Can You Take the CISSP Exam Without 5 Years of Security Experience?


“You can’t take the CISSP exam without the minimum 5 years of full-time paid work experience in the security field” – This is NOT true.

Who would say such a thing without first finding out if it’s true?  Unfortunately, it was me! Sorry about that!

In all my excitement after passing the CISSP exam, I misunderstood what the “Endorsement Processing Specialist” told me in this post: Take The Exam Again? No Way!

I didn’t take the time to read that one could maintain an Associate status after passing the exam, until 5 years of real-world security work was completed.


I just recently became aware of the CISSP Associate certification status through a knowledgeable member of the Study Notes and Theory Facebook group!

A CISSP Associate is one who has taken and passed the CISSP exam, but has not worked 5 years in the information security field yet.

How to Become an Associate CISSP

1.  Study and pass the CISSP exam

2.  Notify the ISC(2) of your accomplishment

3.  Get a job in information security – Check out Do You Have Enough Experience to Take the CISSP Exam?

4.  Maintain CPE credits and pay yearly dues 

5.  After 5 years in the information security field, go through the Endorsement Process. You’ll have 6 years to obtain your 5 years of experience.

After endorsement verification, your status will change from “CISSP Associate” to “CISSP Certified” !

JUST to make sure that I’m not once again providing incorrect information, I gave an “Endorsement Processing Specialist” a call at the ISC(2) to confirm, check out the audio recording below!