SSCP Work Experience Requirements

When you apply for certification, you will be asked to verify your work experience and education to meet the following qualification:

One year of cumulative work experience in one or more of the seven domains of the SSCP Common Body of Knowledge (CBK). A one year prerequisite pathway is available for candidates who receive a degree (bachelors or masters) in a cybersecurity program.

One Year Work Experience

Valid experience includes information systems security-related work performed, or work that requires information security knowledge and involves direct application of that knowledge. Experience must fall within one or more of the seven domains of the (ISC)² SSCP CBK:

  • Access Controls
  • Security Operations and Administration
  • Risk identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security

Your work experience is accrued monthly. Thus, you must have worked a minimum of 34 hours/week for four (4) weeks in order to accrue one (1) month of work experience

Part-Time Experience: Part-time experience cannot be less than 20 hours a week and no more than 34 hours a week.

  • 1040 hours of part-time = 6 months of full time experience
  • 2080 hours of part-time = 12 months of full time experience

Internship: Paid or unpaid internship is acceptable. You will need documentation on company/organization letterhead confirming your position as an intern. If you are interning at a school, the document can be on the registrar’s stationery. Interns may be gaining valuable experience without monetary compensation.

One Year Prerequisite Pathway

Candidates may satisfy the one year work experience requirement if they earn a degree from an accredited college or university or regionally equivalent education program. For purposes of certification, (ISC)² looks for the following characteristics of an approved cybersecurity degree:

1)  The degree originates from a cybersecurity program which addresses cyber, information, software and infrastructure security topics within its requirements;


2)   Is one of the following preapproved degree programs:

  • Computer Science
  • Computer Engineering
  • Computer Systems Engineering
  • Management Information Systems (MIS)
  • Information Technology [IT]

The list of preapproved degree programs will be updated periodically.

Verification of Work and Education Experience

Activities that do not relate to the domains of the ISC2 SSCP CBK cannot be included in the reported number of years of experience. If non-qualifying activities are included, that experience will be deducted. Examples of proof of employment include employment contracts, letters, and other documents on company letterhead showing the dates you worked at the company/organization.

Experience and education is subject to random audit. Erroneous information will be referred to the ethics committee and could jeopardize your endorsement and certification.