|
Security Basics
mailing list archives
RE: CISSP Question
From: "Simmons, James" <jsimmons () eds com>
Date: Wed, 2 May 2007 14:57:42 -0500
So here is a thought for everyone.
To qualify for CISSP, you should have at least four years of experience in one of the ten domains. Of which includes
Physical Security. So with a bit of cramming, your gun cleaning, gate guard of 4 years can be a qualified CISSP with
next to minimal experience in Information security.
And as per the ISC2 webpage, to qualify experience you need to have done some of the included actions.
(https://www.isc2.org/cgi-bin/content.cgi?category=1187)
Reactions anyone?
P.S. I am not saying that all gate guards are incapable of being good CISSP's. I am just pointing out an all too
common scenario.
Regards,
Simmons
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Florian Rommel
Sent: Wednesday, May 02, 2007 10:53 AM
To: Nicolas villatte; krymson () gmail com; security-basics () securityfocus com
Subject: Re: CISSP Question
I agree with Nicolas here. I definitely wouldn't endorse a Desktop Jockey with 4 years of experience. I already filed
once a complaint because I know a guy who, because he has some certifications and has worked as a pc support, thinks he
is qualified to take the exam. His "boss/ partner in crime" was ready to sign off on it. I know for some people a
certification like the CISSP doesn't mean much but that still shouldn't mean anyone can get in. I had my work
experience fully documented by all my previous employers before I took the exam.
Security experience in any of the 10 domains for 4 years doesnt mean that during those 4 years you should have done
something security related at some point it means that your position was directly security related.
//flosse
http://blog.2blocksaway.com
On 5/2/07 9:47 AM, "Nicolas villatte" <Nicolas.Villatte () chello be> wrote:
Not really, because 5% of your time involved in security during 4
years would give you barely 2 months of experience. I don't know any
CISSP who would endorse such a candidate.
https://www.isc2.org/cgi/content.cgi?category=1187
"Applicants must have a minimum of four years of direct full-time
security professional work experience in one or more of the ten
domains of the (ISC)² CISSP® CBK®."
Regards,
Nicolas.
----------------------------------------------------------------------
------
--------
Nicolas VILLATTE
CISSP, GCIA, GCIH, GCFA
Sr. Security Management Specialist
-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com
Sent: mardi 1 mai 2007 14:14
To: security-basics () securityfocus com
Subject: RE: CISSP Question
Just a quick add, don't overthink the 4 years' experience requirement.
You need that experience in any one (or more) of the 10 domains.
Honestly, if you're a desktop support jockey for 4 years and you do
some sort of security as part of your work (do you manage passwords
and/or respond to spyware incidents?), you can still qualify. Realistically, anyone with 4 years'
experience in IT.
 By Date 
By Thread
Current thread:
|
Intro
