SSCP Passed!

Took the SSCP exam today and passed!

Overall Preparation (about 1 month after taking the network + exam)
1. Read and study the Darril Gibson All In One book once. The second time, I went over the stuff I wasn't sure about. Did the practice exams twice.
2. Had a Security + book skimmed over that, and did the practice exams from it. It also came with some labs which help too.
3. Repetition is key!

Test Experience
1. The test is not that bad if you have taken the security +. Before the exam I have taken the network + at mid July. Took a few days off then i started studying for the SSCP. It had some net + and Sec + concepts which I already knew about, so that kind of helped me a lot.

Now I just need to get through the endorsement process to be certified.
THANK YOU GUYS FOR ALL THE SUPPORT!

Find more posts tagged with

Comments

DAVIS NGUYEN

Congrats!

NavyMooseCCNA

Congrats on passing!

I'm currently studying for my Security+ exam and have an interest in Incident Handling and Forensics. Is this certification a re-hash of Security+ or is it more advanced?

dizzy_kitty

Congrats !

ratbuddy

NavyMooseCCNA wrote: »

Is this certification a re-hash of Security+ or is it more advanced?

I'd like to know this as well.

kboadu22

I would like to say its a re-hash of the security +, it kind of serves as in reinforcement after the security +. The SSCP goes into deeper topics especially for forensic & incident response. What i would recommend is to do the security + first, then go for the SSCP. This will give you 35 CEs towards your Security +! For the security + you only need 50.

-Soon i have a feeling that ISC will up the SSCP standards and it will be more harder and recognizable.
-Best of luck!!!

JustFred

Congrats with the win.

I have thought about going for the SSCP as well, but i should probably go for the Security+ first, then SSCP after that which is most recommended by people here.

tedjames

That's what I did. I passed the previous version of SSCP with just a few days to spare before they updated the test. In some ways, SSCP is a little deeper technically, though in some ways just the opposite was true. SSCP did cover a lot more of the policy/governance and forensic/incident response (as kboadu22 stated) sides than Security+.

SSCP is a good primer for CISSP and somewhat for CASP. I see it as a good stepping stone and a step up from Security+.

When I took the SSCP exam, it was all multiple choice questions. The year before when I took Security+, I had some performance-based questions in addition to multiple choice. CompTIA is doing that with many (maybe all?) of their tests. kboadu22 is likely correct that ISC2 will do the same.

I'm working on eJPT now. From what I understand, the exam is all practical with no multiple choice. I like the idea of that because it proves that you know how to put what you've learned to use. I've known people who took bootcamps and passed CISSP in a week but then promptly forgot everything they memorized. For me, that's a bad way to do it. I'd rather actually learn the material and then be able to put it into practice.

BuzzSaw

Congrats!

I recently passed this as well after doing CEH.

I think SSCP sort of lands between Sec+ and CASP. It's deeper than Sec+ but much higher level than CASP or CEH. I at times found myself having to turn off my "in the weeds" thinking to answer a few SSCP questions.

jamesleecoleman

Tedjames,
The eJPT is multiple choice and hands on. The eCPPT is where you write the report.

Remedymp

BuzzSaw wrote: »

Congrats!

I recently passed this as well after doing CEH.

I think SSCP sort of lands between Sec+ and CASP. It's deeper than Sec+ but much higher level than CASP or CEH. I at times found myself having to turn off my "in the weeds" thinking to answer a few SSCP questions.

This is inaccurate.

BuzzSaw

Remedymp wrote: »

This is inaccurate.

... Which part?

tedjames

I didn't know that. I was under the assumption that all of eLearnSecurity's certifications are hands-on. Thanks for the info. I'll adjust my study/prep routine to include memorizing specific items from the training.

jamesleecoleman wrote: »

Tedjames,
The eJPT is multiple choice and hands on. The eCPPT is where you write the report.

jamesleecoleman

Yea, its good to memorize things but I suggest that you go through practice and take notes. Also play with different tools which do the same thing such as network mapping and database stuff. You could miss something during the lab or test. It was a fun test which can make you think about things. Also knowing some basic Linux commands will be very helpful.

Remedymp

BuzzSaw wrote: »

... Which part?

If you're saying the SSCP is on or on a higher level than CASP, that is inaccurate. If you're saying the SSCP goes into more detail than the SY0-401, then that is also inaccurate.

JustFred

Care to elaborate more?

tedjames

I can see that. I took the SSCP exam about 8 months after Security+. In my experience, Security+ did cover more of the technical side than SSCP, but SSCP covered more of the governance/incident/forensics sides than Security+.

Among other things, I used a CASP study guide to help me prepare for SSCP. CASP is definitely on a higher level than SCCP and Security+.

Remedymp wrote: »

If you're saying the SSCP is on or on a higher level than CASP, that is inaccurate. If you're saying the SSCP goes into more detail than the SY0-401, then that is also inaccurate.

Remedymp

JustFred wrote: »

Care to elaborate more?

CASP goes into depth more so than the SSCP because the focus is Network Security management. The SSCP is more a generalist focus for the practitioner. This is usually around the L1 analyst. The CASP is more of a experienced L2 or Early L3 personnel cert. The SY0-401 is a L1 certification.

BuzzSaw

Remedymp wrote: »

If you're saying the SSCP is on or on a higher level than CASP, that is inaccurate. If you're saying the SSCP goes into more detail than the SY0-401, then that is also inaccurate.

I think we are all getting hung up on terminology . . . .

High Level = broad knowledge (CISSP, SSCP, etc)
Low Level = technical knowledge (CEH, OSCP, Sec+, etc)

I think too often we are trying to "grade" a certification into good, better and best.

What I am saying is SSCP lands between Security+ and CASP in terms of perceived knowledge. When I say "high level", I mean on the spectrum of general knowledge.

To use common terms, this is being at the "10,000 foot view" vs "being in the weeds" - This is the constant problem with anything business related. Getting people to see the big picture, but not missing the trees for the forest. ( I said that backwards on purpose )

SSCP does not get into the same details as Securitry+ or even CASP (as an example), but it is at a higher level in terms of broader overall bodies of knowledge (and thus is easier to get). Where as CASP deals with more technical instances of said technology and security problems as where certification like SSCP or CISSP deal with broader general knowledge.

Which would you want in a board room talking governance with C level executives? a CISSP, or a CEH ? As opposed to, which would you want hardening a specific server for you, a CISSP or a CEH?

High level, vs low level, it isnt a competition.

In my experience the "lower" the level of certification the harder it is to obtain because your knowledge has to move from "general" to "expert".

Or said different you could say "depth" vs "breadth" . . its all the same argument. This is why so many technically minded people get annoyed at middle management.

JustFred

Remedymp wrote: »

CASP goes into depth more so than the SSCP because the focus is Network Security management. The SSCP is more a generalist focus for the practitioner. This is usually around the L1 analyst. The CASP is more of a experienced L2 or Early L3 personnel cert. The SY0-401 is a L1 certification.

Thank you for the clarification. So its Security+, SSCP and then CASP

Remedymp

JustFred wrote: »

Thank you for the clarification. So its Security+, SSCP and then CASP

This is correct. But, just to clarify: It doesn't make sense take the SY0-401 exam AND the SSCP exam. You should only need to take one or the other. Not both. It's redundant to take them both. Now that Comptia has the CyberSecurity Analyst, It should go Security+, CyberSecurity Analyst+ and then CASP.

JustFred

Since you mentioned the SSCP goes more into detail than say the Security+.

One could read the Security+ book, just for the knowledge and actually go for the SSCP, CyberSecurity Analyst+ and then CASP?

That would make much sense.

BuzzSaw

JustFred wrote: »

Since you mentioned the SSCP goes more into detail than say the Security+.

One could read the Security+ book, just for the knowledge and actually go for the SSCP, CyberSecurity Analyst+ and then CASP?

That would make much sense.

Great question.

I think overall the Security+ material would carry over in a big way, but they portions that might be lacking would be some of the "higher" level topics like DR, BCP, compliance, etc

As another person posted, I think taking Security+ and SSCP would mostly be a waste unless you just want to grab two quick certs that have a lot of carry over.

Admittedly, I grabbed SSCP because of the carry over from CEH . . I had some education money to spend, so it was mostly a no brainer.

BuzzSaw

JustFred wrote: »

Thank you for the clarification. So its Security+, SSCP and then CASP

Yeah, no problem. I realized I may have been confusing people with my terminology - Hopefully people get what I was trying to say.

Remedymp

JustFred wrote: »

Since you mentioned the SSCP goes more into detail than say the Security+.

One could read the Security+ book, just for the knowledge and actually go for the SSCP, CyberSecurity Analyst+ and then CASP?

That would make much sense.

Not to break any rules here, but: The SY0-401 has a couple of simulators and the SSCP does not.

In my opinion, the SYO-401 is more of an exam of Security Comprehension and the SSCP is more focus on Level 1 roles. I don't think you can go wrong either. But, I only applied for the SSCP because my Security+ was expiring. Other than that, I see no reason for SSCP to be taken unless it was a requirement.

Some people have taken the GSEC as well as an alternative to the Security+ or the SSCP.

So it can go: GSEC or SY0-401 or SSCP> Security Analyst+ or ISACA CSX-P> CASP.