Got my SSCP last year, what to do now?

nksprtsnksprts Registered Users Posts: 3 ■□□□□□□□□□
My background is I have a BA in MIS, and was working IT for a company. I recently moved over to a security analyst a few years ago when they created the dept. I studied and passed the SSCP on my first try last year, and they have budgeted me the money for another security certification, but question is what to do? Money isnt really an issue as for SSCP they gave me like $5000, so I was able to buy whatever books/study guides I wanted, and paid for a virtual instructor led boot camp.

For the SSCP I studied about 2 months, used the Shon Harris all in one and read it front to back while taking notes. Also used alot of the practice exams from CCure, then took the boot camp which was M-F, and I took the exam the following Monday.

I would think the next logical thing would be for me is the CISSP???To be honest with you , from all I read from people I am a bit intimidated by the CISSP. Should I bite the bullet and go for it? I had a bunch going through my head:

GCIH
CISSP
CISM (But don't meat the criteria yet for work experience)
Security+
OSCP

Any direction or help would be greatly helpful.

thank you!

Comments

  • goatamagoatama Member Posts: 181
    What does "a few years ago" mean? Was it at least four years? If so, then you should be fine on the experience qualifications for the exam.

    As far as another exam, of the list you provided you have a wide range of skills represented - Incident handling, management (x2), intro to security, and advanced pentesting/exploitation. You mentioned that you're a security analyst, but the job duties for that vary widely in the industry, so where do your interests, training, and skillset lay?

    GCIH is fairly highly regarded, at least in job postings, so if you have IH experience, or desire to work in that area, I'd say go for that. Skip the Sec+ if you already have your SSCP. CISSP/CISM are both managerial in nature, with the latter requiring three years of explicit managerial experience, so if you're not ready for that, you may want to pass. Last is the OSCP; if you have red team or pentesting experience, I'd recommend that. If not, you may want to look at a "lighter" hacking cert like the C|EH or something first.
    WGU - MSISA - Done!!
    Next up: eCPPT, eWDP, eWPT, eMAPT
Sign In or Register to comment.