CISSP Associate or SSCP? Or both?
Hi all,
I've currently been studying for the CISSP with hopes of getting my certification. The issue is that I lack the work experience. I'm almost 2 years into the security field as a 'security administrator' but I've been working somewhat in between the high level policy level and the more technical level. Most of what I do falls in the "review" category (log review looking for discrepancies/anomalies, firewall ACL reviews, and some higher level policy review).
I'd like to grow in my understanding of both high level and technical expertise for sure. I'm greatly interested in the hands-on/technical side though, as that's my 'first nature,' but I want to be able to gain the perspective of seeing the 'big picture' of things as well.
In any case, I was wondering if it's a wise idea to continue pursuing the Associate CISSP status right now, or if I should just go for the SSCP as the first priority. This is in terms of advancing in my career along with gaining certs. As it is, I feel a bit pigeon-holed where I am now (hence a lack of hands-on as I alluded to earlier), and I also feel like a cert would help make me more marketable in general. The problem is, I don't know which one would complement my resume more. A majority of my resume includes more technical skills (Unix/Linux, Bash/Perl, Packet sniffing/vuln scanning, etc).
Any advice on a good direction to go in my case?
Thanks guys!
I've currently been studying for the CISSP with hopes of getting my certification. The issue is that I lack the work experience. I'm almost 2 years into the security field as a 'security administrator' but I've been working somewhat in between the high level policy level and the more technical level. Most of what I do falls in the "review" category (log review looking for discrepancies/anomalies, firewall ACL reviews, and some higher level policy review).
I'd like to grow in my understanding of both high level and technical expertise for sure. I'm greatly interested in the hands-on/technical side though, as that's my 'first nature,' but I want to be able to gain the perspective of seeing the 'big picture' of things as well.
In any case, I was wondering if it's a wise idea to continue pursuing the Associate CISSP status right now, or if I should just go for the SSCP as the first priority. This is in terms of advancing in my career along with gaining certs. As it is, I feel a bit pigeon-holed where I am now (hence a lack of hands-on as I alluded to earlier), and I also feel like a cert would help make me more marketable in general. The problem is, I don't know which one would complement my resume more. A majority of my resume includes more technical skills (Unix/Linux, Bash/Perl, Packet sniffing/vuln scanning, etc).
Any advice on a good direction to go in my case?
Thanks guys!
Comments
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Thanks for the tip! Yea, that's what I was thinking as well - the fact that it's a solid cert that I can have in my hands might be a little more tangible for employers to grasp. So I heard that the CISSP encompasses the SSCP - is this true? I also read that the SSCP is more 'hands-on' than CISSP. Do you think I could just study for the CISSP (I'm using Shon Harris' book) and go into the SSCP with pretty good confidence in passing?
You could, but there's no need to. The (ISC)2's Official SSCP Study Guide is the standard text. There are also a couple of SSCP study guides from Syngress and Wiley that can be bought for less than $10 each. There's also SSCP cert prep material from companies like PrepLogic. And only you can determine how confidant you are in passing any exam.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Well, I just realized that I may actually be closer to meeting the CISSP requirements than I thought as I did do some related work at my old company for the couple years I was there. In the QA group at my old place, part of the checklist was testing encryption as well as working with file/folder ACLs/CHACLs. I used [formely] Ethereal to sniff for verifying encryption. Of course, this wasn't done every single day but on a fairly consistent basis as these items were part of checklists we went through. I'm thinking [hoping] these should qualify as experience... if so, then I'll be much closer to the 5 years I need for CISSP. At this point, I'm thinking I should just keep studying for the CISSP and just try to go for teh associates ASAP.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray