CISSP-->SSCP

nanga

I applied for a job having a requirement for CISSP.

Although I dont have a CISSP ..i have a SSCP ( associate).

I got a reply saying that they were considering only CISSP candidates.

I am wondering does SSCP get some respect ..is it worth toiling hours of study and hardwork...or it that only the CISSP's get the thumbs up.

I guess....keep on shooting resumes till u can get one looking for SSCP

undomiel

Were you emailing with a recruiter or with the employer themselves? If it is just a recruiter then don't be surprised. They're just keyword jockeys. If it is the employer themselves then you could try giving them a call and see if you can get ahold of the supervisor of the position. Then give them a darn good pitch for how you would handle the position. Especially see if they'll let you give the pitch in person. That can get you around the CISSP requirement.

LarryDaMan

JD will have a better answer for this, but I think the problem is that there are only around 550 SSCPs in the U.S, so many employers may not be familiar with it just yet. As it gains understanding and acceptance, it will be in greater demand.

Kaminsky

Found this which may answer your question.

http://www.globalknowledge.com/training/certification_listing.asp?pageid=12&certid=446&country=United+States

Kam.

nanga

ye i guess thats the right thiing to be done...I just mailed her giving her an overview of what SSCP was.

I guess it might have been a easy way of say NO

Thanks for the advice

nanga

hehehe..i agree CISSP is a good cert ...and clearly defines the quality of the professional. But then SSCP is just three domains away from been a good CISSP.

well i guess what matters in the end is the CERT....and nothing elese.....so go and shoot one for CISSP and get under ur belt

JDMurray

Most hiring managers and HR people don't know what an "CISSP" is other than they heard somewhere that is has to do with security and they need to hire people with it. They won't know any of the other (ISC)2 certs or even what the (ISC)2 is or what it does. They have a hiring perquisites checklist with "CISSP" on it, so that's only what's important to them.

Microsoft and CompTIA has the same problem with lack of recognition of their more obscure certs too. How well a cert is known mostly depends on how much money the cert vendor spends on marketing the cert. Sometimes you get a "viral cert" that just explodes in popularity (e.g., A+, MCSE) without a huge marketing effort, but that's very rare.

nanga wrote:

But then SSCP is just three domains away from been a good CISSP.

There is more of a difference between the SSCP and CISSP than just three domains. The mapping between the CBK's of the SSCP and CISSP are not direct. The domains of one CBK contain different information than the CBK of the other. You can't simply study for and pass the SSCP exam, add three more domains of knowledge, and then expect to pass the CISSP exam.

zen master

Why'd you go for the SSCP btw? I want to go for the CISSP myself, but I'm trying to get a few things finished up before I do. The CISSP is DEFINITELY the one I see being asked for the most.

dynamik

benevolent dictator wrote:

Why'd you go for the SSCP btw? I want to go for the CISSP myself, but I'm trying to get a few things finished up before I do. The CISSP is DEFINITELY the one I see being asked for the most.

He has a nice writeup about his SSCP experience: http://www.techexams.net/blogs/jdmurray/the-sscp-certification-experience

JDMurray

benevolent dictator wrote:

Why'd you go for the SSCP btw? I want to go for the CISSP myself, but I'm trying to get a few things finished up before I do. The CISSP is DEFINITELY the one I see being asked for the most.

I'm a technical guy and the SSCP is a technical cert. I wouldn't even bother going for the CISSP myself except that, as you have found, everyone is asking for it. There is quite an air of mythology about the CISSP cert, and it seems that "air" makes it a requirement for a career in InfoSec.

zen master

JDMurray wrote:

benevolent dictator wrote:

Why'd you go for the SSCP btw? I want to go for the CISSP myself, but I'm trying to get a few things finished up before I do. The CISSP is DEFINITELY the one I see being asked for the most.

I'm a technical guy and the SSCP is a technical cert. I wouldn't even bother going for the CISSP myself except that, as you have found, everyone is asking for it. There is quite an air of mythology about the CISSP cert, and it seems that "air" makes it a requirement for a career in InfoSec.

That's the thing, it's good to get both, but at the end of the day, we have to give the employers what they want, unless of course we're self employed in which case we do the certification that will be the most relevant/helpful.

JDMurray

I've heard recruiters give the advice, "If you are not getting a cert for yourself then don't bother wasting the time and money getting it for someone else." That may be relevant for most certs, but not for the CISSP. Having it is really regarded as a special club of sorts.

zen master

JDMurray wrote:

I've heard recruiters give the advice, "If you are not getting a cert for yourself then don't bother wasting the time and money getting it for someone else." That may be relevant for most certs, but not for the CISSP. Having it is really regarded as a special club of sorts.

What do you really need to be considered for the CISSP? Will a CEH and BSc help? What kinds of things do they look for?

JDMurray

benevolent dictator wrote:

What do you really need to be considered for the CISSP? Will a CEH and BSc help? What kinds of things do they look for?

Have you read the CISSP candidate information on www.isc2.org?

zen master

JDMurray wrote:

benevolent dictator wrote:

What do you really need to be considered for the CISSP? Will a CEH and BSc help? What kinds of things do they look for?

Have you read the CISSP candidate information on www.isc2.org?

Yeh, but it's a bit confusing to be honest. Sentences with so little punctuation marks and so many conjunctions tend to be ambiguous.

Candidates can substitute a maximum of one year of direct full-time security professional work experience described above if they have a four-year college degree OR Advanced Degree in information security from a U.S. National Center of Academic Excellence in information Security (CAEIAE) or regional equivalent.

So, does any 4 year college degree count? That sentence is very poorly worded.

JDMurray

benevolent dictator wrote:

Candidates can substitute a maximum of one year of direct full-time security professional work experience described above if they have a four-year college degree OR Advanced Degree in information security from a U.S. National Center of Academic Excellence in information Security (CAEIAE) or regional equivalent.

So, does any 4 year college degree count? That sentence is very poorly worded.

The phrase, if they have a four-year college degree, would seem to indicate yes.

You can email registrar@isc2.org for the official word.