CISSP Experience Requirements
Candidates must have a minimum of five years cumulative, full-time experience in two or more of the eight domains of the current CISSP Detailed Content Outline (DCO). Earning a post-secondary degree (bachelors or masters) in computer science, information technology (IT) or related fields may satisfy up to one year of the required experience or an additional credential from the ISC2 approved list may satisfy up to one year of the required experience. Part-time work and internships may also count towards the experience requirement.
A candidate who doesn't have the required experience to become a CISSP may become an Associate of ISC2 by successfully passing the CISSP examination. The Associate of ISC2 will then have six years to earn the five years required experience.
Work Experience
Your work experience must fall within two or more of the eight domains of the ISC2 CISSP CBK:
- Domain 1. Security and Risk Management
- Domain 2. Asset Security
- Domain 3. Security Architecture and Engineering
- Domain 4. Communication and Network Security
- Domain 5. Identity and Access Management (IAM)
- Domain 6. Security Assessment and Testing
- Domain 7. Security Operations
- Domain 8. Software Development Security
Full-Time Experience: Your work experience is accrued monthly. Thus, you must have worked a minimum of 35 hours/week for four weeks in order to accrue one month of work experience.
Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.
- 1040 hours of part-time = 6 months of full time experience
- 2080 hours of part-time = 12 months of full time experience
Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar's stationery.

Not Enough Experience?
Relevant Education or Certifications Held
You may satisfy one year of required experience through holding one of the following below (you will then need four years of relevant work experience):
Four-Year College Degree or Regional Equivalent
You can substitute a maximum of one year of work experience if you hold one of the following:
- A four-year college degree or regional equivalent
- An advanced degree in information security from the U.S. National Center of Academic Excellence in Information Assurance Education (CAE/IAE).
OR
Approved Credential on the ISC2 Approved List
You can satisfy one year work experience if you hold one of the approved credentials on the below ISC2 approved list.
|
|