CISSP or SSCP first

test4500test4500 Registered Users Posts: 29 ■■■□□□□□□□
Hi am changing tack and trying to get some security qualifications to go with my Cloud certs (AWS SA-A and CD-A).
I have completed Cisco Cyber Ops (210-250 & 255) and have some basic security expertise (Compia Security+) and am a MCP and CIPP/E

Should I take SSCP then CISSP? ...or just do CISSP? ..some considerations:
1) is it a big jump to just do CISSP in 3 months
2) would they certify me easily? (I have degree and 20 years IT experience)
3) Would it help me get a job in Info Sec management?

thanks for any replies
Have: CISSP, SSCP, CYSA+, CCNA CyberOp, CIPP/E, PRINCE, ITIL v3, MS Azure 900/103/500, AWS SA-A, Splunk Core User , CyberArk Trustee......
2020 Goals: CISM/CISA, AWS CDA-P/SA-P/Security, Splunk Power User
Tagged:

Comments

  • mikey88mikey88 Member Posts: 495 ■■■■■■□□□□
    edited August 2019
    test4500 said:

    Should I take SSCP then CISSP? ...or just do CISSP? ..some considerations:

    I say go straight for CISSP since since SSCP is more entry level.

    1) is it a big jump to just do CISSP in 3 months

    It is possible to do it in 3 months but don't limit yourself too much and make sure to fully understand the material or it will get expensive real quick.

    2) would they certify me easily? (I have degree and 20 years IT experience)

    You need 5yrs of experience in 2/8 domains. You should be fine, but just go over the domains to be sure.

    3) Would it help me get a job in Info Sec management?

    It will help you get past the hr filters and land an interview. It is up to you to seal the deal. CISSP is highly sought after so it will definitely help.

    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Personally, the only reason to do the SSCP should be inability to meet the experience requirements of the CISSP. Meeting that, do the CISSP.

    For people who have not yet done Security+ (or others like that Cyber Ops) and may be weaker on security topics in general, I always suggest tackling the Security+ first. But you have that, so.... :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • test4500test4500 Registered Users Posts: 29 ■■■□□□□□□□
    thanks for the reply - yes my main concern is not meeting the experience requirements, it a lot of expense/time for not to be given the qualification  - would doing SSCP make the CISSP any easier (ie is there much overlap) - say 2 months for SSCP then (not three months but..) two months for CISSP
    Have: CISSP, SSCP, CYSA+, CCNA CyberOp, CIPP/E, PRINCE, ITIL v3, MS Azure 900/103/500, AWS SA-A, Splunk Core User , CyberArk Trustee......
    2020 Goals: CISM/CISA, AWS CDA-P/SA-P/Security, Splunk Power User
  • Fulcrum45Fulcrum45 Member Posts: 621 ■■■■■□□□□□
    It sounds to me like you have the experience to go straight to the CISSP- but take my advice for what little it's worth as I don't have either certs lol. I'm looking at doing the SSCP only because I'm not 100% sure I have the 5 years of required experience to obtain the sponsorship for the CISSP. I hope an introduction into the ISC2 organization can lead to other opportunities to change that. 
  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    If you have the experience for the full cert then go straight for the CISSP. If you don't feel comfortable enough to study for the CISSP then start with the SSCP as a confidence-builder.
  • test4500test4500 Registered Users Posts: 29 ■■■□□□□□□□
    hmm...thanks for the comments really useful ..am leaning to just doing CISSP ....but am still a bit on the fence ....

    if we 'assumed' it took 3 months to do CISSP ......how long would it take (with comparable effort) to do SSCP? - one month?
    Have: CISSP, SSCP, CYSA+, CCNA CyberOp, CIPP/E, PRINCE, ITIL v3, MS Azure 900/103/500, AWS SA-A, Splunk Core User , CyberArk Trustee......
    2020 Goals: CISM/CISA, AWS CDA-P/SA-P/Security, Splunk Power User
  • nevermorenevermore Member Posts: 39 ■■■□□□□□□□
    I roughly put in close to 100 hours over a 6 week window to prepare for the exam.  Some days were full days devoted to study while others during the week when I had to work I would squeeze in a couple hours per night.  Did not take any days off of reading and studying while working towards taking the exam.  You can use that as a gauge for how long it may take you to prepare.  Not having taken the SSCP, I can not provide an estimate but it would be safe to assume a bit less time to prepare.
    Obtained:
    • CISSP/ISSAP/ISSMP, CISM, GISP, CEH
    • M.S. Information Security and Assurance Norwich University
    • B.S. Cybersecurity UMUC
    In Queue: PMP, CCSP, CRISC



  • bjpeterbjpeter Member Posts: 198 ■■■□□□□□□□
    edited August 2019
    I did not take the SSCP. I have the CSSLP, CISSP, and (waiting to get endorsed for) CCSP. I plan to get the SSCP just to “mop up” the last (ISC)2 exam I am qualified to take.

    I think after you get your CISSP, the SSCP will be a walk in the park.
    2021 Goals (2): SSCP, eCPPT
    Achieved (27): Certified Associate in Python Programming, Microsoft Certified: Azure Fundamentals, PenTest+, Project+, CySA+, Flutter Certified Application Developer, OCP Java EE 7 Application Developer, CCSP, OCP Java SE 11 Developer, CISSP, Linux+/LPIC-1, CCSKv4, OCE Java EE 6 JPA Developer, CSSLP, Server+, Cloud+, Arcitura Certified Cloud Professional, CASP+, Mobility+, Storage+, Android Certified Application Developer, OCP Java SE 8 Programmer, Security+, OCM Java SE 6 Developer, B.S. and M.S. in Computer Science
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    Since you have the Security+, you can deduct one year off of the experience requirement (see here).  From my understanding, please take it with a grain of salt as I am just now studying for the exam, (ISC)2 is fairly liberal with their interpretation for experience.  A CISSP that I talked to said that for the IAM domain he submitted experience that he had setting up user accounts in Active Directory.  He also did data backups and malware remediation, as well.  He submitted his paperwork with an endorsement from another CISSP and everything was accepted.  Naturally, your mileage may vary.  If there is a local (ISC)2 chapter in your area, it might be beneficial for you to contact them and ask them for their opinion as to whether your experience would count or not.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • test4500test4500 Registered Users Posts: 29 ■■■□□□□□□□
    thanks for the advise/comments everyone .....am edging back to just going all out for CISSP for 3 months starting end Sept!
    Have: CISSP, SSCP, CYSA+, CCNA CyberOp, CIPP/E, PRINCE, ITIL v3, MS Azure 900/103/500, AWS SA-A, Splunk Core User , CyberArk Trustee......
    2020 Goals: CISM/CISA, AWS CDA-P/SA-P/Security, Splunk Power User
  • test4500test4500 Registered Users Posts: 29 ■■■□□□□□□□
    just an update.....did SSCP in Feb ...and passed ...booked CISSP April ....but was cancelled due to some virus ....booked again in June ....passed on 150 questions  ...my advice to myself:

    SSCP - hmmmm....not sure it was worth the effort ....increased confidence but was expensive and not sure it helped much with the CISSP ....also only 5,986 people have it (580 in UK) so not a well known cert so questionable how useful in job market it will be - would not recommend exam

    CISSP - yes as hard as they say it is ....was sure i was failing on first 100 questions but felt i did really well on last 30 ....a hard exam to prepare for .....and 142k people have it (7.5k in uk) and seems to be the benchmark infosec security qualification - get it done

    Next ....CISM and maybe CISA (or just read materials) ....maybe the new Cisco CyberOps Professional in Dec/Jan21 ........am really not sure any more certs are worth it .....my three domains i have drawn out are:

    Data Privacy - I think IAPP are king and I have the CIPP/e ....not sure more is required.... Isaca are trying to pick up the tech Privacy ...but i did notice Privacy (and cloud) well represented in CISSP and to a lesser extent CISM  so not sure it will get the traction and view it as an add on for Isaca

    InfoSec - CISSP then CISM .....after that law of heavily diminishing returns

    Cloud - not sure of the point of anything other than AWS and Azure 

    so my 'cert' pitch to the job market is:
    CISSP/CISM ...CIPP/e ...and AWS and Azure security (with the admin certs as well)

    any comments/questions/alternative views welcome.....thanks to everyone who offered a view!
    Have: CISSP, SSCP, CYSA+, CCNA CyberOp, CIPP/E, PRINCE, ITIL v3, MS Azure 900/103/500, AWS SA-A, Splunk Core User , CyberArk Trustee......
    2020 Goals: CISM/CISA, AWS CDA-P/SA-P/Security, Splunk Power User
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Grats, good advice, and good luck on the future stuff! Looks exciting!

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • test4500test4500 Registered Users Posts: 29 ■■■□□□□□□□
    I see you did AWS Security ...in London it seems very split between Azure and AWS ....so i thought both would be handy to be flexible....
    Have: CISSP, SSCP, CYSA+, CCNA CyberOp, CIPP/E, PRINCE, ITIL v3, MS Azure 900/103/500, AWS SA-A, Splunk Core User , CyberArk Trustee......
    2020 Goals: CISM/CISA, AWS CDA-P/SA-P/Security, Splunk Power User
  • AverageJoeAverageJoe Member Posts: 316 ■■■■□□□□□□
    Congrats! 

    Hindsight is 20/20 (or at least closer to 20/20), so easy now to say maybe you should have skipped SSCP, but at the time you perceived some value... whether it was practice/prep, confidence building, or even just a fallback in case you failed the CISSP (that you acknowledged was pretty hard).  Because you passed the CISSP, you see no (or little value) in having taken the SSCP, but if you would have failed CISSP you may (or may not :) ) look at the experience differently.

    My point is really that I'd try not to diminish or second guess those accomplishments!  You passed two certification exams, and that's fantastic.  Congrats on both passes!
  • test4500test4500 Registered Users Posts: 29 ■■■□□□□□□□
    yep ....agreee!
    Have: CISSP, SSCP, CYSA+, CCNA CyberOp, CIPP/E, PRINCE, ITIL v3, MS Azure 900/103/500, AWS SA-A, Splunk Core User , CyberArk Trustee......
    2020 Goals: CISM/CISA, AWS CDA-P/SA-P/Security, Splunk Power User
  • cmitchell_00cmitchell_00 Member Posts: 253 ■■■□□□□□□□
    Congratulations!!!
Sign In or Register to comment.