CISSP Certifications: Required Versus Recommended Experience

Certification: ISC CISSP - Certified Information Systems Security Professional


The Certified Information Systems Security Professional (CISSP) certification offered by the International Information Systems Security Certification Consortium (ISC)2 requires aspiring  candidates to possess some experience in one or two of the ten  CBK domains. However, there is required experience and recommended experience.

The required experience is that which you must have attained before becoming a CISSP. The recommended experience is that which a professional CISSP attests that you do possess. Thus, you can sit for the CISSP exam if you have the required experience but you cannot become a CISSP professional until you get the recommended experience.

What is the difference between required and recommended experiences?

Required experience is an experience you need to qualify for the CISSP exam. You claim to have the required experience, but there is no proof that you possess the experience. Recommended experience on the other hand has something to prove it. For example, an endorsement certificate is proof that you have the specific experience. A person who endorses your experience attests to have knowledge that you indeed have that experience. A college certificate is also proof that you have experience in that particular study. It is therefore a form of recommended experience.

Examples of required Experience

  • Having worked in a job that required you to demonstrate ethical judgment
  • Having worked in a job that you had to be judgmental, discreet, and you had to make a decision relating to a management
  • Having taken part in research and development
  • Having worked in a job that required you to remember routine actions that are transferable to fellow workmates
  • The specifications and selection of mechanisms and controls involving identification and authentication technology
  • Having worked in a position that required intellectual achievement
  • Experience in teaching, training and instructing others
  • Creative writing and oral communication
  • Experience in supervising others while working under minimal supervision

What are the advantages of required experience?

The required experience will enable you to sit for the CISSP exam. The experience makes you conversant with many aspects of the information security industry. It enables you to have an easy time when studying for your exam because you can relate to most of the scenarios. In brief, it makes you pass the CISSP exam.

What are the disadvantages of the required experience?

Although you have the experience, you have nothing to prove that you do. When attending job interviews, you will have a hard time convincing potential employers that you have what it takes for that position. Unless the employer gives you the opportunity to demonstrate your expertise, your competitors who hold CISPP certificates are at the upper hand than you.

You will also have a hard time convincing your interviewer of your character. The employer may have doubts about your character about responsibility, work ethics and awareness of current issues in the industry. For this reason, even if you get a job, your starting salary may be lower than that of someone who has the CISPP certificate.

What are the advantages of recommended experience?

The CISSP certification recommends the experience that a holder has. For this reason, it places the holder at a better position to secure employment faster than a person who claims to have experience but cannot prove it. It also enables the holder to pocket a bigger salary than his or her counterparts. Why do employers prefer employees with the CISSP certification?  The CISSP holders earn the certification through hard work and commitment and maintain it through discipline. Before an individual passes the CISSP exam, they have to read extensively. They therefore have a wealth of knowledge in not only one or two domains of the CBK, but also in other eight domains of the CBK. The fact that they have to subscribe to and oblige to a code of ethics implies that are responsible and committed to their job. It assures employers that they are the best individuals to fill open positions in their companies. The employers have confidence in CISSP holders because there is proof that indeed they have knowledge and hands-on experience for the positions they are seeking. In contrast, an individual could have worked for up to 30 years and have a problem securing employment because he or she cannot prove it. An employer hiring a person without any certification to proof his expertise is taking a big risk because you only get to know his expertise when he starts working in your company. The individual without certification could turn out to be a genius that impresses the employer, or a quack, and disappoints the employer.

What are the disadvantages of recommended experience?

Professionals do not gain recommended experience overnight! You have to work hard, be committed to your studies and job as well as be ready to part with finances. In order to acquire the certification, you must pass the exam. If you do not, you must possess perseverance and retake the exam again. You have to dedicate your time and money to the process of achieving recommended experience. Furthermore, you have to complete an endorsement form and submit it within the required time. It is a rigorous process that must be completed before (ISC)2 processes and  hands the certificate to you.

Concisely, both required and recommended experience will enable a professional to excel in the industry. However, recommended experience will fetch you more jobs and higher salaries than the required experience. For this reason, it is prudent for professionals who have been in the industry for a long time to get the CISSP certification. It will open doors to places they never imagined; higher ranks in the company, high salary, more demanding roles and hence job satisfaction.


Related IT Guides

  1. CISSP: How to earn CPEs?
  2. Eleventh Hour CISSP: What to do?
  3. How Much Can You Earn with CISSP Certification?
  4. How often CISSP exam format gets updated?
  5. How to become (ISC)2 associate?
  6. How to prepare for CISSP exam?
  7. Is CISSP certification the Gold standard in the industry?