CISSP or SSCP first

test4500 · August 2019

Hi am changing tack and trying to get some security qualifications to go with my Cloud certs (AWS SA-A and CD-A).
I have completed Cisco Cyber Ops (210-250 & 255) and have some basic security expertise (Compia Security+) and am a MCP and CIPP/E

Should I take SSCP then CISSP? ...or just do CISSP? ..some considerations:
1) is it a big jump to just do CISSP in 3 months
2) would they certify me easily? (I have degree and 20 years IT experience)
3) Would it help me get a job in Info Sec management?

thanks for any replies

mikey88 · August 2019

test4500 said:

Should I take SSCP then CISSP? ...or just do CISSP? ..some considerations:

I say go straight for CISSP since since SSCP is more entry level.

1) is it a big jump to just do CISSP in 3 months

It is possible to do it in 3 months but don't limit yourself too much and make sure to fully understand the material or it will get expensive real quick.

2) would they certify me easily? (I have degree and 20 years IT experience)

You need 5yrs of experience in 2/8 domains. You should be fine, but just go over the domains to be sure.

3) Would it help me get a job in Info Sec management?

It will help you get past the hr filters and land an interview. It is up to you to seal the deal. CISSP is highly sought after so it will definitely help.

LonerVamp · August 2019

Personally, the only reason to do the SSCP should be inability to meet the experience requirements of the CISSP. Meeting that, do the CISSP.

For people who have not yet done Security+ (or others like that Cyber Ops) and may be weaker on security topics in general, I always suggest tackling the Security+ first. But you have that, so....

test4500 · August 2019

thanks for the reply - yes my main concern is not meeting the experience requirements, it a lot of expense/time for not to be given the qualification - would doing SSCP make the CISSP any easier (ie is there much overlap) - say 2 months for SSCP then (not three months but..) two months for CISSP

Fulcrum45 · August 2019

It sounds to me like you have the experience to go straight to the CISSP- but take my advice for what little it's worth as I don't have either certs lol. I'm looking at doing the SSCP only because I'm not 100% sure I have the 5 years of required experience to obtain the sponsorship for the CISSP. I hope an introduction into the ISC2 organization can lead to other opportunities to change that.

JDMurray · August 2019

If you have the experience for the full cert then go straight for the CISSP. If you don't feel comfortable enough to study for the CISSP then start with the SSCP as a confidence-builder.

test4500 · August 2019

hmm...thanks for the comments really useful ..am leaning to just doing CISSP ....but am still a bit on the fence ....

if we 'assumed' it took 3 months to do CISSP ......how long would it take (with comparable effort) to do SSCP? - one month?

nevermore · August 2019

I roughly put in close to 100 hours over a 6 week window to prepare for the exam. Some days were full days devoted to study while others during the week when I had to work I would squeeze in a couple hours per night. Did not take any days off of reading and studying while working towards taking the exam. You can use that as a gauge for how long it may take you to prepare. Not having taken the SSCP, I can not provide an estimate but it would be safe to assume a bit less time to prepare.

bjpeter · August 2019

I did not take the SSCP. I have the CSSLP, CISSP, and (waiting to get endorsed for) CCSP. I plan to get the SSCP just to “mop up” the last (ISC)2 exam I am qualified to take.

I think after you get your CISSP, the SSCP will be a walk in the park.

stryder144 · August 2019

Since you have the Security+, you can deduct one year off of the experience requirement (see here). From my understanding, please take it with a grain of salt as I am just now studying for the exam, (ISC)2 is fairly liberal with their interpretation for experience. A CISSP that I talked to said that for the IAM domain he submitted experience that he had setting up user accounts in Active Directory. He also did data backups and malware remediation, as well. He submitted his paperwork with an endorsement from another CISSP and everything was accepted. Naturally, your mileage may vary. If there is a local (ISC)2 chapter in your area, it might be beneficial for you to contact them and ask them for their opinion as to whether your experience would count or not.

test4500 · August 2019

thanks for the advise/comments everyone .....am edging back to just going all out for CISSP for 3 months starting end Sept!

test4500 · June 2020

just an update.....did SSCP in Feb ...and passed ...booked CISSP April ....but was cancelled due to some virus ....booked again in June ....passed on 150 questions ...my advice to myself:

SSCP - hmmmm....not sure it was worth the effort ....increased confidence but was expensive and not sure it helped much with the CISSP ....also only 5,986 people have it (580 in UK) so not a well known cert so questionable how useful in job market it will be - would not recommend exam

CISSP - yes as hard as they say it is ....was sure i was failing on first 100 questions but felt i did really well on last 30 ....a hard exam to prepare for .....and 142k people have it (7.5k in uk) and seems to be the benchmark infosec security qualification - get it done

Next ....CISM and maybe CISA (or just read materials) ....maybe the new Cisco CyberOps Professional in Dec/Jan21 ........am really not sure any more certs are worth it .....my three domains i have drawn out are:

Data Privacy - I think IAPP are king and I have the CIPP/e ....not sure more is required.... Isaca are trying to pick up the tech Privacy ...but i did notice Privacy (and cloud) well represented in CISSP and to a lesser extent CISM so not sure it will get the traction and view it as an add on for Isaca

InfoSec - CISSP then CISM .....after that law of heavily diminishing returns

Cloud - not sure of the point of anything other than AWS and Azure

so my 'cert' pitch to the job market is:
CISSP/CISM ...CIPP/e ...and AWS and Azure security (with the admin certs as well)

any comments/questions/alternative views welcome.....thanks to everyone who offered a view!

LonerVamp · June 2020

Grats, good advice, and good luck on the future stuff! Looks exciting!

test4500 · June 2020

I see you did AWS Security ...in London it seems very split between Azure and AWS ....so i thought both would be handy to be flexible....

AverageJoe · June 2020

Congrats!

Hindsight is 20/20 (or at least closer to 20/20), so easy now to say maybe you should have skipped SSCP, but at the time you perceived some value... whether it was practice/prep, confidence building, or even just a fallback in case you failed the CISSP (that you acknowledged was pretty hard). Because you passed the CISSP, you see no (or little value) in having taken the SSCP, but if you would have failed CISSP you may (or may not

) look at the experience differently.

My point is really that I'd try not to diminish or second guess those accomplishments! You passed two certification exams, and that's fantastic. Congrats on both passes!

test4500 · June 2020

yep ....agreee!

cmitchell_00 · August 2020

Congratulations!!!

CISSP or SSCP first

Comments