Experience Question/Feedback

willhi1979willhi1979 Member Posts: 191
Hey all,

I have a question to see if I have the necesssary experience to take the SSCP as a full time professional. I do not work in infosec at the current time. I am doing support for a database driven marketing application. My special project on the team is remote connectivity so I test remote access and work with the customer and our internal teams to get the remote access setup. I work full time and this special project takes about 5-8 hours a week. I've been in the position for seven years. The rest of my time is spent working on customer tickets where we have the full range of issues from security permissions to DCOM to user errors and code bugs. I learned how to use Netmon/Wireshark last year and have used it at work on a few occassions. I'm Security+ Certified, hold a Teradata Masters Certification, and have a Batchelors Degree. I'm interested in the field of infosec, and I was thinking that this might get me closer to maybe having a future in infosec. I'd appreciate any thoughts and guidance. Thanks for the assistance.


Will Highsmith


  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,718 Admin
    The (ISC)2 has an "Associates" designation for both the SSCP and CISSP that allows people who don't yet have the work experience to take the SSCP and CISSP exams. The SSCP only requires one year of professional InfoSec work experience in one of the seven domains of the SSCP CBK. I'm sure that once you make a good study of the SSCP CBK you will probably be able to discover (at least) one year of InfoSec work on your resume.
  • willhi1979willhi1979 Member Posts: 191
    Thanks JD. The web site refers to one year direct fulltime infosec experience so I wasn't sure. Are you saying that I should submit my resume to them and ask for the year of approval or should I go the Associates route? I didn't know if you decide afterwards or not. I contacted CISSP to ask and they do not precertify candidates. I don't have a lot of experience administrating Servers, but we do check the configuration. I'm thinking about starting with the MCSA: Security and upgrade my Security+ to 2008 before I do the SSCP. I read the post by keatron on a training path, and that was great to me. I'm planning to do self study due to the cost of a bootcamp.
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,718 Admin
    When you submit the candidate form to take the exam, you will declare what domain(s) you have (at least) one year experience in. After you pass the exam, you will find an endorser who already has (at least) one (ISC)2 cert and s/he will verify your experience for the (ISC)2. You may also be audited afterward by the (ISC)2 too.

    Most sysadmins have experience in access controls and network/telecom domains. You'll need to look over the seven domains and see what fits what you have done.
Sign In or Register to comment.