Читать книгу CISSP For Dummies - Peter H. Gregory - Страница 13

The CISSP candidate must have a minimum of the equivalent of five cumulative years of professional (paid), full-time, direct work experience in two or more of the domains listed in the preceding section. Full-time experience is accrued monthly and requires full-time employment for a minimum of 35 hours per week and 4 weeks per month to get credit for 1 month of full-time work experience. Part-time experience can also be credited if you are employed fewer than 35 hours per week but at least 20 hours per week; 1,040 hours of part-time experience would be the equivalent of 6 months of full-time experience. Credit for work experience can also be earned for paid or unpaid internships. You’ll need documentation from the organization confirming your experience or from the registrar if you’re interning at a school.

The work experience requirement is a hands-on one; you can’t satisfy the requirement just by having “information security” listed as one of your job responsibilities. You need to have specific knowledge of information security and to perform work that requires you to apply that knowledge regularly. Some examples of full-time information security roles that might satisfy the work experience requirement include (but aren’t limited to)

 Security analyst

 Security architect

 Security auditor

 Security consultant

 Security engineer

 Security manager

Examples of information technology roles for which you can gain partial credit for security work experience include (but aren’t limited to)

 Systems administrator

 Network administrator

 Database administrator

 Software developer

For any of these preceding job titles, your particular work experience might result in your spending some of your time (say, 25 percent) doing security-related tasks. This is legitimate for security work experience. Five years as a systems administrator, for example, spending a quarter of your time doing security-related tasks, earns you 1.25 years of security experience.

Furthermore, you can get a waiver for a maximum of one year of the five-year professional experience requirement if you have one of the following:

 A four-year college degree (or regional equivalent)

 An advanced degree in information security from one of the National Centers of Academic Excellence in Cyber Defense (CAE-CD)

 A credential that appears on the (ISC)2-approved list, which includes more than 45 technical and professional certifications, such as various SANS GIAC certifications, Cisco and Microsoft certifications, and CompTIA Security+ (For the complete list, go to https://www.isc2.org/Certifications/CISSP/Prerequisite-Pathway.)

See Chapter 2 to learn more about relevant certifications on the (ISC)²-approved list for an experience waiver.

In the U.S., CAE-CD programs are jointly sponsored by the National Security Agency and the Department of Homeland Security. For more information, go to www.nsa.gov/resources/educators/centers-academic-excellence/cyber-defense.

If you don’t have the minimum required experience to become a CISSP, you can still take the CISSP certification exam and become an associate of (ISC)². Then you’ll have six years to meet the minimum experience requirement and become a fully certified CISSP.