Good evening,
I'm still busy working my way through the forum, so apologies if this has been covered in another topic, but I have a (potentially trivial) question related to the required experience, specifically for the CCSP.
My understanding, as per the official website, is that I need at least 5 years of full-time work experience in Information Technology, of which 3 years need to be in information security, of which 1 of those need to be in one of the CBK domains of the CCSP (read Cloud Security experience?).
If I hold the CCSK, I get recognition for the 1 year CBK-related work experience, thereby still requiring me to have additional 2 years of Information Security work related experience, not necessarily cloud security, correct?
Is this 2-year experience requirement measured against the CBK of any of the other ISC2 certifications? Or is it any work/responsibilities that fall under a generally-accepted definition associated with Information Security (e.g. Identity & Access Management).
Having many years of experience in varying roles, some of which included activities that could be considered security related (like my IAM example), I'm just to get my ducks in a row as far as my ISC2 journey is concerned.
Thanks in advance
Hi and welcome to the forum!
The way I read the requirement is with the CCSK giving you a 1 year waiver for the cloud security experience, you'd still need to provide evidence of 4 years of experience. Of those 4 years at least 3 need to be in information security. So you need either 3 years of information security + 1 year of cloud security + 1 year CCSK waiver = 5 years. Or 4 years of information security + 1 year CCSK waiver = 5 years.
You'll probably find that most people on here who hold the CCSP also hold the CISSP, probably because the CISSP can be substituted for the entire CCSP experience requirement. As such, I think it's fair to assume if you based your information security experience on the domains of the CISSP it would be classed as acceptable. The CISSP domains are also pretty broad so I'm sure an experienced IT campaigner would find a lot their experience would fit nicely within one or more of the domains (of which IAM is one).
That being said, I don't see why you couldn't base your information security experience on the domains of any of ISC2's certifications (other than the CCSP which bizarrely seems to be limited to 2 years which seems a little strange to me!). So the CISSP, CSSLP, SSCP, CAP, HCISSP should all be fine in my opinion - or even any recognised information security certifications from other organisations.
Good luck with your studies!
Sorry to rehash an old discussion, but has this ever been definitively confirmed (that 4 years of information security + 1 year CCSK waiver = 5 years for CCSP)?
That is my reading of the requirement as well and seems to align with a few members’ interpretations of the requirement, but I was hoping to have confirmation from ISC2 since it’s not 100% clear as written (in contrast to, for example, the CISSP requirements). Thanks!