SSCP vs CISSP

Eston21 · May 2015

I have a an opportunity to get a free voucher for either the CISSP or SSCP. I am trying to figure out which of these certs will be better career wise for where I am at the moment. Any advice is greatly appreciated. Here is my resume:

I am an experienced ITprofessional in various realms from RF, to Networking, and SystemAdministration. I have the ability to lead and be a team player, Iam self-motivated with a record of success managing supply teamsfocused on administrative accountability. I have effectiveinterpersonal and communication skills as well as excellent listeningskills I am a creative problem solver and my key attributes are theability to increase IT productivity, understand software solutions,and enhance the role IT plays in revenue growth and profitability foran organization.

SKILLS SUMMARY

Windows Server Operating Systems:
Windows Server 2008,R2

Workplace Software Experience:
Citrix, Avaya, Remedy, IEX, Uniphi,

CompTIA IT Solutions:
Network+, Security+ Certification, Healthcare IT Technician,Server+

Windows Client Operating Systems:
Win Vista, Win-XP, Windows 7,8

Microsoft Office Suite:
Office 2007, 2010,2013 Professional

Additional Areas of Experience:
VMware vSphere 5.1

Additional Areas of Experience:
The use of Spectrum analyzers, oscilloscopes, cable tester, toner

Additional Areas of Experience:
Communications Security (COMSEC)

Additional Areas of Experience:
Communications – HF, UHF, VHF, & RF

PROFESSIONAL HISTORY

Optum CSS (Sep 2014-present) Technical Operations CenterAnalyst

Responsible for creating access to various accounts
Finds the causality of an issue & coordinates with the correct department to get it resolved (i.e. Telecom, Networking)
Uses the established Help Desk process to handle tickets in a quick and efficient manner
Uses Active Directory to close a variety of issues i.e. account lockouts, password resets,
Contacts managers to gather information in order to diagnose and quickly resolve priority 1 issues
Installation of numerous software programs
Assist end users with basic repairs or fixes
Install, test, and repair software for use with a hand-held device
Install VPN access and troubleshot various issues

CENTURY LINK – (Feb-2013 – Sep 2014)
IT Specialist-Tier 2

Identify and troubleshoot a variety of technical issues, including PC configuration, password resets, telecommunications equipment, and LAN access
Resolve issues relative to wireless interference
Find and remove Malware
Troubleshot and configured mobile devices
Uses remote desktop to facilitate troubleshooting and software configuration
Uses Remedy ticketing software to document resolution steps
Reset passwords
Resolved 95% of support trouble tickets with first attempt

AEROTEK/LSI – (Logistics Support Inc.) - (May-2011 –Sep-2012)
Warehouse Specialist

Responsible for ensuring material issued to the Defense Disposal System to be demilitarized and disposed of was located and set up properly for disposal
Responsible for inventory control of Operating Materials & Supplies, (OM&S). Inventory was valued at $500 million

THE R&M GROUP – (Jan-2010 – Mar-2011
Instructional Designer

Developed an employee evaluation program
Primary support liaison between employees and management with regard to employee relations

U.S. AIRFORCE-325^TH COMMUNICATIONSSQUADRON – (Tyndall AFB-FL) – (Nov-2003 - Nov-2009)
RF Transmission System Engineer

Implemented and maintained network for connectivity, configuring circuits, maintaining and troubleshooting
Maintained areas of radio frequency, wireless connectivity, wide-band and ground based satellite, and encryption transmission devices
Identified problem areas using layout drawings, blueprint, schematics and pictorial devices and recommended repair strategy
Used layout drawings, schematics, and pictorial diagrams to solve maintenance problems
Managed client user accounts and organizational client device accounts
Relocated A3 Blue Force tracking system; allowing seamless transition allowed pin-point location of all Coalition assets
Restored range control’ key transmitter ensured successful air to air missile testing
Repaired tactical digital link; improved voice security/jam resistance enhanced interface to Naval operations
Assisted in joint effort w/cryto technicians; repaired faulty receiver restored AOR missile warning system
Resolved assigned incident tickets within SLA documents and documented steps to resolution

EDUCATION & CERTIFICATIONS

Villanova University- Information Systems Security Management Master’s Certificate
Villanova University- IS/IT Project Management Master’s Certificate
Southern Illinois University – Carbondale B.S. Workforce Education
Electronic Principles & RF Transmission Systems – (Kessler AFB-MS)
CompTIA – Security+, Network+ Certified, Healthcare IT Technician, Server+
Microsoft-MTA-Windows Server Fundamentals
ZyXEL Certified Network Professional -Security
ZyXEL Certified Network Professional -LTE

beads · May 2015

You'd be better off getting the SSCP done first, getting some actual experience in security then applying for the CISSP. Unfortunately, I can show you plenty of people over the past year or so with "instant credentials" like the CISSP or PMP that should not have sat for the exam not to mention not having the requisite experience in the first place.

In the case of the CISSP its the fault of current CISSP holders signing off on suspect exam takers that is killing the certification in the first place. The PMP is simple enough to **** but takes a little creativity to fill out the form and still look yourself in the face. Its now just a numbers game from what I can discern these days.

- b/eads

renacido · May 2015

Based on your level of experience specifically related to security, I recommend SSCP. If you were to take the CISSP exam at this point you will only be "Associate of ISC2", which is OK, but I think an SSCP would be a better fit for roles you qualify for at this point in your career.

kiki162 · June 2015

Would get the SSCP first, then go for CISSP

I'd remove the Zyxel certs along with the MTA (unless the job position requires it) and separate education and certifications into 2 sections. Would also remove the Healthcare IT cert unless the job requires it.

You have to remember that sometimes you'll need to tailor your resume based on the job you are applying for. You should like at being a little more descriptive on your duties...especially the last 2 jobs. Talk about some of the other tech. and software that you may have used. A lot of this stuff is good, but you can reword and consolidate some of this stuff. Also...spell check

Chinook · June 2015

Take the SSCP first. The CISSP is difficult (to say the least). It's not something you can just read books for & pass. You usually need real world experience or a real true passion for security. The exam is brutal too. Take your breaks.

newjack · June 2015

I have about 2 years exp out of college and passed my SSCP in April and just got endorsed. I highly recommend it. I have been getting calls none stop. It certainly looks good. After you get the SSCP, take a breather for a few months and start preparing for the CISSP.

techfiend · June 2015

newjack: SSCP is more beneficial then security+ for you? The security+ study I used, labsim, also covered sscp. I was debating whether to sit the sscp but the majority thought they were so much alike and sec+ is DoD endorsed that it wasn't worth it. I don't see many positions looking for either around here, mainly cissp.

renacido · June 2015

techfiend wrote: »

newjack: SSCP is more beneficial then security+ for you? The security+ study I used, labsim, also covered sscp. I was debating whether to sit the sscp but the majority thought they were so much alike and sec+ is DoD endorsed that it wasn't worth it. I don't see many positions looking for either around here, mainly cissp.

Until you're eligible for CISSP, it's really a question of what is more marketable between SSCP or Associate of ISC2, and based on what I've seen the answer is SSCP.

techfiend · June 2015

ISC2 associate = CISSP without the required experience right? In that case I bet most people put CISSP even if they technically aren't but yes ISC2 SSCP sounds more advanced then Associate of ISC2. I'm afraid the cert is losing some of it's prestige, it seems to be a high demand cert and they must be filling the roles. I've always (mis)understood CISSP as the CCIE of security or are SANS certs more on that level?

renacido · June 2015

techfiend wrote: »

ISC2 associate = CISSP without the required experience right? In that case I bet most people put CISSP even if they technically aren't but yes ISC2 SSCP sounds more advanced then Associate of ISC2. I'm afraid the cert is losing some of it's prestige, it seems to be a high demand cert and they must be filling the roles. I've always (mis)understood CISSP as the CCIE of security or are SANS certs more on that level?

People can write whatever they want on their resume, but when I search for them in ISC2's index of CISSPs to verify what they've told me and they aren't in ISC2's list, that resume goes in the shredder and they're blacklisted in our HR department for all future openings.

I recently passed the CISSP exam, and have more than enough experience in infosec to qualify, but until ISC2 finishes their review of my endorsement package and sends me my notification that I'm officially a CISSP, I'm NOT a CISSP yet.

CISSP is in very high demand and like every cert there is an ongoing battle with exam piracy, corruption in test centers, etc., as well as CISSPs endorsing freshers who lack the required experience to meet the requirement. So yeah I run into CISSPs who don't know jack squat and their infosec background is as thin as the paper their exam results were printed on. I just met with a guy last week who announced at the start of the meeting "I'm a CISSP" but 30 minutes later admitted he has less than 2 years of experience and only got the cert so the consulting firm he worked for could use it in their marketing.

CCIE is a high-level, highly technical, vendor-specific cert (certs actually, there are CCIE R&S, Voice, Security,...) whereas CISSP is a security management-oriented, advanced general practitioner cert. SANS certs are for the most part specific to a particular infosec role (pentester, incident handler, application tester, forensic analyst, etc). If there is a sort-of equivalent to the CCIE of all the infosec certs, it would be the GIAC GSE or the OffSec OSCE, depending on who you ask. Security guys can be very parochial and seem to think their area or background is all there is to the field. Pentesters think the red team is smarter than the blue team. Network security guys think everyone makes their bones in infosec setting up router and firewall ACLs. Application security guys think if you can't code in 4 languages with one of them being Ruby or Python then you're not a "real" security guy. Database security guys look at you like you're a tard if you can't explain ACID transactions. Too little sleep and too many energy drinks I think.

techfiend · June 2015

Thanks for clarifying, security certs cover such a wide area it's tough to follow. So CISSP is like an advanced comptia, speaking of that where does CASP sit, between SSCP and CISSP?

Also CEH that's a midlevel pen testing cert right? Would you say it's more or less advanced then mcse-security?

renacido · June 2015

techfiend wrote: »

Thanks for clarifying, security certs cover such a wide area it's tough to follow. So CISSP is like an advanced comptia, speaking of that where does CASP sit, between SSCP and CISSP?

Also CEH that's a midlevel pen testing cert right? Would you say it's more or less advanced then mcse-security?

CISSP is only similar to Sec+ in that it's vendor-neutral and it's a general practitioner security cert, that's about where the similarities end. CISSP is somewhat less technical than Sec+ but that's by design, CISSP is meant for seasoned infosec veterans moving into management roles. It is much broader and many of the questions rely on real-world experience to be able to answer correctly (they test your judgement and ability to apply knowledge, not just memorize it).

I've not taken CASP but I'm told it's a an advanced technician cert, more difficult and more technical than Sec+.

MCSE:Security is no longer offered by Microsoft, it was an advanced security specialization for MCSE Win2003/2008. It required passing 8 Microsoft exams in total, with the final 2 specific to securing a Windows Server enterprise network.

C|EH is more of a beginner-intermediate pentesting cert, though it is actually well suited for those doing internal pentesting, auditing, vulnerability management, incident response, etc., who would benefit from understanding the most commonly-used tactics, techniques and tools used by attackers and therefore be able to identify anomalies, find vulnerabilities, remediate them, and validate the remediations.

newjack · June 2015

techfiend wrote: »

newjack: SSCP is more beneficial then security+ for you? The security+ study I used, labsim, also covered sscp. I was debating whether to sit the sscp but the majority thought they were so much alike and sec+ is DoD endorsed that it wasn't worth it. I don't see many positions looking for either around here, mainly cissp.

When I am in an interview, I don't think it really matters. When you have both it looks good because it means that you're not stopping with your current skill set and you are willing to learn more then you already know. Which I try to show in my interviews along with my 2 years experience. SSCP without a doubt carries more weight then the Sec+, and I believe are now both required from a DoD standpoint anyways.

But from an interview standpoint, if you go in without much experience like myself, having both is a huge plus... It can't hurt. Both certification are similar, Sec+ wording is straight forward ISC2 is bit more trickier and gets into a bit more depth.

Remedymp · June 2015

newjack wrote: »

When I am in an interview, I don't think it really matters. When you have both it looks good because it means that you're not stopping with your current skill set and you are willing to learn more then you already know. Which I try to show in my interviews along with my 2 years experience. SSCP without a doubt carries more weight then the Sec+, and I believe are now both required from a DoD standpoint anyways.

But from an interview standpoint, if you go in without much experience like myself, having both is a huge plus... It can't hurt. Both certification are similar, Sec+ wording is straight forward ISC2 is bit more trickier and gets into a bit more depth.

The Security+ has twice as many job postings listed, than the SSCP.

SSCP vs CISSP

Comments