PASSED the SSCP!!! Now what?

JudgemanJudgeman Member Posts: 6 ■■■□□□□□□□
Hey everyone. Passed the SSCP on my first attempt! I was worried since I get the worst anxiety when taking tests. I studied for about 2 months. The only material i used was the Darryl Gibson All in One 2nd Edition book and practice tests, and a few Youtube videos. It was about the same as other people have mentioned on this forum. Tricky questions that make you rethink your life, lol. I do already have my Sec+ so that helped. I'm currently in a general IT support role and really want to be in a security position in the next year or so. This is my first IT job and I've had it for about 3 years. Looking for some advice on what I should go after next.

Comments

  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,257 Admin
    The SSCP material dovetails into the CISSP material, so passing the CISSP exam is what I would suggest next. Even if you don't yet have the 3-4 years of InfoSec experience that you need for the full CISSP cert, get the CISSP exam out of the way while you have the momentum.
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,179 ■■■■■■■■□□
    What HE said! That was going to be my plan, but I got sidetracked after earning SSCP. I'm not studying CISSP and see a lot of similarities, only CISSP goes way deeper, of course.
  • averageguy72averageguy72 Senior Member Member Posts: 320 ■■■■□□□□□□
    Congrats!
    CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Work on doing any security related tasks at work. Maybe try and look for something small "security wise" that might help you guys out... Anything that you can add to you resume to show you have experience doing security related activities. You probably already do a bunch of security related tasks without even thinking about it. Will need to pick out those things and have your resume focus on them.
  • JudgemanJudgeman Member Posts: 6 ■■■□□□□□□□
    Thank ya much guys. I was thinking about going after the CISSP, but i was told it was for more of a managerial role, which I'm not really interested in at the moment. I like the technical side of things. I guess I'll just try some things out at work and see what sticks. I'll need to take a look at what i do and see how i can incorporate security best practices in to my everyday.
  • ThePawofRizzoThePawofRizzo SSCP, A+, N+, Sec+, CySA+, Cloud+, CWTS Member Posts: 389 ■■■■□□□□□□
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,257 Admin
    Judgeman wrote: »
    I was thinking about going after the CISSP, but i was told it was for more of a managerial role, ...
    And this is the way it was ten years ago, but no longer. The CISSP is now a major cert that most hiring managers look for in all InfoSec recruits, not just the business/managerial ones. Think about it--your role as a technical IT person is to secure a business organization. Your technical skills are used to protect the intellectual property and reputation of the org. If you don't know how all the parts of an org work then you can't possibly secure it. This includes all of the business functions and objectives of the org. Just by only being a "tech guy" you'll never see the whole security picture.

    My CISSP is the only cert that I've ever acquired that I think is worth renewing. I even let my SSCP expire because it's really only a stepping stone to the far more valuable CISSP.
  • H-bombH-bomb Member Posts: 129 ■■■□□□□□□□
    Now is the time to do the CISSP while everything is fresh. You have to seriously commit yourself to it or else life, work, family, friends, or school will always seem to get in the way. You don’t want to be the person that studied for 3 years to get the CISSP. :) 3-5 months should be good to prepare.
  • JudgemanJudgeman Member Posts: 6 ■■■□□□□□□□
    Thanks for the advice guys. Guess ill get to it then, lol.
  • Vikas B AVikas B A Registered Users Posts: 2 ■■□□□□□□□□
    JDMurray said:
    Judgeman wrote: »
    I was thinking about going after the CISSP, but i was told it was for more of a managerial role, ...
    And this is the way it was ten years ago, but no longer. The CISSP is now a major cert that most hiring managers look for in all InfoSec recruits, not just the business/managerial ones. Think about it--your role as a technical IT person is to secure a business organization. Your technical skills are used to protect the intellectual property and reputation of the org. If you don't know how all the parts of an org work then you can't possibly secure it. This includes all of the business functions and objectives of the org. Just by only being a "tech guy" you'll never see the whole security picture.

    My CISSP is the only cert that I've ever acquired that I think is worth renewing. I even let my SSCP expire because it's really only a stepping stone to the far more valuable CISSP.
    I've just begun with the Cyber Security career and I have completed the MTA Security fundamentals, and I have planned on taking the Associate of ISC2. The Cybersecurity Fundamentals certificate (by ISACA) has also been released. Would Associate of ISC2 suffice, or would it be better to add the Cybersecurity Fundamentals on my resume, so as to work in a Security Operations Center as a security analyst?

    Is it good to take up some offensive security related experience to make my resume look better?
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,257 Admin
    Every InfoSec recruiter and HR person knows the CISSP and has never heard of ISACA's Cyber Fundamentals cert. Unless someone is willing to pay for your ISACA cert, I'd say just do the CISSP. 
  • Johnhe0414Johnhe0414 A+, Network+, Security+, Project+ USA, CARegistered Users Posts: 163 ■■■■□□□□□□
    Congrats!
    Current:  A+ | Network+ | Project+ |Security+
    Working on: Cysa+
  • ThePawofRizzoThePawofRizzo SSCP, A+, N+, Sec+, CySA+, Cloud+, CWTS Member Posts: 389 ■■■■□□□□□□
    Congrats!  As advised, I would consider going after CISSP.  I, too, passed SSCP a couple months ago, and am on that track as the SSCP already puts one partway there in terms of subject matter.  Also, there are, I recall, over 100K CISSP certified in the USA (assuming that is where you work), and probably less that 10K with SSCP.  So, even if CISSP were just a "managerial" exam, it is far more known and recognized than SSCP.  Also, my IT Security jobs will view CISSP with more value.  Our IT Security group definitely prefers "CISSP" be on potential employees resumes.
Sign In or Register to comment.