Sscp

Tongy

Took my SSCP today and passed - however it was much harder than I had expected.

I used the most up to date ISC2 SSCP CBK and Darril Gibsons AIO 2nd edition books, and they are badly out of date as to the content of the exam. The tests on the CD and throughout both books bore very little resemblance (even in their format) to the exam.

However, since they are all that is available, learn all the domains, all the concepts and just apply common sense and you should be fine, although I got to about halfway and seriously started to panic!

Tongy

Mike-Mike

Congrats, glad to hear you passed, thanks for the material review

twodogs62

Congrats, thanks for letting us know study material.

Sheiko37

I agree about Gibson's practice questions not matching very closely to the exam.

Tongy

Don't get me wrong, the books are both very good at explaining the basics of infosec - however to tout something as an All in One is perhaps not as true now as it was when it was first released.

It was tough and I'm very glad to see it in my rear view mirror!

CryptoPunk

Congrats Tongy to pass exam. What do you mean that mentioned materials are out dated? I think the concept of security should be still the same. But, there can be difference that exam could be updated with questions about new technologies like IoT, Cloud security, mobile secuity etc. For example when I have checked ,,SSCP exam outline" from April 15, I have found things like COPE and BYOD which are not mentioned in AIO book (i think). Am I right? And I have another two questions Where the questions on exam more technical like ,,Which protocol is running on port 22" or you have to need know the concept? Which domain was the most tricky on exam for you? Thanks and GL in your career.

ccnpninja

Congrats!

Tongy

The questions were not written like they are in either of the books I looked at. I was expecting tricky negative/double negative questions.... Nope, they had made them much more about reasoned response not regurgitation of facts.... In that you had to draw on the facts that you knew about a topic to give the closest answer of the ones presented. In all a better way but it totally threw me.

XaaS, cloud etc were there - however virtually nothing on crypto and a single port question relating to nat'd traffic in a firewall log.

Like I said, it was probably a better test of your all round knowledge just didn't think any of the materials available really prepared me to feel confident with the format of the test, despite being confident in my knowledge of the subject.

Tongy

Oh and it's considerably harder than security+ which was a walk in the park compared with SSCP - imho of course!

wayne_wonder

Tongy wrote: »

The questions were not written like they are in either of the books I looked at. I was expecting tricky negative/double negative questions.... Nope, they had made them much more about reasoned response not regurgitation of facts.... In that you had to draw on the facts that you knew about a topic to give the closest answer of the ones presented. In all a better way but it totally threw me.

XaaS, cloud etc were there - however virtually nothing on crypto and a single port question relating to nat'd traffic in a firewall log.

Like I said, it was probably a better test of your all round knowledge just didn't think any of the materials available really prepared me to feel confident with the format of the test, despite being confident in my knowledge of the subject.

I'm in the UK too and thinking about doing this or the ceh 1st

Tongy

The CEH and SSCP are quite different, what direction are you headed in your career

wayne_wonder

Not sure yet I'm currently a technical consultant and the end goal is to either get into security architecture/consultant or pen testing but on the pen testing side you've probably got to do a programming language etc and not sure i have the desire for that after all these years.

What do you currently do?

Tongy

I work as a security consultant for a financial company at the moment myself so most likely CISSP for me!

wayne_wonder

That's where I want to head got experience of security from working for the met police for 4 years and now a consultant so this is a logical step! Only thing I'd miss if I went into full time security is working from home like I do now

Tongy

I hope you get to where you want to be!

An SSCP/GSEC/Security+ will all help make the CV look better for someone hiring.

wayne_wonder

Cheers mate really need to decide what I actually want to SME in

Tongy

No problem, until you are sure which path to go down, general Infosec quals aren't the worst thing you could do.

I thought sec+, although basic, laid a pretty good foundation from which to build, and carries some weight.... Showing that you are prepared to start at the "bottom" (not fair, but illustrative) so you should get props for that alone!

wayne_wonder

Yeah I'll be probably go down the siem consultant route I think as if still be close to the tech side of things! Vulnerability side appeals to me

I'd be paying for the Cerys myself so don't wanna do a sec+ and waste money when I know that stuff already

Tongy

Ok, it's CISSP for you, then! Or if you fancy doing pen tester stuff try OSCP. CEH might be a little more GP than surgeon

wayne_wonder

Haha yeah if it was work then they'd pay but we're a Cisco and Microsoft consultancy there was tsk of a security constancy but that died down but this is my own money and most of the domains I have experience in from working in the public sector so with that and serious study I could probably do it

Tongy

I suppose it all comes down to whether you think that the outlay justifies the cost. It's a cert and means nothing (some people think) others put great stock in them... I am one of those people.

For me? Im in this game for the long haul, and £200 per exam is absolutely justifiable... Since the longer term gain is orders of magnitude greater. Short term loss perhaps... But that's a half decent night out in town and if it gets you CV to the top of the pile then personally I see that as money well spent.

wayne_wonder

Totally agree and I'm also of that thinking it's about the long term goal and doing these will solidify my work now and in the future. Haha yeah that's deffo a night out with the lads. I don't mind starting with the sscp but no new material seems to be out and the risk of doing the cissp or ceh/oscp and failing would hurt the pocket right now.

Tongy

Easy... Don't fail

SSCP isn't a "basic" cert imho, it's a stepping stone to something bigger/better. Whether it's CISSP or CISM - I see my future in management, God knows I've done my time in the trenches

wayne_wonder

Haha true!

Yeah I wouldn't say it was seems very underrated! You and me both mate it's time to be the boss I've done my time too

Tongy

I'm not on a power trip or anything, I'd just like to be the one making more of the decisions.

For what it's worth, here is the outline for the "new style" exam: https://www.isc2.org/uploadedfiles/(isc)2_public_content/exam_outlines/sscp-exam-outline-april-2015.pdf

I'd recommend it but it's up to you as to whether you reckon it's worth doing.

wayne_wonder

Yeah I know what you mean but I find my work try and give people more responsibility without reflecting it on the wage and try and bleed you for every ounce they can

Tongy

Time to be a little more mercenary, get some quals and find a new job! I've worked for companies who promise loads, deliver little and have cheek to say I was under performing at performance review time... If they ever did one!

Invest some of your own dosh in yourself to get some certs - think of it like a relationship... This ones gone bad, time to get out there again.... some people stay at a crap job believing that this is all their is and this all they can ever get. Balls to that

wayne_wonder

I plan to its all about timing this side of Xmas is a no go but after x mas hopefully have my Certs then look to go elsewhere

Tongy

Nice, good luck!

Let us know if you're going to do the SSCP, and what your experiences with it all are.

bingo_delhi

congrats for your great achievement

Tongy

Thanks, just got to get it endorsed and approved... Which apparently can take a while!