I am an Information Systems student currently taking Security for Organizations as my area of specialization. Am I required to have work experience in the IT security field to take the CISSP exam?
Let me quote from the CISSP applicant requirements:
"Have a minimum four years of direct full-time security professional work experience in one or more of the ten test domains of the information systems security Common Body of Knowledge (CBK) or three years of direct full-time security professional work experience in one or more of the ten test domains of the information systems security Common Body of Knowledge (CBK) with a college degree or equivalent life experience. Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, vendor, investigator or instructor, or that which requires IS security knowledge and involves direct application of that knowledge."
To begin my reply to your query, the words "direct full-time security professional work experience" already suggest that a degree by itself is not enough, but the statement "three years of direct full-time security professional work experience in one or more of the ten test domains of the information systems security Common Body of Knowledge (CBK) with a college degree or equivalent life experience" is pretty conclusive that real-world on-the-job experience is absolutely required in addition to the degree program you're pursuing. On the other hand, if you can make a case that part-time work or unpaid research work counts as "on the job experience" you might be able to appeal to them for special treatment.
I just talked to a very helpful guy at ISC-squared and learned that my surmise is correct: it's highly unlikely that you can replace more than one year of the four-year requirement with academic studies right now, because of the extreme importance of hands-on, in the trenches, on-the-job experience in working with security. Feel free to file your own appeal or to raise the question directly with them if you like, but I'm pretty sure you'll get the same response I'm giving you now (just having talked it through with Phil Wind of ISC-squared by phone). You will find contact information for the group at https://www.isc2.org/cgi-bin/contact.cgi.
Thanks for your inquiry. Good luck with your certification pursuits.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: How to become a CISSP
Ask the Expert: Online study resources for CISSP
Ask the Expert: Experience qualifications for CISSP
Dig deeper on CISSP Certification
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.