Security Basics mailing list archives

Re: CISSP Question

From: Florian Rommel <frommel () gmail com>
Date: Wed, 02 May 2007 20:53:00 +0300

I agree with Nicolas here. I definitely wouldn't endorse a Desktop Jockey
with 4 years of experience. I already filed once a complaint because I know
a guy who, because he has some certifications and has worked as a pc
support, thinks he is qualified to take the exam. His "boss/ partner in
crime" was ready to sign off on it. I know for some people a certification
like the CISSP doesn't mean much but that still shouldn't mean anyone can
get in. I had my work experience fully documented by all my previous
employers  before I took the exam.

Security experience in any of the 10 domains for 4 years doesnt mean that
during those 4 years you should have done something security related at some
point it means that your position was directly security related.

//flosse
http://blog.2blocksaway.com


On 5/2/07 9:47 AM, "Nicolas villatte" <Nicolas.Villatte () chello be> wrote:

Not really, because 5% of your time involved in security during 4 years
would give you barely 2 months of experience. I don't know any CISSP who
would endorse such a candidate.

https://www.isc2.org/cgi/content.cgi?category=1187

"Applicants must have a minimum of four years of direct full-time security
professional work experience in one or more of the ten domains of the (ISC)²
CISSP® CBK®."

Regards,
Nicolas.


----------------------------------------------------------------------------
--------

Nicolas VILLATTE 

CISSP, GCIA, GCIH, GCFA

Sr. Security Management Specialist


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of krymson () gmail com
Sent: mardi 1 mai 2007 14:14
To: security-basics () securityfocus com
Subject: RE: CISSP Question

Just a quick add, don't overthink the 4 years' experience requirement. You
need that experience in any one (or more) of the 10 domains. Honestly, if
you're a desktop support jockey for 4 years and you do some sort of security
as part of your work (do you manage passwords and/or respond to spyware
incidents?), you can still qualify. Realistically, anyone with 4 years'
experience in IT.

Current thread:

RE: CISSP Question krymson (May 01)
- RE: CISSP Question Chris Smith (May 01)
- RE: CISSP Question Nicolas villatte (May 02)
  - Re: CISSP Question Florian Rommel (May 02)
    - RE: CISSP Question Simmons, James (May 02)
    - Re: CISSP Question Florian Rommel (May 02)
    - RE: CISSP Question Al Gettier (May 02)
    - RE: CISSP Question Simmons, James (May 02)
    - RE: CISSP Question Kelly, Robert L (Lee) (May 03)
    - RE: CISSP Question David Gillett (May 02)
- <Possible follow-ups>
- Re: Re: CISSP Question nomail (May 01)
- RE: CISSP Question David Gillett (May 01)
- RE: CISSP Question Craig Wright (May 02)
- RE: CISSP Question Craig Wright (May 02)

(Thread continues...)