I received an email this week from someone who is considering taking the CISSP exam but that does not meet the background requirements. The background requirements for full certification per (ISC)² are:
A minimum of five years of direct, full-time, security professional work experience in two or more of the ten domains of the (ISC)²® CISSP Common Body of Knowledge (CBK®). With an approved college degree, this requirement drops to four years of direct, full-time, security professional work experience in two or more of the ten domains.
The question is … what should you do if you do not meet the requirements? While it is true that you could take the SSCP® exam instead, I would argue that the best approach would still be to strive for the CISSP® exam.
Here is why: Taking the exam without having the required background requirements is still possible and would allow you to become an Associate CISSP. Just consider the domains you will need to master:
• Access Control
• Application Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security and Risk Management
• Legal, Regulations, Compliance, and Investigations
• Operations Security
• Physical (Environmental) Security CISSP
• Security Architecture and Design
• Telecommunications and Network Security
Once you master these domains, pass the test, and meet the work requirements, you will be fully certified. In the meantime, you will demonstrate to your employer that you are serious about moving forward with your career. Your associate status will distinguish you from your peers. Most importantly, you will pick up added knowledge and skills that will help you build a solid IT security career. What are you waiting for?
From Michael Gregg
Image source
CISSP, SSCP, (ISC)² and CBK are registered marks of the International Information Systems Security Certification Consortium in
the United States and other countries.
2 Responses to “Certified Information Systems Security Professional (CISSP) Requirements”