You Must Be This Tall to Ride (and Other Requirements)

The CISSP candidate must have a minimum of five cumulative years of professional, full-time, direct work experience in two or more of the domains listed in the preceding section. The work experience requirement is a hands-on one — you can’t satisfy the requirement by just having “information security” listed as one of your job responsibilities. You need to have specific knowledge of information security — and perform work that requires you to apply that knowledge regularly.

However, you can get a waiver for a maximum of one year of the five-year professional experience requirement if you have one of the following:

A four-year college degree

An advanced degree in information security from a U.S. National Center of Academic Excellence in Information Assurance Education (CAEIAE) or a regional equivalent

A credential that appears on the (ISC)2–approved list, which includes more than 30 technical and professional certifications, such as various SANS GIAC certifications, Microsoft certifications, and CompTIA Security+ (For the complete list, go to www.isc2.org/credential_waiver/default.aspx .)

In the U.S., CAEIAE programs are jointly sponsored by the National Security Agency and the Department of Homeland Security. For more information, go to www.nsa.gov/ia/academic_outreach/nat_cae/index.shtml .