When you apply for certification, you will be asked to verify your work experience and education to meet the following qualification:

One year of cumulative work experience in one or more of the seven domains of the SSCP Common Body of Knowledge (CBK). A one year prerequisite pathway is available for candidates who receive a degree (bachelors or masters) in a cybersecurity program.

One Year Work Experience

Valid experience includes information systems security-related work performed, or work that requires information security knowledge and involves direct application of that knowledge. Experience must fall within one or more of the seven domains of the (ISC)² SSCP CBK:

Access Controls
Security Operations and Administration
Risk identification, Monitoring, and Analysis
Incident Response and Recovery
Cryptography
Network and Communications Security
Systems and Application Security

Your work experience is accrued monthly. Thus, you must have worked a minimum of 34 hours/week for four (4) weeks in order to accrue one (1) month of work experience

Part-Time Experience: Part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.

1040 hours of part-time = 6 months of full time experience
2080 hours of part-time = 12 months of full time experience

Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery. Interns may be gaining valuable experience without monetary compensation.

One Year Prerequisite Pathway

Candidates may satisfy the one year work experience requirement if they earn a degree from an accredited college or university or regionally equivalent education program. For purposes of certification, (ISC)² looks for the following characteristics of an approved cybersecurity degree:

1) The degree originates from a cybersecurity program which addresses cyber, information, software and infrastructure security topics within its requirements;

or

2) Is one of the following preapproved degree programs:

Computer Science
Computer Engineering
Computer Systems Engineering
Management Information Systems (MIS)
Information Technology [IT]

The list of preapproved degree programs will be updated periodically.

Verification of Work and Education Experience

Activities that do not relate to the domains of the ISC2 SSCP CBK cannot be included in the reported number of years of experience. If non-qualifying activities are included, that experience will be deducted. Examples of proof of employment include employment contracts, letters, and other documents on company letterhead showing the dates you worked at the company/organization.

Experience and education is subject to random audit. Erroneous information will be referred to the ethics committee and could jeopardize your endorsement and certification.

SSCP Work Experience Requirements