CISSP domain question (SSL certificate management)

Nobylspoon

Before getting into IT, I had 3 years of work experience as a security guard which should cover the Physical Security domain. My responsibilities at work have recently expanded to also include management of our SSL offloaders to include maintaining about 150 SSL certificates and associated virtual servers.

Would this work experience count towards the Cryptography domain?

JDMurray

SSL certs belongs more to the access control domain than crypto. You can claim crypto if you are an actual cryptographer, crypto-scientist, or an engineer that designs/implements crypto systems. Having experience just using a security control that has a crypto component probably won't qualify. However, you need to ask the (ISC)2 and get their official judgement.

Nobylspoon

JDMurray wrote: »

SSL certs belongs more to the access control domain than crypto. You can claim crypto if you are an actual cryptographer, crypto-scientist, or an engineer that designs/implements crypto systems. Having experience just using a security control that has a crypto component probably won't qualify. However, you need to ask the (ISC)2 and get their official judgement.

Do you think it would be enough to qualify for the Access Control domain then or would I still need to have my responsibilities expanded further? I also maintain the product users and roles via Weblogic Admin Server which should count for that domain as well.

I just assumed cryptography but it doesn't matter too much which domain as long as I can meet requirements for a second domain. I will redirect this over to (ICS)2. At the end of the year I should have my bachelors (knocks off 1 year req) and a year of experience with my new responsibilities. That combined with my 3 years of physical security experience will hopefully meet the requirements for this certification.

Thanks for the advice.

JDMurray

Sure, no problem. Please post back here when you receive your response from the (ISC)2.

Nobylspoon

The (ISC)2 rep told me that my resume sounds thorough enough in his opinion but that it would ultimately be up to my endorser to decide. After reading your blog, I have gained a greater interest in SSCP since my preference is on the technical side.

I should finish my BS:IT this year so I think I am going to working on the SSCP before diving into the MS:IT program. Since I plan to continue with WGU and CEs are granted for some of the course work, it would make sense to benefit from them. Worst case I have 2 years as an Associate of (ISC)2 to get endorsed.

Thanks again and great blog BTW.

afcyung

I claimed Cryptography experience for being an COMSEC Manager.

JDMurray

Nobylspoon wrote: »

Worst case I have 2 years as an Associate of (ISC)2 to get endorsed.

CISSP associates have up to six years to acquire the professional work experience and get endorsed. Your one year of access control experience is enough to qualify you for the full SSCP certification.

Nobylspoon wrote: »

Thanks again and great blog BTW.

Thanks very much!