RE: CISSP Question

["Simmons, James" <jsimmons () eds com>]

So here is a thought for everyone.

To qualify for CISSP, you should have at least four years of experience in one of the ten domains. Of which includes 
Physical Security. So with a bit of cramming, your gun cleaning, gate guard of 4 years can be a qualified CISSP with 
next to minimal experience in Information security.
And as per the ISC2 webpage, to qualify experience you need to have done some of the included actions. 
(https://www.isc2.org/cgi-bin/content.cgi?category=1187)

Reactions anyone?

P.S. I am not saying that all gate guards are incapable of being good CISSP's.  I am just pointing out an all too 
common scenario.

Regards,

Simmons

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Florian Rommel
Sent: Wednesday, May 02, 2007 10:53 AM
To: Nicolas villatte; krymson () gmail com; security-basics () securityfocus com
Subject: Re: CISSP Question

I agree with Nicolas here. I definitely wouldn't endorse a Desktop Jockey with 4 years of experience. I already filed 
once a complaint because I know a guy who, because he has some certifications and has worked as a pc support, thinks he 
is qualified to take the exam. His "boss/ partner in crime" was ready to sign off on it. I know for some people a 
certification like the CISSP doesn't mean much but that still shouldn't mean anyone can get in. I had my work 
experience fully documented by all my previous employers  before I took the exam.

Security experience in any of the 10 domains for 4 years doesnt mean that during those 4 years you should have done 
something security related at some point it means that your position was directly security related.

//flosse
http://blog.2blocksaway.com


On 5/2/07 9:47 AM, "Nicolas villatte" <Nicolas.Villatte () chello be> wrote:

> Not really, because 5% of your time involved in security during 4 
> years would give you barely 2 months of experience. I don't know any 
> CISSP who would endorse such a candidate.
>
> https://www.isc2.org/cgi/content.cgi?category=1187
>
> "Applicants must have a minimum of four years of direct full-time 
> security professional work experience in one or more of the ten 
> domains of the (ISC)² CISSP® CBK®."
>
> Regards,
> Nicolas.
>
>
> ----------------------------------------------------------------------
> ------
> --------
>
> Nicolas VILLATTE
>
> CISSP, GCIA, GCIH, GCFA
>
> Sr. Security Management Specialist
>
>
> -----Original Message-----
> From: listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com
> Sent: mardi 1 mai 2007 14:14
> To: security-basics () securityfocus com
> Subject: RE: CISSP Question
>
> Just a quick add, don't overthink the 4 years' experience requirement. 
> You need that experience in any one (or more) of the 10 domains. 
> Honestly, if you're a desktop support jockey for 4 years and you do 
> some sort of security as part of your work (do you manage passwords 
> and/or respond to spyware incidents?), you can still qualify. Realistically, anyone with 4 years'
> experience in IT.