Top of Page
 

CISSP Experience Requirements

Candidates must have a minimum of five years cumulative paid work experience in two or more of the eight domains of the CISSP CBK. Earning a four-year college degree or regional equivalent or an additional credential from the (ISC)² approved list will satisfy one year of the required experience. Education credit will only satisfy one year of experience.

A candidate who doesn’t have the required experience to become a CISSP may become an Associate of (ISC)² by successfully passing the CISSP examination. The Associate of (ISC)² will then have six years to earn the five years required experience.

Work Experience

Your work experience must fall within two or more of the eight domains of the (ISC)² CISSP CBK:

  • Domain 1. Security and Risk Management
  • Domain 2. Asset Security
  • Domain 3. Security Architecture and Engineering
  • Domain 4. Communication and Network Security
  • Domain 5. Identity and Access Management (IAM)
  • Domain 6. Security Assessment and Testing
  • Domain 7. Security Operations
  • Domain 8. Software Development Security

Full-Time Experience: Your work experience is accrued monthly. Thus, you must have worked a minimum of 35 hours/week for four weeks in order to accrue one month of work experience.

Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.

  • 1040 hours of part-time = 6 months of full time experience
  • 2080 hours of part-time = 12 months of full time experience

Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery.

Not Enough Experience?

Start on a pathway to certification with the Associate of (ISC)²!  You can take a certification exam without the work experience. If you pass, you simply work to get the experience needed for certification.

 Learn more

Relevant Education or Certifications Held

You may satisfy one year of required experience through holding one of the following below (you will then need four years of relevant work experience):

  • Four-Year College Degree or Regional Equivalent
    You can substitute a maximum of one year work experience if you hold a four-year college degree or regional equivalent or an advanced degree in information security from the U.S. National Center of Academic Excellence in Information Assurance Education (CAE/IAE).

OR

  • Approved Credential on the (ISC)² Approved List
    You can satisfy one year work experience if you hold one of the approved credentials on the below (ISC)² approved list.
  • Certified Authorization Professional (CAP)
  • Certified Business Continuity Professional
  • Certified Cloud Security Professional (CCSP)
  • Certified Computer Examiner (CCE)
  • Certified Cyber Forensic Professional (CCFP)
  • Certified Ethical Hacker v8 or higher
  • Certified Forensic Computer Examiner (CFCE)
  • Certified Fraud Examiner (CFE)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified Internal Auditor (CIA)
  • Certified Penetration Tester (GPEN)
  • Certified Protection Professional (CPP) from ASIS
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Wireless Security Professional (CWSP)
  • Cisco Certified Network Associate Security (CCNA Security)
  • Cisco Certified Network Professional Security (CCNP Security)
  • Cisco Cyber Security Specialist Program
  • CIW – Security Analyst
  • CIW Web Security Professional
  • CIW Web Security Specialist
  • CompTIA Advanced Security Practitioner (CASP)
  • CompTIA Security+
  • CyberSecurity Forensic Analyst (CSFA)
  • GIAC Certified Enterprise Defender (GCED)
  • GIAC Certified Firewall Analyst (GCFW)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Forensics Examiner (GCFE)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Global Industrial Cyber Security Professional (GICSP)
  • GIAC Information Security Fundamentals (GISF)
  • GIAC Information Security Professional (GISP)
  • GIAC Mobile Device Security Analyst (GMOB)
  • GIAC Penetration Tester (GPEN)
  • GIAC Security Essentials Certificate (GSEC)
  • GIAC Security Leadership Certification (GSLC)
  • GIAC Systems and Network Auditor (GSNA)
  • HealthCare Information Security and Privacy Practitioner (HCISPP)
  • Juniper Networks Certified Internet Expert(JNCIE-SEC)
  • Information Security Management Systems Lead Auditor (IRCA)
  • Information Security Management Systems Principal Auditor (IRCA)
  • Master Business Continuity Professional (MBCP)
  • Microsoft Certified IT Professional (MCITP)
  • Microsoft Certified Solutions Associate (MCSA)
  • Microsoft Certified Systems Engineer (MCSE)
  • Systems Security Certified Practitioner (SSCP)
OK