Am I wasting my time with SSCP?

unrealskillz06

So I just finished up with the Darril Gibson's book and I'm really not impressed. A lot of the information I have atleast seen a few times before in my other studies. I wanted to take the SSCP exam because it has been years since I've taken my Sec+ cert, but I'm beginning to feel like it may not be worth it.

My job doesn't require me to get this, but I get antsy when I don't study anything. Should I have just went for CISSP???

unrealskillz06

I forgot to mention, that I have minor in Cyber Security from my undergrad so that may be why it seems so familiar.

mattster79

How many years work experience in Cyber Security do you have?

NetworkNewb

Are the jobs you are looking to move into asking for it or will it help you advance in your current position? If no, I'd say the cert probably isn't worth the time or money.

JasminLandry

The only positive thing that happened to me because of the SSCP is that I'll be featured in ISC²'s blog as an SSCP spotlight within the next few days .

Maybe I got interviews because of it but I'm not too sure because no one really every asked me about it.

So like NetworkNewb said, if the jobs you're looking for are not asking for it, I'd skip it and go at something else instead.

unrealskillz06

I have no working cyber security experience. All of my work experience is as a net admin.

My goal is to move towards the security side and out of the networking side so much. A lot of the jobs in my area always list CISSP but I'm not really that interested enough to take that exam so I thought this would be a nice alternative. I just don't want to take it and I cant do anything with it.

unrealskillz06

JasminLandry wrote: »

The only positive thing that happened to me because of the SSCP is that I'll be featured in ISC²'s blog as an SSCP spotlight within the next few days .

Maybe I got interviews because of it but I'm not too sure because no one really every asked me about it.
.

Congrats on that!

ITSec14

I skipped it. Didn't really see value in it so I'm just going straight for the CISSP now.

beads

You probably have enough background in IT to merit the jump to the CISSP. Its the automotive mechanics and GAP employees that show up with the CISSP and no IT experience that get immediately discounted/rejected.

At 125,000 certified members and climbing there is really no reason at this point to become CISSP.

- b/eads

NetworkNewb

beads wrote: »

At 125,000 certified members and climbing there is really no reason at this point to become CISSP.

Except that since everyone and their mom now has the cert, companies might think of it as an easy requirement and expect people to have. Kinda like how the A+ is to entry level support positions. You don't need it, but you probably should have it.

SteveLavoie

JasminLandry wrote: »

The only positive thing that happened to me because of the SSCP is that I'll be featured in ISC²'s blog as an SSCP spotlight within the next few days .

Maybe I got interviews because of it but I'm not too sure because no one really every asked me about it.

So like NetworkNewb said, if the jobs you're looking for are not asking for it, I'd skip it and go at something else instead.

How were you choosed?

unrealskillz06

beads wrote: »

You probably have enough background in IT to merit the jump to the CISSP. Its the automotive mechanics and GAP employees that show up with the CISSP and no IT experience that get immediately discounted/rejected.

At 125,000 certified members and climbing there is really no reason at this point to become CISSP.

- b/eads

Interesting that you say that because I have no drive to get the CISSP what so ever. However, I do see it mentioned as a preferred qualification a lot of the time. I guess its on to something else now... I hear OSCP is fun

ITSec14

As long as job descriptions list the CISSP as a required/preferred credential to have, there is no reason to suggest not getting it.

The cert alone will do nothing to convince a hiring manager to offer a job to you, but for someone trying to bypass The Wall that is HR, it certainly does help.

JasminLandry

SteveLavoie wrote: »

How were you choosed?

They emailed earlier in 2017 asking if I would be interested in it, so they sent me a questionnaire to fill out and that was it. They came back to me last week saying they would like to feature me as in the blog as part of their SSCP spotlight series.

mattster79

If all the jobs in your area ask for CISSP then maybe the SSCP isn't right for you.

triplea

From my own point of view I actually found this to be the hardest exam Ive ever taken.

I already have the sec+ but thought that this cert and the people who write the cert endorsed me more in the security world.

The Daril book isn’t enough to get you through the exam anyway and is quite light reading.

Although it’s a technical exam I still think its still too much theory rather than needing the experience. That said, it doesn't explain exactly how to implement something eg NAT but you know what it does and you know what to google. Maybe that the level its aimed at and shows you know where to look.

unrealskillz06

triplea wrote: »

From my own point of view I actually found this to be the hardest exam Ive ever taken.

I already have the sec+ but thought that this cert and the people who write the cert endorsed me more in the security world.

The Daril book isn’t enough to get you through the exam anyway and is quite light reading.

Although it’s a technical exam I still think its still too much theory rather than needing the experience. That said, it doesn't explain exactly how to implement something eg NAT but you know what it does and you know what to google. Maybe that the level its aimed at and shows you know where to look.

Appreciate you for giving me some insight. I think I'm going to go ahead and schedule the exam in a few weeks and see how it goes. It wont hurt...maybe wont help either but who know.

DatabaseHead

ITSec14 wrote: »

I skipped it. Didn't really see value in it so I'm just going straight for the CISSP now.

This one is wise, wise beyond their years....

DatabaseHead

Over half the "security" jobs on INDEED either required or preferred the CISSP. It is your best bang for the buck and that is a fact.....

mritorto2

if you did not pay for the sscp exam. they skip it the knowledge you studied for will help with cissp. I say for cissp if you meet their requirements. You can also do CEH., I assume its easier that CISSP.

I have my SSCP & security+. I hope to get my CISSP in december.


Believe me I hate studying for it but it is really good for the resume. I always see the CISSP as a job requirement or preferred. I would rather study for CEH. I agree though security is better than networking.

beads

NetworkNewb wrote: »

Except that since everyone and their mom now has the cert, companies might think of it as an easy requirement and expect people to have. Kinda like how the A+ is to entry level support positions. You don't need it, but you probably should have it.

It's probably been devalued enough for everyone's satisfaction to include the ISC(2), guess its time to raise the testing fees. Oooops! I see they beat me to that very point. Raise 'em again. The auto mechanic with ZERO practical experience and CISSP didn't make it through the team interview so my comments were moot before I could pipe in.

- b/eads

mikey88

beads wrote: »

The auto mechanic with ZERO practical experience and CISSP didn't make it through the team interview so my comments were moot before I could pipe in.

The Auto mechanic with zero security experience will not qualify for CISSP unless the experience was somehow falsified.

NetworkNewb

beads wrote: »

The auto mechanic with ZERO practical experience and CISSP didn't make it through the team interview so my comments were moot before I could pipe in.

But do you think he would he have even made it to your interview if he didn't have his CISSP?

beads

@Mikey88;

I've meet many faux-CISSPs over the nothing new here. I saw CISSP listed on his resume with no number so I cannot look it up. He also listed the CCNP but could barely explain a VPN setup using IKE. I didn't press the 1st and 2nd pass setup exchanges. Besides, without the number listed, what's the use?

@NetworkNewb;

He was interviewing for the senior windows administrator position not a security position. All in all he seemed most comfortable with hardware than Windows, networking or security but had mid level certs to the contrary. I didn't bother to sharpen my knives but simply left them in their scabbards.

- b/eads

yoba222

mikey88 wrote: »

The Auto mechanic with zero security experience will not qualify for CISSP unless the experience was somehow falsified.

Well if you get really creative, installing car alarms sort of deals with physical security. And maybe all that CAN-bus hardening to stretch even farther . . .

unrealskillz06

For what its worth, I passed the SSCP exam. Now I have to go thru the endorsement process. The test was pretty much what I expected. The sheer amount of questions is what gets you. I couldn't imagine doing the CISSP with 250 questions. I may or may not try the "Big One" in a few months depending on how motivated I feel about it. lol. Thanks everyone for their input.

mattster79

unrealskillz06 wrote: »

For what its worth, I passed the SSCP exam. Now I have to go thru the endorsement process. The test was pretty much what I expected. The sheer amount of questions is what gets you. I couldn't imagine doing the CISSP with 250 questions. I may or may not try the "Big One" in a few months depending on how motivated I feel about it. lol. Thanks everyone for their input.

Congrats on passing 👍

globalenjoi

Hey all, wanted to ask this same question. I completed all of the Pluralsight training for the SSCP, and I think there's an opportunity to get reimbursed if I take the exam. I'm curious if it's even worth attempting, though. Right now I have Sec+, GSEC, and GCIH under my belt, and I'm attending the training for GPEN next month. I've got about 3 years of experience to go before I qualify to take the CISSP exam. Is the SSCP valuable for me at this point, or would it be an exam/stress that I don't really need?

SteveLavoie

If you have all those certification, I dont think that you will get something from getting SSCP. SSCP is Sec+ level or a bit higher. Also remember that if you have those certification, it remove 1 year to the 5 year requirement for CISSP. So unless you are very new into IT, I think you should look at how you can apply for CISSP or Associate of CISSP as you are near the requirement. I doubt you have only 2 years of IT experience.

globalenjoi

SteveLavoie wrote: »

If you have all those certification, I dont think that you will get something from getting SSCP. SSCP is Sec+ level or a bit higher. Also remember that if you have those certification, it remove 1 year to the 5 year requirement for CISSP. So unless you are very new into IT, I think you should look at how you can apply for CISSP or Associate of CISSP as you are near the requirement. I doubt you have only 2 years of IT experience.

Hah, believe it or not, this is actually the case. Landed my first IT job in 2015, so I've got some time before I can hit the CISSP.

beads

yoba222 wrote: »

Well if you get really creative, installing car alarms sort of deals with physical security. And maybe all that CAN-bus hardening to stretch even farther . . .

I've meet many a current CISSP holder I would be forced to agree with this assessment as they still didn't have a clue as to what they are talking about. Hence the real value of much of this paper to me in today's market. Prove you know what your talking about or face utter ridicule.

No, I haven't really changed my stance. Just looking for more targets.

- b/eads