SSCP next week, am I ready?

relegated

I am taking the SSCP next week to renew my Security+ and also want to get my CISSP. I took the Security+ 3 years ago and I found it to be an easy test. As I read through SSCP AIO book I am finding the material to be very similar to the Security+. without breaking NDA is this book enough to get me through? If I know the material in the book should I be good to go?

tedjames

After I earned Security+, I started studying for SSCP. I went through Darril Gibson's SSCP AIO very quickly and thought it was just a kind of enhanced Security+ study guide. To be fair, he did a great job following the SSCP course objectives. It's just that his SSCP AIO didn't go as deep as it needed to. Someone recommended that I study CASP to prepare for SSCP, since CASP is also a practitioner-based certification but on a higher level than SSCP. I bought Michael Gregg's CASP guide and studied the sections that related to SSCP. Then I went through the same thing with Cybrary's CASP, CISSP, Cryptography, and Cloud+ training. And of course, I kept up with all of the technical things that I had to memorize for the Security+ exam (ports, RAID, etc.). I will always recommend using more than one source for training, because everybody has a different point of view and some are better at explaining difficult topics. For example, Kelly Handerhan's (Cybrary) talk on PKI really clicked for me. I was never able to understand it fully from any other source. But after listening to her explain it, the lightbulb in my head went off. Finally I got it. And understanding PKI helped me on the test. The same holds true for so many other topics. For example, knowing all of the common port numbers and how they are used made a difference for me.

I suggest you download the SSCP exam objectives and go through them one at a time and make sure that you're really confident about them. They're there for a reason. You will likely be tested on all of them, some in more detail than others. Spend a lot of time this weekend watching the CISSP, CASP, Cloud+, Security+, and Network+ videos that pertain to the SSCP objectives. Do it by domain. Also, go over the domains that are easy for you first and save the tougher ones for last so they'll be fresher in your mind come test day.

Also, pay for some time on CCCure and go through as many practice questions as you can. It made a difference for me. If you don't feel confident about every domain based on the objectives, you may consider rescheduling your exam.

Tongy

I used Darrils AIO book only and passed. You seem fairly confident of your chances, give it a shot.

Remedymp

I sat for the exam and actually found it like someone else to be really "wordy", and not as technical. I would rank SY0-401 higher because of the simulations involved. The problem with ISC2 exams that it's more of a english comprehension test than anything else. If they would just ask direct questions, and give direct answers people would fair better. For what-ever reason, there is a urgency to 'trick' people. The objective should NOT be to trick, but to test knowledge.

Probably one of the reasons why the SSCP doesn't get as much recognition as Security+ is the reasons mentioned above. Would I take it again? No. If you already have Security+, it really doesn't make sense to take the SSCP. You would better off taking either the CASP or GSEC.

Tongy

He's taking the exam, bit harsh to run the cert down tbh. Sec+ whilst "easier" was a more honest test of fact retention, rather than reasoning why one is the better of two possible answers given the question posed. For me SSCP was a step up from Sec+ and was quite tough (not sure how tough since I never got a numbered score) - best of luck to you OP!

relegated

My goal is to get my CISSP however I waited too long on my Security+ renewal and didn't have time to study for the CISSP before it expired and I wanted to keep it for now. I looked at the CASP but the SSCP seemed like a better track. I am going to schedule the exam for sometime this week, ill report back on how I do.

relegated

I took the exam this morning and passed. Some questions I knew right away no problem, others I wasn't really sure, and some I had no idea. I didn't think I would pass about half way through the exam but I'm glad I did. Pretty much only used the AIO book, did a little Cybrary and some other things.

tedjames

Fantastic! Congrats! I felt the same way. Halfway through the exam, it seemed like I was guessing half the time. But when I finished, I reviewed all of my answered and kept track of all of the answers I felt I had gotten right. I counted at least 111 of 125. That was enough for me to walk out with confidence, knowing that I had passed. Sure enough, the proctor handed me my paper indicating a pass. It was a great feeling.

Something to watch out for: ISC2 audits a certain percentage of endorsements. Mine was audited. I still don't know why. Anyway, I had to resubmit the paperwork. It was approved the second time. Hopefully, yours will be approved right away.

Tongy

Congratulations on your pass. It was a relief when it's over and you'd hearts in your mouth to see the words. Endorsement doesn't take too long and I hope it's pain free, the certificate is nice

I felt that I wasn't sure on quite a few of the questions but took my best shot with the knowledge I had and it appears to have been fine. Some people run the cert down but I think it's good, sitting somewhere between Sec+ and GSEC - it doesn't get the recognition that it should have imho.

Congrats again!

alfred06

Hey, just going to reply here since this is the only SSCP exam post here. I just took the exam and passed it this morning. Just like you guys I thought I was going to fail, the first 20 questions that I got I didn't I read in the AIO book. was already regreting I scheduled the test with just 2weeks of study.(2weeks for the book because I recently took the Sec+ and passed that). Finished the 125 in 1hr30mins(flagged about 40-50) but since I had 1hr30mins left I just went through ALL the questions again finished that with 1min left. bout 40 questions I wasnt sure of my answer.

the test was pretty tricky. memorization dont help here, you have to understand each domain. the AIO book helped but I felt didnt cover the whole exam. I was trying to ready the ISC2 study guide but found myself unable to focus reading it so I skipped that. which I think would have help cover topics not in AIO.

Ted/Regalated/Tongy, what are you guys up to now? should I start going for CISSP?

gncsmith

Congrats!

tedjames

Alfred, congrats on your pass. I felt that memorization (ports, OSI, etc.) helped me along with having a good understanding of each domain. When I studied, I focused on one domain at a time rather than the exam as a whole.

I was going to go right into CISSP, since SSCP covers so much of what's in CISSP. However, I started a new job not too long after I passed SSCP, and my boss encouraged me to work on my technical skills instead. So I recently enrolled in the eLearnSecurity Penetration Testing Student program. When I finish that, I'll probably work on the Penetration Testing Professional course. I'll probably work on CISSP after that.

It just depends on where you want to go with your career. If you want to get into management, risk, privacy, auditing, privacy, or something similar, you would probably be better off concentrating on CISSP, CISA, CISM, CRISC, or CIPP. If you want to go the technical route, you should consider penetration testing.

relegated

I plan on going for my CISSP next but need more time to study than I gave myself for the SSCP based on how that test went. Want a little break though for now and may wait until my next job pays for it.

alfred06

Nice Ted, wish I can find Company like that here on Guam. Most if not all of the IT here are all around they dont just focus on Security, small companies here on the island. I think only federal IT jobs have a dedicated Security teams. I like the idea of the hands on but maybe after CISSP. getting CISSP might get me an interview. then maybe have the next job pay for other certs like Relegated
well good luck guys, I plan on CISSP maybe Nov-Dec, I'm gonna take my time with this one.

tedjames

Someone I know went to work in IT for a local company. He also happened to have an interest in security and noticed that his new company wasn't doing much of anything related to security. So he suggested to his boss that he be allowed to start building a security program. They let him budget a little of his time each week into building a security program. That was about 10 years ago. He's now head of security for his company. You may consider doing the same at your company.

Yes, definitely take your time with CISSP or any other certification.

alfred06

That may be a good idea, might just do that. I studied Security+ about 1month, then SSCP bout 2 weeks after Sec+. thats 5hrs on weekdays and all day weekends(8-12hrs). Hopefully 6-7Months for CISSP should be good.