Would this qualify for experience requirements (SSCP)
Hello all! A friend wants to steer his career path into information security. He is currently a financial transaction fraud analyst. I think his current experience would absolutely satisfy the experience requirements for the SSCP... but what are your thoughts? He describes his role as --
"Spot and analyze fraud trends as well as help brainstorm and implement processes to minimize areas of weakness. Provide client responses and assist with escalations or disputes regarding fraud decisions. Investigate disputes, verify facts and determine resolutions based on internal policies. Monitor flagged accounts to prevent loss to the company, guest and partners."
I think his main concern is he doesn't do traditional "IT work" necessarily so I had to assure him that information security is much more broad than just technology and includes physical security, paper documentation etc.. thought I should get a second opinion to ease his mind.
As long as he can verify that those match up to the domain(s) required, then yeah he's good to go. From where I am standing I believe he would be fine. You are absolutely correct that Information Security does not entail all IT work. He definitely fits the bill of an auditor.