Security+ vs SSCP

divinemystical

Goodday to all,

I am a security administrator, this is my first job and I have been working about 20 months in banking industry.

I am currently planning to pursue my CISSP certification. I heard from my colleagues and forums saying that Security+ and SSCP is a foundation for CISSP Certification. Can anyone please help me to analyze both of these certificates?

I also understand that most people self studied Security+, instead of attending instructor led classes. Is that so?

On top of that, is that ok if i directly pursue CISSP instead of having go through any one of these certification?

Your advice is very much appreciated. Thank you.

laidbackfreak

Security+ and SSCP would both be good foundation on your path to CISSP. You can and indeed most people do these via self study.

And yes you can go straight for the CISSP but keep in mind to acheive CISSP certification you need 5 years experience. You can pass the exam and become an "associate" but you can not use the credentials of CISSP until you have acheived full certification.

hth

aethereos

divinemystical wrote: »

I am currently planning to pursue my CISSP certification. I heard from my colleagues and forums saying that Security+ and SSCP is a foundation for CISSP Certification. Can anyone please help me to analyze both of these certificates?

Hello,

IMHO Security+ is quite easy; you could pass it if you have the minimum recommended experience and book knowledge.

SSCP is another animal altogether. You'd need to study it and understand its testing methodologies.

To compare the two, I'd say Security+ is like taming a domesticated horse, and the SSCP is like a mustang. Definitely doable, but with practice.

And while I haven't taken the CISSP yet (scheduled for May 2010), it feels like taming a tiger. There's a lot of grounds to cover, and you won't know your results right away.

Best.

divinemystical

Thank you for both of your insights.

Another piece of information regarding CompTIA Certification Renewal Policy:

"For candidates currently preparing to sit for a CompTIA A+, CompTIA Network+ or CompTIA Security+ exam, if you pass an exam and become certified by December 31, 2010, you too will have a lifetime certification with no requirements for recertification or retesting.

Effective January 1, 2011, all new CompTIA A+, CompTIA Network+ or CompTIA Security+ certifications will be valid for three years from the date the candidate is certified. After three years, the certification must be renewed. This can be done by passing the most current exam for a respective certification or by participating in CompTIA’s upcoming new continuing education program, which will allow individuals to keep their skills current and their certification up to date without retesting."


here's for SSCP

"After becoming certified, the requirements to pay a $65US Annual Maintenance Fee (AMF) and to collect 60 Continuing Professional Education (CPE) credits every three years in lieu of taking a renewal exam also apply."

Plantwiz

Great comments!
Thanks folks!

twodogs62

There is cost of ownership for some of the certifications.
It is not just about passing the exam. So, figure out options and how much you are willing to spend for certification renewals.

I'd probably do the following if I only had a couple of years of experience and possibly no other IT certifications.
1. Security+ for foundation (take this year, don't worry about renewal)
look good on your resume
2. SSCP would be good step. 7 Domains of security. Test expensive and then
there is the annual maintenance fee and continuing education.
3. CISSP. 10 Domains of security. Take this when you will have around the 5 years
of experience. Decide once you get this if you want to also maintain your
SSCP. The test is more expensive and higher annual maintenance fee.
4. Look at other certifications on security where you might be interested
(specialization).
SANS Institute has lots of good certifications. SANS: Computer Security Training, Network Security Research, InfoSec Resources

Remember CISSP is more for management and SSCP is more technical.

If staying on the technical side, then you will probably want a certification for your speciality if it is Microsoft, Cisco, Novell, or Linux, etc....

JDMurray

The SSCP is a technical certification while the CISSP is more business/administrative. If you are more into the business continuity, risk management, and physical security kind of things, go for the CISSP. If you really need to be in the technical side of InfoSec then the SSCP is for you. Either way, start with the Security+ cert. Then have a look at the listings for the next type of job(s) that interest you and note what kinds of certification your prospective employers are looking for. Certs are for training you towards your future career path.

bodacious00

Also, keep in mind that if you get an SSCP you may have more training opportunities in the future. At a one of my former jobs, a co-worker had the SSCP and I had the Security+. He had more training opportunities because he needed the CPE's.

I agree with JD, start off with the Security+, then explore what career path and certs you want.

divinemystical

Again, thanks a lot folks for your advice, as of now, I shall look into each of the course structure and do a thorough research and evaluate what do I really want/need before jumping into any conclusion