CISSP Associate or SSCP

nicelydonenicelydone Registered Users Posts: 2 ■□□□□□□□□□
[FONT=Open Sans, Helvetica, Arial]Hi all, I've just finished a (uk) masters degree in infosec, with no direct security experience but plenty of other related experience. Im now looking for a infosec job but am wanting to keep up a bit of study in the mean time. ISC(2) have suggested I work towards the SSCP as my masters would mean I dont need any experience to get the full qualification, but looking at the test questions think I could take the CISSP exam with a bit of extra work. I wouldnt have the experience for a full CISSP but I could still get the Associate. From what I can tell ISC2 intend for someone like me to do the SSCP first but it also seems like more HR people have heard of CISSP and its more respectable. I understand the intended path is SSCP then CISSP and that they're meant to be for different people in different job roles etc, but also that some companies I have spoken to prefer anything CISSP related and SSCP isnt as well known so most people seem to value CISSP more. Therefore my question is... which is a better path, getting the Associate of ISC(2) from the CISSP exam or first going for SSCP and waiting until I have enough experience before taking the CISSP exam. If time and money was no object I could work towards both, but unfortunately it is. I have no particular path at the moment, I just want to get the most out of my study and something extra to put on my CV.[/FONT]
[FONT=Open Sans, Helvetica, Arial]Thanks in advance.[/FONT]

Comments

  • jt2929jt2929 Member Posts: 244 ■■■□□□□□□□
    I would go SSCP first. If you happen to pass the CISSP, you're an Associate of (ISC)2 and can't mention in your resume or cover letter that you passed the CISSP exam. Not being able to mention the CISSP doesn't get you past the HR filters, so having the SSCP is at least a certification endorsement.
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    nicelydone wrote: »
    with no direct security experience but plenty of other related experience

    I would check on seeing how much of the "related experience" can be applied to the CISSP. A lot of tasks can fit into those domains... Might be closer than you think. And if you are pretty close, I would say just go for the CISSP.
  • datacombossdatacomboss Member Posts: 304 ■■■□□□□□□□
    jt2929 wrote: »
    I would go SSCP first. If you happen to pass the CISSP, you're an Associate of (ISC)2 and can't mention in your resume or cover letter that you passed the CISSP exam. Not being able to mention the CISSP doesn't get you past the HR filters, so having the SSCP is at least a certification endorsement.

    I'm curious as to how the DoD recognizes Associate of (ISC)2 for their IAT/IAM Level III jobs?
    "If I were to say, 'God, why me?' about the bad things, then I should have said, 'God, why me?' about the good things that happened in my life."

    Arthur Ashe

  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    Op, when you say related experience what do you mean? If it’s IT experience, you can generally claim it towards the requirement....but outside of that or software development, there isn’t any other experience that is “related”. If you aren’t somewhere around the 2.5-3+ year mark, you are unlikely to have the background or knowledge to rely on for the exam, so taking it wouldn’t be useful. You could take the SSCP and get exposure to a lot of the domains...it shows drive but it’s not going to “impress” people. Security+ is another option...but again, explain your experience because if you don’t have a solid system or network background of knowledge, you should build that early on.
  • nicelydonenicelydone Registered Users Posts: 2 ■□□□□□□□□□
    Thanks everyone for your help. When I said related experience, I have been working with both system development and networking as part of my current role for 8 years or so. I try and practice good security but the job isn't security focused and I couldn't honestly say that I have 4 years security experience.

    Based on all your comments, is correct therefore to say that if someone is getting close to the experience requirements then they should go for CISSP, if not then study for SSCP or security+ or just wait for more experience? I.e the "associate" isnt worth doing unless its quickly converted into the full blown cissp?
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    nicelydone wrote: »
    the "associate" isnt worth doing unless its quickly converted into the full blown cissp

    This ^^

    Also, your job doesn't have to be security focused. Just as long as you do tasks that fit in the domains as part of your job.
  • Info_Sec_WannabeInfo_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□
    jt2929 wrote: »
    I would go SSCP first. If you happen to pass the CISSP, you're an Associate of (ISC)2 and can't mention in your resume or cover letter that you passed the CISSP exam. Not being able to mention the CISSP doesn't get you past the HR filters, so having the SSCP is at least a certification endorsement.

    From a testing standpoint (for those who have taken both), how much difficult is the CISSP compared to the SSCP? If cost is not an issue (and SSCP is "easier"), it wouldn't hurt going for SSCP first just to get a feel of how ISC2 exams go...
    X year plan: (20XX) OSCP [ ], CCSP [ ]
  • SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    I have done the SSCP in Feb 2017, and I will be doing the CISSP in 2 weeks. I would tell you that CISSP seem an order of magnitude harder than SSCP. CISSP is more a management exam while SSCP is much more technicaly focused. The breath of knowledge required for CISSP is much wider than SSCP. Compare both outline and compare the domain.

    SSCP domain



    1. Access Controls

    16%


    2. Security Operations and Administration

    17%


    3. Risk Identification, Monitoring and Analysis

    12%


    4. Incident Response and Recovery

    13%


    5. Cryptography

    9%


    6. Network and Communications Security

    16%


    7. Systems and Application Security

    17%




    While CISSP
    • Asset Security.
    • Communications and Network Security. ...
    • Identity and Access Management. ...
    • Security and Risk Management. ...
    • Security Assessment and Testing. ...
    • Security Engineering. ...
    • Security Operations. ...
    • Software Development Security.
  • jelevatedjelevated Member Posts: 139
    Nobody knows about the SSCP though. Keep in mind when you are looking at jobs trying to comply with IAT Level II on the cheap, Security+ and CCNA Security are thrown in the mix. Even if you aren't going for DoD jobs, I'd go for Sec+ before I go for SSCP. SSCP is not bad, and its got a different focus than the other ISC2 exams, but when your older brother is the CISSP well, people tend to care about that one instead.

    But my path would be to find absolutely any way to start getting infosec experience and THEN tackle the CISSP, even if you spend 5 and a half year as an associate, it'll pay off dividends in the end. Never ever take the CISSP if you are not already in a qualified infosec role. Thats a huge gamble.
    I'm curious as to how the DoD recognizes Associate of (ISC)2 for their IAT/IAM Level III jobs?

    Associate is 110% fine for the DoD. Infact, I'm pretty sure the DoD is the only reason we have the associate status anyway.
Sign In or Register to comment.