(ISC)² CISSP

The CISSP experience waiver [updated 2022]

March 3, 2022 by Greg Belding

The Certified Information Systems Security Professional, or CISSP, is an information security certification hosted by the International Information System Security Certification Consortium, or (ISC)². To earn this certification, candidates have a relatively steep professional experience requirement compared to other certifications in the proverbial information security market. Luckily, certification candidates will have the opportunity to forgo some of that experience requirement with the CISSP experience waiver. 

The CISSP professional experience requirement may seem daunting use this article to help determine if you can waive some of that experience requirement.

A little about CISSP

The CISSP certification is for cybersecurity professionals who want to go above and beyond incident response and other foundational cybersecurity skills. This certification verifies that the certification holder can design, implement and manage an effective, best-in-class cybersecurity program. Check out our other articles to learn more about the exam format and its Computerized Adaptive Testing format.

CISSP experience requirement

As mentioned earlier, certification candidates will need to satisfy the experience required to earn the CISSP certification. The standard CISSP experience requirement is that candidates must have acquired at least five years of paid work (that is cumulative) in any two or more of the CISSP CBK domains. With a total of eight possible domains to gain experience in, this certification applies to a variety of different cybersecurity professional roles, such as:

  • Chief information security officer
  • Chief information officer
  • Director of security
  • IT director/manager
  • Security systems engineer
  • Security analyst
  • Security manager
  • Security auditor
  • Security architect
  • Security consultant
  • Network architect

Despite this relative flexibility regarding the paid work experience within the cybersecurity sphere, the five years of cumulative paid work experience is prohibitive to some and burdensome to many. With the above being said, it needs to be balanced with the reality that this certification is intended for cybersecurity professionals who have invested at least five years into their careers. Thankfully for those who do not have quite enough paid, cumulative work experience to meet this requirement, there is still a way to meet it.

The CISSP experience waiver

CISSP certification candidates have the option of using the CISSP experience waiver. This waiver allows for one year of the experience requirement being reduced by earning a four-year degree or one of the credentials on the list of (ISC)² approved credentials. Much like how double dipping is not allowed in polite social situations, It should be noted that the experience waiver will only satisfy one year of the CISSP experience requirement. So even if you have both a four-year degree and one of the approved credentials, you will only receive one year for your waiver.

Here is the list of (ISC)² approved credentials that satisfy the CISSP experience waiver:

  • AWS Certified Security – Specialty
  • Certified Authorization Professional (CAP)
  • Certified Business Continuity Professional
  • Certified Cloud Security Professional (CCSP)
  • Certified Computer Examiner (CCE)
  • Certified Ethical Hacker v8 or higher
  • Certified Forensic Computer Examiner (CFCE)
  • Certified Fraud Examiner (CFE)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified Internal Auditor (CIA)
  • Certified Penetration Tester (GPEN)
  • Certified Protection Professional (CPP) from ASIS
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Wireless Security Professional (CWSP)
  • Cisco Certified CyberOps Associate/Professional
  • Cisco Certified Internetwork Expert (CCIE) Security
  • Cisco Certified Network Associate Security (CCNA Security)
  • Cisco Certified Network Professional Security (CCNP Security)
  • CIW Web Security Professional
  • CIW Web Security Specialist
  • CompTIA Advanced Security Practitioner (CASP+)
  • CompTIA CySA+
  • CompTIA PenTest+
  • CompTIA Security+
  • Computer Hacking Forensic Investigator (CHFI)
  • EC-Council Certified SOC Analyst (CSA)
  • GIAC Certified Enterprise Defender (GCED)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Forensics Examiner (GCFE)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Continuous Monitoring Certification (GMON)
  • GIAC Cyber Threat Intelligence (GCTI)
  • GIAC Global Industrial Cyber Security Professional (GICSP)
  • GIAC Information Security Fundamentals (GISF)
  • GIAC Information Security Professional (GISP)
  • GIAC Mobile Device Security Analyst (GMOB)
  • GIAC Penetration Tester (GPEN)
  • GIAC Security Essentials Certificate (GSEC)
  • GIAC Security Leadership Certification (GSLC)
  • GIAC Strategic Planning, Policy, and Leadership (GSTRT)
  • GIAC Systems and Network Auditor (GSNA)
  • HealthCare Information Security and Privacy Practitioner (HCISPP)
  • Information Security Management Systems Lead Auditor (IRCA)
  • Information Security Management Systems Principal Auditor (IRCA)
  • Juniper Networks Certified Internet Expert (JNCIE-SEC)
  • Master Business Continuity Professional (MBCP)
  • Microsoft 365 Certified Enterprise Administrator Expert
  • Offensive Security Certified Professional/Expert (OSCP/E)
  • Systems Security Certified Practitioner (SSCP)

Attaining the CISSP certification

CISSP is a versatile cybersecurity certification that requires certification candidates to have at least five years of cumulative, paid work experience in at least two of the eight domains of knowledge. Candidates can forgo one of these years of experience by using the CISSP experience waiver.

While this will not be a large reduction in the years of experience required, it may help you pass the threshold and pursue the certification. 

 

Sources

  1. CISSP Certification Exam Outline, (ISC)²
  2. CISSP Experience Requirements (ISC)²
Posted: March 3, 2022
Author
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.

Leave a Reply

Your email address will not be published.