RE: CISSP Question

[krymson () gmail com]

That guard may qualify, but remember he will still have passed a test that goes over 9 domains he may not have been 
familiar with due to his job. If he passed, even if he crammed and memorized, he still has a decent foundation to work 
on and some guidelines on what to expect.

If a security guard has the drive and interest and ability to pass the test (typically called a career change...), more 
power to him and I hope he's able to contribute. Can you imagine a security guard who knows about social engineering, 
proper auditing, details about the locks and other auth hardware up to a CISSP level of knowledge? That's not bad at 
all, although his web app sec and OS hardening skills might leave a lot to be desired.

I think if anyone has worked extensively in all 10 domains for 4 years, they likely are over-qualified for the CISSP 
anyway.

Words someone will take exception to, I know, but that's fine. :)


<- snip ->
To qualify for CISSP, you should have at least four years of experience in one of the ten domains. Of which includes 
Physical Security. So with a bit of cramming, your gun cleaning, gate guard of 4 years can be a qualified CISSP with 
next to minimal experience in Information security.
And as per the ISC2 webpage, to qualify experience you need to have done some of the included actions. 
(https://www.isc2.org/cgi-bin/content.cgi?category=1187)

Reactions anyone?