Recommendations possible enroute to SSCP

tehfuzztehfuzz Registered Users Posts: 1 ■□□□□□□□□□
Hello All,

First time caller, long time lurker. I passed my Security + exam on 06/30 of this year and have been trying to evaluate where I will take my next step in my certification path. I realize that it depends on what I would like to do, and I believe I would like to find myself in a position as an infosec engineer, or a Incident Response Forensics analyst.

Being that Sec+ is fundamentals... would the SSCP be a good next step for me? For those that are SSCP certified what materials did you end up using? I have read a mixed bag of replies and reviews on what to buy. Not quite sure yet.

Any advice / tips would be appreciated!

Thanks,

Fuzz

Comments

  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
  • TongyTongy Member Posts: 234
    I did Sec+ followed 2 months later by SSCP. Would I recommend it? Yes, if you are ramping up to something bigger. Ideally CISSP should follow, since the similarities are glaring and payoff is far bigger.

    Me? I'm doing CISM then maybe GSEC (through work) then CISSP. After that, who knows!
  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
    Well, I take the Sec+ exam on Thursday and then I'm not sure what I'm on to after that. I've been looking at the SSCP before I kick off studying for the CCENT and WireShark cert. I have been working as the security manager for an HRIMS for 4 years and I'm extremely interested in pursuing security, however, as I understand things at this point, it would be very beneficial for me to learn more about the network side of the house.

    What were your study materials?
  • TongyTongy Member Posts: 234
    For Sec+ - Darrill Gibson only
    For SSCP - Darrill Gibson 2nd edition and ISC2 CBK (latest edition) - you can use CISSP material, too.

    You just need to know the domains, if you feel comfortable with the material, you'll pass.... That counts for both exams. Sec+ is straight forward with far less confusing questions than SSCP :)
  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
    Nice, thanks for the info.

    I have the Sec+ - Darrill Gibson book; read it and watched the PluralSight videos
    I'll pick up the SSCP - Darrill Gibson book; nice to have the save author again. I'll also pick up the ISC2 CBK (latest edition) and I have some CISSP books in pdf form I got from a friend as well as some videos he shared with me.

    So SSCP has some confusing questions? Seems like all the certs have some...shame.
  • TongyTongy Member Posts: 234
    Ok, perhaps confusing is the wrong word. It's the structure - which is the least important...., what would be the most....

    That sort of thing.
  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
    Ah, yes, that makes sense. Thanks again!
  • TongyTongy Member Posts: 234
    Good luck with Sec+ on Thursday btw...
  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
  • ivandavidsivandavids Member Posts: 50 ■■□□□□□□□□
    @gncsmith - two things I notied on the SSCP - Darrill Gibson book. Firstly, Table 2.2 on page 69 - Biba model incorrectly reads as "No write down, no read up". Secondly, Page 133 incorrectly indicates that IPSEC protocol ID for AH is 50 and ESP is 51. Other than the book needing an update to include some additions to the 2015 SSCP, the book is a very easy to read and concise. I would still recommend to anyone preparing for the SSCP exam. All the best for the Sec + exam.
  • tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
    I passed Security+ in August 2014 and SSCP in April 2015. For SSCP, I used Darril's book. I believe he has published an errata on his website to cover those errors.

    Regarding SSCP study materials, I created a spreadsheet outlining all of the domains based on the official CIB bullet points. ISC(2)gives you those for a reason. This is what you should know to be ready for the test. After creating the spreadsheet, I found as many sources of reference for each domain and made sure that I covered every bullet point. I used these sources:

    - Darril Gibson's SSCP All-in-One (extremely well written but a little too close to his Security+ book)
    - Michael Gregg's CASP study guide: Amazon.com: CASP CompTIA Advanced Security Practitioner Study Guide: Exam CAS-002 (9781118930847): Michael Gregg: Books SSCP is a practitioner-based certification. I figured that if I study above what I need, it'll give me an edge.
    - Cybrary CASP, CISSP, Cryptography, and Cloud+ training (Kelly Handerhan's CASP lectures are fantastic, especially her discussion on PKI. Because of her, I get it.)
    - CCCure SSCP and CISSP practice questions and flash cards (definitely worth the tiny expense)

    Regarding using other sources, no need to read the entire book. Just study the sections that correspond to the cert you're studying for.

    For Security+, I created a memory **** (NOT a brain ****) that included port numbers, RAID, incident handling steps, encryption types, etc. It's about four pages. I just created this as I studied. I practiced writing these things out from memory every day (backwards and forwards) to keep them in my head. It really paid off, because it was very easy to jot these items down on my scratch paper during the test. This really helped with the SSCP exam.

    I finished the exam in less than two hours. I felt really confident going in. But after I finished, I felt like I had guessed too many of the answers. I went back and doublechecked my work. I changed only a few answers that I realized that I gotten wrong. If you do this, be careful not to second guess yourself. As I reviewed each answer, I kept a tally of the answers I knew I had gotten right. I ended up with at least 111 of 125. There may have been more, but at that point I knew I had passed. So I walked out feeling really good about it. The paper the proctor gave me verified that I passed. I wish they could've given me a score, but the important thing is that passed.
  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
    Wow, thanks ivandavids for the additional information on the book.
  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
    Thanks tedjames for all the additional information and suggests for reading/watching to learn more; I'll definitely add them to my studies list. I'll look into making a memory **** for the Sec+ too, this seems like what I've been doing already to learn the material just not as formal as that. I usually learn the best by rewriting my notes, etc. but this would take it to the next level.

    What's next for you btw?
  • wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Pluralsight have just updates their SSCP course there's supposed to be 8 new vids but they've just finished the first 5 and added them over 15hrs of content so far not had chance to have a look
  • tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
    gncsmith wrote: »
    Thanks tedjames for all the additional information and suggests for reading/watching to learn more; I'll definitely add them to my studies list. I'll look into making a memory **** for the Sec+ too, this seems like what I've been doing already to learn the material just not as formal as that. I usually learn the best by rewriting my notes, etc. but this would take it to the next level.

    What's next for you btw?

    Forgot to mention that I studied by domain and concentrated on the easy ones first and saved the tough ones for last so they'd be fresher in my mind come test time.

    When I was studying for Security+, I subscribed to Darril Gibson's site and took advantage of his test questions (especially the performance-based questions). That really put me over the top.

    What's next for me? I had started working on CISSP, but I've recently switched gears and am going to focus on ethical hacking/penetration testing. I started a new job at the end of August, and I've found that building up my technical skills and knowledge of the tools will get me a lot further at this agency (work for the state) than a CISSP. I found a great book on penetration testing with the Raspberry Pi on the Packt site, so I'm going to combine that with studying for CEH (and eventually OSCP, maybe).
  • techsecuritytechsecurity Member Posts: 34 ■■□□□□□□□□
    Hello guyz,

    This is my first post here so be kind with me. I am interested in pursuing the SSCP certification although I have not one year of experience in infosec (four months only) and I am thinking of taking the exam prior the completion of the required one year in order to become an associate etc. I hold a BSc and a MSc in computer networks with concentration in infosec and CCNA. I was reading this thread (and not only) and I found all the information very helpful. Before I thank you for your contribution I would like to ask a few questions about the SSCP material. What is your opinion about the official study guide? because I haven't seen anyone mention anything about it. Also what about The Official (ISC)2 Guide to the SSCP CBK, 3rd Edition? And finally how much is the average time of studying for the test?(If anyone can tell). Thanks in advance
  • eth0eth0 Member Posts: 86 ■■□□□□□□□□
    tedjames wrote: »
    For Security+, I created a memory **** (NOT a brain ****) that included port numbers, RAID, incident handling steps, encryption types, etc. It's about four pages. I just created this as I studied. I practiced writing these things out from memory every day (backwards and forwards) to keep them in my head. It really paid off, because it was very easy to jot these items down on my scratch paper during the test. This really helped with the SSCP exam.

    Can you scan and upload it :P?
  • tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
    eth0 wrote: »
    Can you scan and upload it :P?

    Sure! It's actually in an MS Word file, so if you'd rather, I can upload that. Or I can **** it to PDF. Can somebody tell me how to upload a file?

    Otherwise, I can just copy and paste the text here.

    I can also email it to you if you prefer.
  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
    I'm interested too just to compare.
  • ivandavidsivandavids Member Posts: 50 ■■□□□□□□□□
    techsecurity - the Official (ISC)2 Guide is alot more of a dry read and is not as concise as some of the other books mentioned in the thread. The amount of study time you put in is is entirely up to you. I read the Darril Gibson books once, watched Pluralsight videos, and the cryptography videos on Cybrary. I am fortunate enough to have access to the Skillsoft free practice exams through my employer. After taking the practice tests 3 times I felt comfortable enough to book the exam. I took the exam on the 13-10-2015 and it was not hard at all. The questions were very different from the ones I have seen, however, if you understand the concepts and main points taught in each domain you're set! There is enough time to go through each question at least twice... so take your time and don't leave anything unanswered! When in doubt, trust your gut!

    To anyone taking the exam, all the best!



Sign In or Register to comment.