excellence in Information Assurance Education (CAE/IAE)
  • A credential that appears on the (ISC)2-approved list, which includes more than 40 technical and professional certifications, such as various SANS GIAC certifications, Cisco and Microsoft certifications, and CompTIA Security+.

In the U.S., CAE/IAE programs are jointly sponsored by the National Security Agency and the Department of Homeland Security.

About This Article

This article is from the book: 

No items found.

About the book author:

Peter H. Gregory, CISSP, is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of CISSP For Dummies for more than 20 years.

Lawrence C. Miller, CISSP, is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.

This article can be found in the category: 

CISSP