sscp or security+ first?

chickenlicken09chickenlicken09 Senior MemberPosts: 507Member ■■■□□□□□□□
hi guys, so im still debating where to start in terms of the security route. i was thinking cissp but now i think it makes sense to start with something lighter like the security+ or sscp just to make sure i like it and get my feet wet. Are there pros or cons as to where to start?
Im thinking the sscp would look better on the cv as i dont see security+ listed much. Any thoughts would be great?

Thanks

Comments

  • JoJoCal19JoJoCal19 California Kid Posts: 2,772Mod Mod
    Do you already have security experience? The CISSP requires 5 years of experience in at least 2 of the 10 domains it covers. I believe the SSCP is more along the lines of what you'd be looking at. Having had the Security+ and not having it help me a single bit (nor did the Network+), along with the expensive cost of the CompTIA certs, I wouldn't take it. I would however buy the Security+ book and read it and learn the material as if you are going to take the test. Then move on to other certs such as the SSCP.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • PJ_SneakersPJ_Sneakers CompTIA, EC-Council, ISACA, (ISC)², Microsoft USAPosts: 879Member ■■■■■■□□□□
  • dustervoicedustervoice Posts: 877Member ■■■■□□□□□□
    I would say get security+ then move on to SSCP then CISSP. Security + for your knowledge only and to build a solid foundation/springboard as no employer will be impressed by security+ being on your CV. I passed the A+ and Net+ some years back i've now officially deleted them from my CV as they are just taking up valuable real estate on a limited 2 page document. After being in IT for so long if i have to still prove to someone that i know how to change out a NIC card(A+) or demonstrate that i know what a cat5 cable is(N+) then am in real trouble icon_lol.gif
  • RemedympRemedymp Posts: 834Member
    If you already have SY0-401, skip the SSCP then. It's not worth it IMO.

    Here are a few postings of Jr. IT Security positions recently:
    General Summary of Position:
    The Junior Network Security Administrator role is to assist the Information Security Officer with planning, designing, development, and implementation of efficient network integrity, systems security, log management, business continuity and disaster recovery. This individual will apply proven communication, analytical and problem-solving skills to help identify, communicate and resolve issues in order to maximize the benefit of internal systems investments and will be involved in a variety of other projects including assisting with firewall, anti-virus, web filtering, threat remediation and security compliance.
    Duties & Responsibilities:
    • Performing analysis of network security needs and contributes to design, integration, and installation of hardware and software
    • Analyzing, connectivity requests to insure compliance with Mass 201 CMR 17, PCI and other policies
    • Provide recommendations for the development and analysis of Network Security policies and procedures
    • Document computer security policies, procedures and provide alternative solutions to requests that violate policies
    • Ability to work Hands-on with Internet protocols, IPS, firewalls, packet capture and analysis, SSH, TLS/SSL, web servers, application servers, database security, patch management and vulnerability assessment tools
    • Device/vendor agnostic (needs to support Check Point, Fortinet, Cisco, F5, etc.)
    • Software/vendor agnostic (needs to support Websense, McAfee, Tenable, etc.)
    Required Qualifications:
    • Bachelor's degree
    • 2 years of networking experience with Cisco Routers and Switches
    • Network security experience with Checkpoint
    • Problem Solving - must be able to provide technical solutions to a wide range of complex difficult problems.
    • Self-Motivator possessing a high sense of urgency and high level of integrity
    • Strong written and verbal communication, as well as organization and documentation skills
    • Strong knowledge of networks and network topologies and protocols
    • Reporting for internal/external use and compliance
    Preferred Qualifications:
    • Candidates with these desired skills will be given preferential consideration:
    • Cisco CCNA
    • Check Point CCSA
    • CISSP
    • Microsoft MCSA
    • Familiar with standard security and PCI best practices
    • Vulnerability Management / Risk Assessment
    • Knowledge of features of Active Directory, Group Policy and Certificate Authority technologies.
    • Experience with endpoint security software and encryption products

    Responsibilities:
    The position requires a higher degree of technical ability and skills, that relate directly to the operation, maintenance, and troubleshooting of specialized security related infrastructure. Examples of such infrastructure are the RSA DLP (Data Loss Prevention), SEIM (Security Event Information Management), IPS (Intrusion Prevention), WAF's (Web Application Firewalls). The position also requires a higher level of specific experience and formal structured training to be effective.

    Due to sensitive nature of the data being analyzed and administered this person must exhibit distinct discretion. However, a self-assured manner and authority is also necessary when interacting with management in non-Operations areas.

    Day to day administration of security infrastructure including:

    • Operations of the Security systems, including maintenance, configuration, issue remediation, audit and troubleshooting
    • Administer Data Privacy Committee Sharepoint portal Administering RSA DLP and SEIM software and Hardware
    • Analysis, categorizing and reporting the DLP results, including informing the DLP gate-keepers within Legal, HR and ACS of any suspicious activity
    • Development and administration of correlated customized real-time security alerts
    • Education of sensitive information owners of their data protection responsibilities and data encryption techniques
    • Enforcement of data encryption automation
    • Staying current with US and global Data Privacy Laws Development and administration of metrics reporting to the Data Privacy Committee



    Qualifications:
    • Excellent verbal and written communications skills
    • Advanced knowledge of Microsoft Office suite, and Lotus Notes
    • Advanced knowledge of TCP/IP networks, routing, protocols, and topology
    • Excellent Internet troubleshooting skills
    • Good working knowledge of Windows & Linux Operating systems, and Database technologies
    • Project Management involvement required to understand project scheduling and criticality of tasks and prioritization
    • Excellent customer service, and troubleshooting skills
    • Highly analytical with structured approach experience
    • Excellent problem detection and resolution skills
    • Detail oriented, self starter


    I would go for SY0-401, then focus on either CCNA:Security or RHCSA. More ROI for either of those two, IMHO...
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,309Admin Admin
    The SY0-401 now covers most--if not all--of the topics covered by the SSCP exam. However, the Sec+ exam itself is simpler than the SSCP exam. Either exam is good preparation for the other. If you had to choose only one or the the other, you will get more resume recognition from the Security+ cert.
  • PJ_SneakersPJ_Sneakers CompTIA, EC-Council, ISACA, (ISC)², Microsoft USAPosts: 879Member ■■■■■■□□□□
    JDMurray wrote: »
    The SY0-401 now covers most--if not all--of the topics covered by the SSCP exam. However, the Sec+ exam itself is simpler than the SSCP exam. Either exam is good preparation for the other. If you had to choose only one or the the other, you will get more resume recognition from the Security+ cert.
    That being said, do you think there is any tangible benefit to obtaining the SSCP certification rather than the Security+? Does it help with any CISSP prerequisites or anything like that? I know it knocks a year off of the CISSP experience requirement, but so does the Sec+ cert.
  • chickenlicken09chickenlicken09 Senior Member Posts: 507Member ■■■□□□□□□□
    some good advice there thanks, i have the security+ book already and it seems interesting. although i have the ccna already i think i would
    enjoy the security+ more. will prob skip the sscp all together if there that much overlap. that job spec gives me an indication of where i should be going.
    although its a junior role they seem to expect a certain amount of experience already so would i be right in saying it would pay better than a junior role?
    im trying to not go backwards in salary also!
  • RemedympRemedymp Posts: 834Member
    eddo1 wrote: »
    some good advice there thanks, i have the security+ book already and it seems interesting. although i have the ccna already i think i would
    enjoy the security+ more. will prob skip the sscp all together if there that much overlap. that job spec gives me an indication of where i should be going.
    although its a junior role they seem to expect a certain amount of experience already so would i be right in saying it would pay better than a junior role?
    im trying to not go backwards in salary also!

    If you already have CCNA. Push for CCNA: Security. After CCNA: Security, I would go for RHCSA.

    Taking a pinch in salary by way of transitioning from one role to another is not uncommon in IT. It's just the nature of the game.

    Being able to balance out your expertise in OS(RHCSA), Networking(CCNA), as well as Security Fundamentals (SY0-401) could be great way to become a decent security generalist.
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,309Admin Admin
    That being said, do you think there is any tangible benefit to obtaining the SSCP certification rather than the Security+?
    If the SSCP gets you a first-round interview for job that the Security+ by itself won't then that would be a tangible benefit. You are far more likely to find jobs asking for the Security+ than the SSCP, but higher paying job requiring more InfoSec experience will ask for the SSCP (and CISSP and GSEC) over the Security+. It really depends on what level you are hiring at.
  • diggitlediggitle Posts: 118Member ■■■□□□□□□□
    Just get them both....lol as you can see JDMurray has them both. I say its worth it.
    c colon i net pub dubdubdub root
  • Karthik524Karthik524 Posts: 1Registered Users ■□□□□□□□□□
    Hi JD,

    Currently i am working in Avaya TAC and i have total 5 years of experience into Networking and i am working on security devices and firewalls as well now i would like follow Information Security path so which one would be better Security + or SSCP. which certification has more value please suggest.

    Thanks,
    Karthik
Sign In or Register to comment.