Recently I have passed my SSCP on 10 Aug 2018.
dcs: 1st, congrats on passing the exam. Based on the experience described below, I assume you mean you passed the SSCP exam, but are not yet certified as an SSCP. My comments are based on that assumption.
I am now wondering if my current situation which I have a few questions to ask:
- Computer Science Degree (Bachelor with Honors) in Singapore
dcs: 2nd, congrats on a degree with honors.
1 year contract starting from Dec 2017. The job scope is to maintain the software used in Data Diode (One-way data transfer between 2 devices)
1) Can I get a waiver of work requirements right now?
dcs: If you are thinking about the bachelor's degree counting for one year of the total work experience for the CISSP, yes, assuming it is a full four-year degree.
If you are thinking about the one year work experience requirement for SSCP, you must refer to the guidance at https://www.isc2.org/Certifications/SSCP/experience-requirements. My interpretation is that your Computer Science degree would probably not qualify for the one year experience waiver, because that page specifically says, "A one year prerequisite pathway will be granted for candidates who received a degree (bachelors or masters) in a cybersecurity program." However, if you can document that your degree was a major in cybersecurity, not simply CompSci, I recommend contacting (ISC)2 directly to ask for a decision.
2) Based on this current job scope, can I be considered to fall on 2 of the 7 CBK domains
- Network and Communications Security
- Systems and Application Security
dcs: My interpretation of your short description of maintaining existing software (as opposed to writing new s/w from scratch), is no, I would not approve you as having had experience in either of those domains. The work experience is to be actually performing activities described in the CBK details for each domain. Maintaining software, if you are actively incorporating software security development processes, can qualify for the CSSLP experience, but not for the IT Administration experience for SSCP.
3) Can I opt to take CISSP exam soon (3 months ~ 1 year), and should I do so?
dcs: Yes, you can opt to take the CISSP exam at any time, but I would recommend you not rush into it. You have plenty of time to prepare and take the CISSP exam once you have the four years needed of CISSP CBK experience. Having passed the SSCP exam you are eligible immediately for membership as an Associate of (ISC)2. Once you have your one year of experience in two domains of the SSCP CBK you can become certified as an SSCP, making you a full certified member of (ISC)2. In the meantime, since it takes five years of experience in multiple CISSP domains to qualify for CISSP, I think you will be better off seeking jobs to gain that experience, and spending study time over a long period on the eight CISSP CBK domains, relating the book study to your work. You will learn it all much more deeply that way. As an Associate of (ISC)2 based on passing the SSCP exam, you would not need to try to be a double Associate (as far as I know there is no such thing.)
4) Is my current work experience fits in the CISSP requirements assuming I stay on this role for the next 5 years?
dcs: Note my comments above about your current work; I would say no, maintaining existing software, even with some security aspects, probably will not meet the CISSP CBK experience requirements. You must actually be completing work duties as described in the CBK for each domain you claim experience in.
Further, based on your successes so far, and your apparent goals, I do not see you sitting in that entry-level computer scientist s/w maintenance job for five years. You are going to progress upward, taking on more responsibilities and challenges, in teh coming years.
Thank you all.
@slee047 Congratulations on passing the SSCP exam!
Unfortunately, we are not able to validate your work experience prior to you submitting your endorsement; however, I can confirm your bachelor's degree in Computer Science is enough to waive the 1 year requirement to obtain the SSCP. Here is a link to the SSCP Experience Requirements. Please scroll to the bottom of the page to locate the list of preapproved degree programs that will waive the 1 year requirement.
If you are interested in sitting for the CISSP exam, you may do so; however, you will need to have a total of 5 years of work experience in at least 2 of the 8 CISSP domains. With your bachelors degree, you may waive 1 year, leaving you to obtain 4 years in at least 2 of the 8 domains. If you decide to take the CISSP prior to having the work experience, you may register to become an Associate of (ISC)². Becoming an Associate of (ISC)² will provide you with 6 years to obtain the required experience needed to obtain the CISSP.
Please let me know if you have any further questions.
Thanks for the reply, especially the work experience part. It is just happen that my current job involves in improving (Maintaining) the software used by the data diode, integrate some Anti-Virus engines plugins (Calling by Restful API or Terminal depending on the vendor product) or develop an interface application to invoke this data diode software.
As my contract is ending coming Christmas, I have the option to either convert as a permanent staff (Will ask for role that matches with CISSP related work experience) or find a job elsewhere.
Perhaps I am just too eager and thought that strike the iron while it is hot, and the fact that certain countries (Notably China) relies on CISSP much more and hence I did mooted the idea of getting CISSP asap even though it might not be the wisest choice afterall.
@slee047 It is my pleasure! In regards to your digital badge, you won't receive this until after your endorsement has been approved. This can take up to 6 weeks from the date you submitted the application. Once your endorsement has been approved, you will be emailed with your Acclaim badge within about 2 weeks (usually sooner).
Some general advice.... Until one has a few years of experience that matches the requirements, it probably is not the best time to sit for the CISSP exam. I recommend this for two reasons:
Before sitting for the exam, I recommend starting the paperwork (basically a resume) that you would submit for the endorsement process and doing a self-review. Unless you are well on the way to meeting the experience requirement (e.g. 50+%), I would hold-off on risking the exam fee. That said, you are allowed to take the exam whenever you want. All you risk is the $700 exam sitting fee and a few hours of your time.
In @slee047's particular case, I would first focus on getting your SSCP fully endorsed so that you can put it on your résumé.