SSCP Experience Requirements
Candidates must have a minimum of one year cumulative paid work experience in one or more of the seven domains of the SSCP CBK. A one year prerequisite pathway will be granted for candidates who received a degree (bachelors or masters) in a cybersecurity program.
A candidate who doesn’t have the required experience to become an SSCP may become an Associate of (ISC)² by successfully passing the SSCP examination. The Associate of (ISC)² will then have two years to earn the one year required experience.
Part-time work and internships may also count towards your experience.
Valid experience includes information systems security-related work performed, or work that requires information security knowledge and involves direct application of that knowledge. Experience must fall within one or more of the seven domains of the (ISC)² SSCP CBK:
- Domain 1. Access Controls
- Domain 2. Security Operations and Administration
- Domain 3. Risk identification, Monitoring, and Analysis
- Domain 4. Incident Response and Recovery
- Domain 5. Cryptography
- Domain 6. Network and Communications Security
- Domain 7. Systems and Application Security
Note: Effective November 1, 2018, the SSCP exam will be based on a new exam outline. The domains and their weights have changed. Please refer to the SSCP Exam Outline for details or view the SSCP FAQs.
Part-Time Experience: Your part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.
- 1040 hours of part-time = 6 months of full time experience
- 2080 hours of part-time = 12 months of full time experience
Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery.
Not Enough Experience?
Start on a pathway to certification with the Associate of (ISC)²! You can take a certification exam without the work experience. If you pass, you simply work to get the experience needed for certification.
One Year Prerequisite Pathway
Candidates may satisfy the one year work experience requirement if they earn a degree from an accredited college or university or regionally equivalent education program. For purposes of certification, (ISC)² looks for the following characteristics of an approved cybersecurity degree:
1) The degree originates from a cybersecurity program which addresses cyber, information, software and infrastructure security topics within its requirements;
2) Is one of the following preapproved degree programs:
- Computer Science
- Computer Engineering
- Computer Systems Engineering
- Management Information Systems (MIS)
- Information Technology [IT]
The list of preapproved degree programs will be updated periodically.