SSCP for me?

triplea · May 2017

Hi All,

OK currently Im a production sysadmin and have been for a few years. Also work a lot on the OS/desktop side. Looking to now move over to InfoSec in the next couple of years and Im assisting the InfoSec boys now. Im not a network engineer but can follow my way around the majority.

The InfoSec manager has suggested I go for SSCP and Im looking for the best way to get the resources. Is there a preferred guide/book ( Im paying for this myself and hoping to get them to pay for the exam ) I've already completed the 301 Sec+ but that was 3 odd years ago using mainly daryl gibsons guide and certifications expired now. I also used the professor messor course as a supplement.

So that my background, whats the resource please?

Want to do this one first then the Comptia CSA+ probably if funds allow as I think that should give me a good way into InfoSec.

( and keep them in date! )

Cheers

p@r0tuXus · May 2017

Pluralsight, CBT Nuggets and ITpro.TV all have video series that can help you with this. There are free apps on the Android Google Play Store that you can download to use like test-prep and flash-cards. I'd recommend getting the Sybex book or an AIO premium guide as both should grant you online resources (or a cd) for additional test prep materials. Good luck! Let us know how it goes.

JasminLandry · May 2017

Don't forget that for the SSCP, you need 2 years experience doing security related work.

SteveLavoie · May 2017

Sorry to correct you Jasmin, but SSCP require only 1 year of security work.

I wrote the SSCP exam 2 month ago. I used Darril Gibson AIO book mostly, but it is a bit incomplete. I would recommand to read or at least skim through the SSCP CBK and look thing not covered into the AIO.

JasminLandry · May 2017

Oh right, for some reason I had 2 years in my mind!

triplea · May 2017

Hi,

I did worry if I would involved enough

I believe its 1 year of paid work ( weve been an iso 27001 certified company for 5-6 years now and theres no one technical on the infosec team as such they look to the production team to implement )

Access Controls - Im responsible for setting up users based on roles etc. Starters/leavers/movers from AD setup through to closure. Creating security groups. Granting access to directory resources. Requesting access to 3rd party systems as an administrator. Complete the verification chains to access resources.
Security Operations and Administration - Im responsible for installing, monitoring and resolving antivirus endpoint security issues. Anti spam rules. Email filtering. Website filtering. GPO's, desktop proxy and firewalls. Ensure equipment is asseted to central register.
Risk Identification, Monitoring, and Analysis - As above Im responsible for monitoring and resolving antivirus endpoint security issues. Anti spam rules. Email filtering. Website filtering.
Incident Response and Recovery - Would assist the infosec team from any technical aspect where possible. Asked to operate and report back to Infosec team eg after malware attack and cleansing.
Cryptography - not really involved
Network and Communications Security - Educate end users on attack methods eg spoof mails, blocking of USB drives, malware infections. Administration of inbound mail whitelist and blacklist
Systems and Application Security - WSUS to client rollout. Encrypting PC hard drives. GPO lockdowns, desktop proxy and firewalls.
Rereading I didnt realise I did so much? No wonder to Infosec manager is happy to endorse.

JasminLandry · May 2017

I think you'll be fine with that. As for the resources, I used the AIO from Darril Gibson and that's all I needed to pass the exam on my first try. However, I did the exam back in 2013 so I believe there has been updates on the material and probably on the resources too.

SteveLavoie · May 2017

Perhaps I was just unlucky, but I got a few question where I told myself "What's that, I never saw this in any book"

After the exam, I searched and found them in the CBK.

I have mostly used Darril Gibson AIO(80%), and Sybex SSCP official guide (20%). The CBK is a awful reading... just skim it.

triplea · May 2017

I'm presuming going forward and looking at what I already do that's a good grounding for an InfoSec/security role.

going to add comptias CSA+ if poss

triplea · May 2017

This one? 2nd ed.?

Publisher: McGraw-Hill Education; 2 edition (1 Nov. 2015)
Language: English
ISBN-10: 1259583074
ISBN-13: 978-1259583070

rscrt · May 2017

SteveLavoie wrote: »

I used Darril Gibson AIO book mostly, but it is a bit incomplete. I would recommand to read or at least skim through the SSCP CBK and look thing not covered into the AIO.

Second that. Thats the way that worked for me as well.

triplea · May 2017

ok got approval from the boss so can someone just confirm these are the books I need?

Gibson ISBN-10: 1259583074

and supplement with ISBN-10: 1119059658

Sorry it wont let me do amazon links for some reason

Cheers

SteveLavoie · May 2017

I would suggest you as a second or third volume the SSCP CBK: ISBN: 1119278635

It is the abolute reference. As first volume, I used Darril Gibson books.

tedjames · May 2017

There are several threads on this already. Just do a search. I posted my study materials awhile back. Don't know if you can search on my user name.

Make sure that you download the exam objectives and then learn something about every one of them. You may not be tested on all of them, but you just might. Also, what worked for me was using multiple sources like Darril Gibson's All-in-One, Cybrary, CCCure, a CASP study guide, and the relevant sections from Shon Harris' CISSP guide. Study above what's required. Also, make sure you know the common port numbers/names, etc.

SSCP for me?

Comments