Passed CISSP exam, go for SSCP to knock off 1 year requirement?

storchstorch Member Posts: 6 ■□□□□□□□□□
Hi Everyone,

Last week I passed my CISSP exam but don't meet the required 5 years full time IT security experience to get my full designation. I have over 5 years of IT experience but in various roles mostly as a Systems Admin/Support. My recent role, which I've been in for the past 3 years has been a full time security position. Meaning I'm working with AAA systems, file integrity systems, IDS, IPS, vulnerability management ect..

My sponsor thinks it's best to use this position as my CISSP work experience. Technically I could get away with using my previous experience in a Sys Admin role towards my designation experience but I would not be doing myself any good and the designation would not hold the same weight. So with that in mind, would the SSCP be the best route to go with and knock it off in a month or 2? I studied for about 3 months for the CISSP. I enjoy being on the technical side and working with the equipment rather than implementing policies and governance or creating BC/DR plans.


  • TacoRocketTacoRocket Member Posts: 497 ■■■■□□□□□□
    It's up to you. Security+ would do the same. I see no harm in going for the SSCP
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here:
  • havoc64havoc64 Member Posts: 213 ■■□□□□□□□□
    I would think the SSCP as a minor (ISC)2 cert would be very similar and easier to pass for you. As for your resume, maybe the CEH would look better... JMHO...
  • storchstorch Member Posts: 6 ■□□□□□□□□□
    I appreciate the response gents, I've followed this site during my preparation for the CISSP and the responses really helped me properly prepare and use the right materials for passing the exam. I'll continue with perusing the SSCP to compliment the CISSP.

    In terms of my CISSP study material for anyone interested:

    I watched the Cybrary IT videos twice, once during my review phase and a second time a week before my exam to refresh all of the material. Kelly is fantastic and her tips and material really make you get it.

    The new Sybex book, read the whole thing, I thought it was a great book and covered everything that you need to know for the exam. What I also liked about it is that it references previous domains in multiple chapters as your reading. I found that it helped me remember previous topics from earlier domains that you may have forgotten because of the amount of material that your taking in.

    Shon Harris 6th Edition, I just couldn't do it, I'm sure anyone hardcore enough could read the whole thing but I just couldn't do it, this book also weighs like 10 pounds.

    11 Hour CISSP, read this book front to cover, just a quick facts and definitions, no long explanations, great for review.

    Freepracticetests, I used this site to test my self 50 questions at a time throughout the day, it helped me keep the material fresh in my mind and the thought process that ICS2 wants you to have.

    So there you have it folks, good luck to everyone.
  • cyberguyprcyberguypr Mod Posts: 6,927 Mod
    I am not sure I follow. Why are you saying that if you use the sys admin experience the cert wil not hold any weight? Did you have direct security related experience in that role or not?
  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
    If you are a degree holder OR certs like sec+ (if i didnt remember wrongly) would waive 1 year for the requirement. Also you have 9 months to endorsed your CISSP. Hence practically, you can pass 8 months before your 4th years and get endorsed at the 9th month and still get the CISSP. There is ways maintain your standing till you reach your experience (another topic). As cyberguypr said, sys admin counts toward CISSP, as long as its full time salary job*

    *ISC2 had this definite out exactly, read up ISC2 to find out if previous position is counted or not counted as work experience.
  • OctalDumpOctalDump Member Posts: 1,722
    Not meaning to hijack the thread, but can someone clarify this for me. I have vague plans to do CISSP next year. I'm not sure that I would meet the requirements for endorsement, so might end up an "Associate" for a few years.

    Looking at the forms for endorsement, it seems quite extensive. Fairly easily met if you are working in a "pure" security role and have support in your workplace from another CISSP, but seems harder if you have a history that's more, like OP, system admin experience which might include only some security component.

    Are ICS2 very strict on all this? Or is there some lee way? What about for roles from 5+ years ago where you might have trouble getting hold of a supervisor or their contacts? Or where people are otherwise unwilling/unable to confirm experience, or disagreement as to how much security stuff you were actually doing? Should I be getting written statements as I go along? Seems like it would suck if you have 3 years in a role and the company went bust or the supervisor died or you were working with some crazy person that couldn't be trusted (or in jail!).

    Is that lee way given to the endorser?
    2017 Goals - Something Cisco, Something Linux, Agile PM
Sign In or Register to comment.