A little more information on the CISSP requirements might be in order. Nothing scary -- seems routine and straightforward.
It requires a minimum of five years of full-time direct experience working in at least two of the ten CISSP areas of expertise. One year may be waived with a four year university degree: https://www.isc2.org/cissp-professional-experience.aspx One year may be waived if you have a recognized professional certificate -- RHCE and MSCE is included in the list: https://www.isc2.org/credential_waiver/default.aspx (This list also hints at what might be considered 'respectable' professional certifications.) One also needs to do routine things -- answer honestly four questions regarding criminal background, sign up for an exam, pay the required fee, legally agree to the professional code of ethics, and receive endorsement from at least one existing CISSP-certified professional: https://www.isc2.org/cissp-how-to-certify.aspx You may or may not be audited for your claims regarding professional background and experience. But if you're chosen for an audit, all ducks better be lined up in a row, i's dotted, and t's crossed! They also require a minimum of 120 continuing professional education credits -- also known as CPEs -- (see above link for more details) within a 3 year period, but you now need to complete at least 20 credits per year (while still meeting 120 CPEs total within 3 years). One also needs to pay a USD $85/year membership fee to be in good standing for the earned certificate. CPEs may be earned in a variety of ways. Most commonly by attending approved courses, but can be earned through teaching, preparing training course materials, publish articles or books, amongst other things. One also has the option to retake the exam every 3 years in lieu of CPEs, I believe, but the continuing education route is more common. A passing score on the exam is a scaled score of 700 or greater. 'Scaled score' sounds like grading on a curve, doesn't it? :) Scaled score is generally where you assign a relative score according to frequency distribution of raw scores amongst the test participants; most often one that roughly resembles a bell-shaped curve. Granted, I don't know the (ISC)^2's exact means of scaled score distribution, but would seem reasonable to assume it roughly approximates a bell curve in some manner. Implication is that it isn't simply enough to get x of y correct; you've also got to do better than some percentage of your just-as-prepared peers. The (ISC)^2 themselves says 'scaled score of 700 points or greater' at their how-to-certify link above. So we know at least that much. Another option for some people who doesn't already have the requisite experience (but otherwise passes everything else) is to get an associate CISSP certificate. That is good for six years, so if you are able to gain the required experience within that period and submit documentation, it will be converted to a full CISSP certificate. HTH. HAND. <insert other TLAs.> ;-) To those who are now seriously considering obtaining a CISSP certificate as a result of this thread, I'd love to hear from you when you get yours. :-) -Dan _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
