Bottom Line Up Front: Sit down with a dear, trusted CCSP certified friend and go through you last ten years of experience, investigating your IT Service delivery tasks and mapping your experience to the CCSP domains.
IT has a lot of information security in it - design Active Directory for five years —- what about all that RBAC? Security groups within security groups? Ran an E-Policy Orchestration Server? Squashing virus infections and getting angry at McAfee(Trellix) when it didn’t work? Scoped the traceable requirements for a software project? Did it have security requirements? Managed a patching strategy prioritising CVEs? Telling the vendors update your OSS components please rather than giving me excuses as to why you’re not vulnerable… I have to track them you know - and hang on what do you mean you’re not …”generally” vulnerable…? You’ll need to analyse your tasks and see what your friend thinks is admissible.
The current guidance is clear as mud - but you need 5 years IT experience, of which 3 years must be in “information security” and one year in one of the six CCSP domains.
Bottom line down below is your CS degree counts a year, the other certificate you might consider is CSAs CCSK which counts a year and you then need a years experience in one domain of the CCSP.
Honestly your reply was an eye-opener for me. I didn't realized that I'd been doing a lot of Security stuff without me knowing. Implementation of 802.1x, MDM, ClearPass, incident handling, Digital signature, encryption, spam control and monitoring, Key Escrow, Account and access management, and list just go on and on...
Thank you so much for giving me a direction. You are really a "Community Champion"