What Ketchup recommended is exactly what I did. While I only had 2 1/2 years of DIRECT security experience, I was able to show enough previous experience in access control, operations security, etc to pass ISC2 requirement. I basically broke down my resume into the tasks and associated domains and submitted it.
If you get audited, don't take it personally. they ISC2 audits are completely random. If you happen to fail the experience audit and pass the test you will be an Associate of ISC2 until you meet the experience requirements.
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP