I have had this questions come up a lot lately, and I can’t answer you, because the decision is ultimately (ISC)².
Take a look at the official guide by (ISC)² here: www.isc2.org/Certifications/CISSP/Experience-Requirements
A general rules of thumb:
- 5 years full time IT Security work experience in 2 or more of the 8 domains is required.
- 1 year can be deducted if you have a 4-year college degree OR another IT Security certification (but you can deduct only 1 year in total).
- If you do not have the experience, you can still take and pass the exam, but you will be Associate of (ISC)² until you have the required experience, you have 6 years to get it.
- If you work with IT Security, but it is only part time, you can use 50% (or whatever percentage) you work with it as experience. 50% = 8/10 years full time.
The final decision is always (ISC)²’s