I heard somewhere that you need 3 years exp in the security field before you
may get CISSP. Is that exp limited to IT security or does any security exp
count? Could anybody tell me how the CISSP requirements work?
NOTE FROM MODERATOR (Clement):
ISC2 will only consider what they call: Professional Experience. Below you
have an extract from their web site on what they consider admissable:
Professional experience includes:
Work requiring special education or intellectual attainment, usually including
a liberal education or college degree.
Work requiring habitual memory of a body of knowledge shared with others doing
similar work.
Management of projects and/or other employees.
Supervision of the work of others while working with a minimum of supervision
of one's self.
Work requiring the exercise of judgement, management decision-making, and
discretion.
Work requiring the exercise of ethical judgement (as opposed to ethical
behavior).
Creative writing and oral communication Teaching, instructing, training and the
mentoring of others
Research and development The specification and selection of controls and
mechanisms (i.e. identification and authentication technology). (It does not
include the mere operation of these controls.)
Applicable titles such as officer, director, manager, leader, supervisor,
analyst, designer, cryptologist, cryptographer, cryptanalyst, architect,
engineer, instructor, professor, investigator, consultant, salesman,
representative, etc. Title may include programmer. It may include administrator
except where it applies to one who simply operates controls under the authority
and supervision of others.
Titles with the words "coder" or "operator" are likely excluded.
