SSCP potential
I got a new job (thanks MCSE!) and my employer would like me to get my CISSP. However, they are aware that I only have 2 1/2 years of Sys Admin experience. The ISC2 site is not the easiest to navigate. It looks like I would qualify for the SSCP under the Analysis and monitoring domain. I have a few questions:
1) Does having my MCSE credit me towards anything?
2) Being a Sys Admin for a few years, does this credit me enough to qualify to take the test?
3) Would there be a benefit by obtaining Security + first?
1) Does having my MCSE credit me towards anything?
2) Being a Sys Admin for a few years, does this credit me enough to qualify to take the test?
3) Would there be a benefit by obtaining Security + first?
Comments
-
JDMurray Admin Posts: 13,091 AdminThe Security+ is an excellent security cert to start with. It is recognized by several other cert organizations, including Microsoft, and is required when working in information security with DoD or HIPAA organizations. All of the information in the objectives of the Security+ exam are also in the SSCP and CISSP exams.
The MCSE or Security+ cert will allow you to waive one year of the experience requirement for the CISSP (here's the full cert listing). The CISSP requires five years of work-related experience in at least two of the ten domains of the CBK. You can knock one year off for having the Security+ or MCSE, and a second year off for having a 4-year college degree. You also need an endorsement from a CISSP holder that knows your work and experience (see CISSP Applicant Requirements).
If you already have 2.5 years of system security admin experience, plan on taking the CISSP in six or more months so you will have the minimum three years needed (assuming you have a college degree). In that time you will get your Security+ and be studying for the CISSP. You could also use the SSCP exam as a way to prep for the CISSP exam too. If your employer is paying for your certification attempts and annual renewal fees, I say go for all three. -
cashew Member Posts: 122 ■■□□□□□□□□No Degree. Since I have the 2.5 years experience and MCSE, I can qualify to take the SSCP right? Also, if I obtained my Sec+ would that count as an additional year? MCSE + Sec+ = 2 years credit, or can I only exempt 1 year from certs?
-
JDMurray Admin Posts: 13,091 AdminThe SSCP Applicant Requirements include at least one year of cumulative work experience in one or more of the seven domains in information security covered by the SSCP exam. There are many experiences listed which are accepted, but IT certifications aren't among them. Review the SSCP Work Experience Requirements page to see if you meet the requirements in other ways. If you have questions that aren't answered by the (ISC)2 site, you should email the (ISC)2 directly at service@isc2.org.
-
cashew Member Posts: 122 ■■□□□□□□□□Thanks for all your advice. It looks like within the 2.5 year admin experience I had experience with the following domains:
Access Controls, Analysis and monitoring, and Security Operations and administration.
https://www.isc2.org/cgi-bin/content.cgi?page=950
It looks like I can go for the SSCP! I will go the route you recommended seeing as my employer will be funding my education.
1) Sec+
2) SSCP
3) CISSP
What's confusing however is the difference between the domains and the professional experience page. -
JDMurray Admin Posts: 13,091 Admincashew wrote:1) Sec+
2) SSCP
3) CISSP
Also, the 4th edition of Shon Harris' CISSP A-I-O Exam Guide is due out this month; I'd recommend waiting to buy it.