Terry,
One thing you want to keep in mind when self evaluating your "Years" of
experience. The CISSP exam covers 10 domains of security. The requirement
states:
"Have a minimum of four years of direct full-time security professional work
experience in one or more of the ten domains of the (ISC)² CISSP® CBK® or three
years of direct full-time security professional work experience in one or more
of the ten domains of the CISSP® CBK® with a college degree.
Additionally, a Master's Degree in Information Security from a National Center
of Excellence can substitute for one year toward the four-year requirement."
There is "NO" requirement to have any specific amount of purely "IT"
experience in general. The CISSP certification is actually perceived as and
focused toward more of a security "management" certification rather than a
hands-on technical certification. Most of the CISSP's I know are senior
management folks with no specific IT role. They are CSO's, CISO's, security
auditors & consultants etc. Years ago when I took the exam, very few of the
people taking the exam were folks with only an "IT" background.
Sometimes security gurus types within a specific area of expertise, with
experience 20 layers deep may not have had a chance to gain enough breadth or
exposure into the other domains to fair well on the exam. (There are many
exceptions to this I know, all you security folks out there that learned
security when the kernel was being invented, please forgive the generalization,
your experience is just not the background of most CISSPs I know~;0)
So, the above is a long way around suggesting that in your pursuit for trying
to meet the "years" of experience requirement, be sure to review what is
covered in all 10 domains, as it sounds like you may already have some met,
depending on whether your teaching experience in IT included security courses,
whether your management experience deals with any of the 10 domains, etc.
Especially since I am not sure how ISC2 evaluates volunteer experience you are
looking to gather. The term "security professional work" listed in the
requirement above is a fairly broad term, and it may be best to review each of
the 10 domains to understand what may count or not, and it may help to check
with ISC2.
A person with the CISSP designation is expected to have at least a working
knowledge and familiarity of the entire breadth of the 10 domains with areas of
expertise or depth in at least one or more domains.
From my expereince, having an understanding of all 10 domains and their
impact/effect on the business, are generally found as the minimum experience
requirement for most CSO's, consultants and senior level security folks.~
cheers & best of luck in your pursuit,
joan~
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/CISSP-Discuss/
<*> To unsubscribe from this group, send an email to:
CISSP-Discuss-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
