Options

Sscp

TongyTongy Member Posts: 234
Took my SSCP today and passed - however it was much harder than I had expected.

I used the most up to date ISC2 SSCP CBK and Darril Gibsons AIO 2nd edition books, and they are badly out of date as to the content of the exam. The tests on the CD and throughout both books bore very little resemblance (even in their format) to the exam.

However, since they are all that is available, learn all the domains, all the concepts and just apply common sense and you should be fine, although I got to about halfway and seriously started to panic!

Tongy
«1

Comments

  • Options
    Mike-MikeMike-Mike Member Posts: 1,860
    Congrats, glad to hear you passed, thanks for the material review
    Currently Working On

    CWTS, then WireShark
  • Options
    twodogs62twodogs62 Member Posts: 393 ■■■□□□□□□□
    Congrats, thanks for letting us know study material.
  • Options
    Sheiko37Sheiko37 Member Posts: 214 ■■■□□□□□□□
    I agree about Gibson's practice questions not matching very closely to the exam.
  • Options
    TongyTongy Member Posts: 234
    Don't get me wrong, the books are both very good at explaining the basics of infosec - however to tout something as an All in One is perhaps not as true now as it was when it was first released.

    It was tough and I'm very glad to see it in my rear view mirror!
  • Options
    CryptoPunkCryptoPunk Member Posts: 9 ■□□□□□□□□□
    Congrats Tongy to pass exam. What do you mean that mentioned materials are out dated? I think the concept of security should be still the same. But, there can be difference that exam could be updated with questions about new technologies like IoT, Cloud security, mobile secuity etc. For example when I have checked ,,SSCP exam outline" from April 15, I have found things like COPE and BYOD which are not mentioned in AIO book (i think). Am I right? And I have another two questions :) Where the questions on exam more technical like ,,Which protocol is running on port 22" or you have to need know the concept? Which domain was the most tricky on exam for you? :) Thanks and GL in your career.
  • Options
    ccnpninjaccnpninja Member Posts: 1,010 ■■■□□□□□□□
  • Options
    TongyTongy Member Posts: 234
    The questions were not written like they are in either of the books I looked at. I was expecting tricky negative/double negative questions.... Nope, they had made them much more about reasoned response not regurgitation of facts.... In that you had to draw on the facts that you knew about a topic to give the closest answer of the ones presented. In all a better way but it totally threw me.

    XaaS, cloud etc were there - however virtually nothing on crypto and a single port question relating to nat'd traffic in a firewall log.

    Like I said, it was probably a better test of your all round knowledge just didn't think any of the materials available really prepared me to feel confident with the format of the test, despite being confident in my knowledge of the subject.
  • Options
    TongyTongy Member Posts: 234
    Oh and it's considerably harder than security+ which was a walk in the park compared with SSCP - imho of course!
  • Options
    wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Tongy wrote: »
    The questions were not written like they are in either of the books I looked at. I was expecting tricky negative/double negative questions.... Nope, they had made them much more about reasoned response not regurgitation of facts.... In that you had to draw on the facts that you knew about a topic to give the closest answer of the ones presented. In all a better way but it totally threw me.

    XaaS, cloud etc were there - however virtually nothing on crypto and a single port question relating to nat'd traffic in a firewall log.

    Like I said, it was probably a better test of your all round knowledge just didn't think any of the materials available really prepared me to feel confident with the format of the test, despite being confident in my knowledge of the subject.


    I'm in the UK too and thinking about doing this or the ceh 1st
  • Options
    TongyTongy Member Posts: 234
    The CEH and SSCP are quite different, what direction are you headed in your career
  • Options
    wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Not sure yet I'm currently a technical consultant and the end goal is to either get into security architecture/consultant or pen testing but on the pen testing side you've probably got to do a programming language etc and not sure i have the desire for that after all these years.

    What do you currently do?
  • Options
    TongyTongy Member Posts: 234
    I work as a security consultant for a financial company at the moment myself so most likely CISSP for me!
  • Options
    wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    That's where I want to head got experience of security from working for the met police for 4 years and now a consultant so this is a logical step! Only thing I'd miss if I went into full time security is working from home like I do now
  • Options
    TongyTongy Member Posts: 234
    I hope you get to where you want to be!

    An SSCP/GSEC/Security+ will all help make the CV look better for someone hiring.
  • Options
    wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Cheers mate really need to decide what I actually want to SME in
  • Options
    TongyTongy Member Posts: 234
    No problem, until you are sure which path to go down, general Infosec quals aren't the worst thing you could do.

    I thought sec+, although basic, laid a pretty good foundation from which to build, and carries some weight.... Showing that you are prepared to start at the "bottom" (not fair, but illustrative) so you should get props for that alone!
  • Options
    wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Yeah I'll be probably go down the siem consultant route I think as if still be close to the tech side of things! Vulnerability side appeals to me

    I'd be paying for the Cerys myself so don't wanna do a sec+ and waste money when I know that stuff already
  • Options
    TongyTongy Member Posts: 234
    Ok, it's CISSP for you, then! Or if you fancy doing pen tester stuff try OSCP. CEH might be a little more GP than surgeon :)
  • Options
    wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Haha yeah if it was work then they'd pay but we're a Cisco and Microsoft consultancy there was tsk of a security constancy but that died down but this is my own money and most of the domains I have experience in from working in the public sector so with that and serious study I could probably do it
  • Options
    TongyTongy Member Posts: 234
    I suppose it all comes down to whether you think that the outlay justifies the cost. It's a cert and means nothing (some people think) others put great stock in them... I am one of those people.

    For me? Im in this game for the long haul, and £200 per exam is absolutely justifiable... Since the longer term gain is orders of magnitude greater. Short term loss perhaps... But that's a half decent night out in town ;) and if it gets you CV to the top of the pile then personally I see that as money well spent.
  • Options
    wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Totally agree and I'm also of that thinking it's about the long term goal and doing these will solidify my work now and in the future. Haha yeah that's deffo a night out with the lads. I don't mind starting with the sscp but no new material seems to be out and the risk of doing the cissp or ceh/oscp and failing would hurt the pocket right now.
  • Options
    TongyTongy Member Posts: 234
    Easy... Don't fail ;)

    SSCP isn't a "basic" cert imho, it's a stepping stone to something bigger/better. Whether it's CISSP or CISM - I see my future in management, God knows I've done my time in the trenches :)
  • Options
    wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Haha true!

    Yeah I wouldn't say it was seems very underrated! You and me both mate it's time to be the boss I've done my time too
  • Options
    TongyTongy Member Posts: 234
    I'm not on a power trip or anything, I'd just like to be the one making more of the decisions.

    For what it's worth, here is the outline for the "new style" exam: https://www.isc2.org/uploadedfiles/(isc)2_public_content/exam_outlines/sscp-exam-outline-april-2015.pdf

    I'd recommend it but it's up to you as to whether you reckon it's worth doing.
  • Options
    wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Yeah I know what you mean but I find my work try and give people more responsibility without reflecting it on the wage and try and bleed you for every ounce they can
  • Options
    TongyTongy Member Posts: 234
    Time to be a little more mercenary, get some quals and find a new job! I've worked for companies who promise loads, deliver little and have cheek to say I was under performing at performance review time... If they ever did one!

    Invest some of your own dosh in yourself to get some certs - think of it like a relationship... This ones gone bad, time to get out there again.... :) some people stay at a crap job believing that this is all their is and this all they can ever get. Balls to that :)
  • Options
    wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    I plan to its all about timing this side of Xmas is a no go but after x mas hopefully have my Certs then look to go elsewhere
  • Options
    TongyTongy Member Posts: 234
    Nice, good luck!

    Let us know if you're going to do the SSCP, and what your experiences with it all are.
  • Options
    bingo_delhibingo_delhi Registered Users Posts: 1 ■□□□□□□□□□
    congrats for your great achievement icon_study.gif
  • Options
    TongyTongy Member Posts: 234
    Thanks, just got to get it endorsed and approved... Which apparently can take a while!
Sign In or Register to comment.