With experience requirements for certs like CISSP, is there a general rule-of-thumb of what constitutes acceptable...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Actually, ISC-squared is pretty specific on this subject. Your three years of relevant on-the-job experience must pertain directly to one or more of the 10 domains in the CISSP Common Body of Knowledge (CBK):
- Access Control Systems & Methodology
- Applications & Systems Development
- Business Continuity Planning
- Law, Investigation & Ethics
- Operations Security
- Physical Security
- Security Architecture & Models
- Security Management Practices
- Telecommunications, Network & Internet Security
Here's what it says on the site about those requirements:
"Have a minimum three years of direct full-time security professional work experience in one or more of the ten test domains of the information systems security Common Body of Knowledge (CBK). Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, vendor, investigator or instructor, or that which requires IS security knowledge and involves direct application of that knowledge."
Also, on Jan. 1, 2003 these requirements change; see https://www.isc2.org/cgi-bin/content.cgi?page=157 for more info.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Qualification assessment for the CISSP
Ask the Expert: How to obtain hands-on experience in security
Ask the Expert: The advantages of work-related security experience
Dig Deeper on Security Resources
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.