Eligible for being SSCP certified?

Hello, everyone!

Before anything else, I would like to apologize in advance for the fairly long post.

A few months ago, I decided to formally expand my knowledge regarding information security, so after some thinking, I decided to, for starters, pursue Security+. I'm happy to say that after about a month of preparation and reading different books and watching different CBT materials, I've successfully passed the exam (with surprisingly high score of 874/900

), so now I'm thinking about going for, as someone say, the next logical step - the SSCP. Now, I've read many different things about how much working security experience one must have in order to be eligible to be fully SSCP-certified, but I still need more details.

I have more than 5 years of full-time experience as a system administrator in a financial software development/QA company and for the last 2 years I've been working on a Senior System Administrator position in a high-security environment. By "high-security" I mean that the company I'm working for has very strict, well documented and enforced on all levels security policies and procedures. In short, we have everything that I was tested on Security+ exam:

Physical security - we have 4 security levels, ACS with proximity badges, video surveillance inside and outside, 24-hour guard inside the premises...

NDAs, AUP, Security Policy, change management procedures, internal security audits, high security projects (no workstations, only thin client devices; mobile phones forbidden inside the room), redundant servers for ALL services (DC, File, Web, Mail....)...........

Now, as a Senior SysAdmin, I'm completely responsible for all IT operations in our branch (about 130 people; the whole company has ~1000 employees):

I manage IT personnel (5 of them - sysadmins and technicians)
Aside from being responsible for configuring and deploying servers and networking equipment, I manage our ACS, CCTV and backup systems, monitoring and enforcing security policies, holding security awareness trainings, lately even participating in security policy reviews..,

All in all, I think you guys get the idea of what am I doing on every day basis.

As for me, I have BSc. in Information Systems and have been Microsoft certified for the last 7 years (MCSA for 2003, 2008 and 2012, MCITP and multiple MCTS) + most recently I got my Security+.

So, what do you guys say? Do you think this will be enough for full (not associate) SSCP certification?

BTW, although I'm aware that many of you would probably think this is a bit of a stupid question, I really need advice and help and I would most certainly appreciate it.

Cheers!

Find more posts tagged with

Comments

TechGuru80

Yes that should be more than enough...probably sufficient for CISSP if you so desired but that's a beast you might not have the security experience to tackle.

tedjames

That should be plenty. After you pass the test, you'll have to fill out ISC2's CV documenting your security-related experience. Then you'll have to get someone else with an ISC2 certification to sponsor you. Basically, they'll vouch for your claimed work experience. Occasionally, applications get audited. Mine was audited, so I essentially had to re-document my experience and send it in. Then I received my certification.

SSCP is an excellent next step after Security+. Everything you learned for Security+ will apply to SSCP, though SSCP goes a lot deeper on the technical and administrative side.

JC Denton

Hi, guys! I appreciate your prompt and concise answers.

@Techguru80:

Nah, I'm really not CISSP level yet (not even close) and it will be quite some time till I even attempt to tackle this beast of exam. I'm really going with the mindset of getting certified for the level I currently am, rather than the level I would like to be.

CISSP is the goal, though, so when I feel confident enough and see that I can benefit from being CISSP-certified, I certainly will go for it.

@tedjames

Yeah, I read all about it and I can already foresee a potential problem there. I mean, although my bosses would gladly confirm that I really do what I do and vouch for my experience in this regard, they are not (ISC)²certified so they cannot be my endorsers. Now, I'm aware that (ISC)²can assist me on this matter by acting as my endorser, but I really don't know how this works. I guess I'll find out.

Again, thanks for clarifying.

JC Denton

A NOTE FOR MODERATOR:

I apologize for several very similar posts one after another, I was getting an error (for some reason) whenever I would post a reply until I finally got a message that moderator need to approve my post before it is visible. I'm sorry for inconvenience and double-posting.