You Must Be This Tall to Ride (and Other Requirements)
The CISSP candidate must have a minimum of five cumulative years of professional, full-time, direct work experience in two or more of the domains listed in the preceding section. The work experience requirement is a hands-on one — you can’t satisfy the requirement by just having “information security” listed as one of your job responsibilities. You need to have specific knowledge of information security — and perform work that requires you to apply that knowledge regularly.
However, you can get a waiver for a maximum of one year of the five-year professional experience requirement if you have one of the following:
A four-year college degree
An advanced degree in information security from a U.S. National Center of Academic Excellence in Information Assurance Education (CAEIAE) or a regional equivalent
A credential that appears on the (ISC)2–approved list, which includes more than 30 technical and professional certifications, such as various SANS GIAC certifications, Microsoft certifications, and CompTIA Security+ (For the complete list, go to