Question about SSCP

Analystguy89

I was looking at the qualifications to take the exam and I am not quite sure if what I do counts. I am a business analyst but I also am an administrator of our Oracle CRM software and another internal company software over all users and information. We also have tracking software in our rental generator units and I monitor and report about it. Do either of these qualify me to take the exam?

MSP-IT

Anyone is welcome to take either the CISSP and SSCP exams and become an Associate of the (ISC)2. However, the SSCP would require a single year of experience within a security related role. Based on what you described there, it may be a little hard to prove that what you did was actually related to the InfoSec industry. Could you elaborate as to how it would relate to one of the 7 security domains?

Analystguy89

I think I would be in the Access Controls domain specifically identity management, access control concepts, and authentication mechanisms. There is an internal software used by external customers, internal associates, and distributors. I am the admin for user rights, user role or what they can and can't access. This database has access to all of our products, spec sheets etc. Also we have tracking software that records where our generators are at 24 hours a day. It reports to me if there is fuel being taken if it is moved or other strange activity. I don't think it is necessarily IT security but I do think it fits into the domain. I think the tracking software is in the monitoring and analysis domain.

JDMurray

I think you've got it. If you have only spent a year on a Help Desk resetting passwords then you'd have Access Controls SSCP CBK domain experience.

Of course, the only official word on acceptable professional work experience for the SSCP can come from contacting the (ISC)2 itself.

MSP-IT

It's all about wording.