SSCP Exam Reaction

Greetings all,

I took the SSCP exam this past Saturday. Since there is so little info about the SSCP out there, I thought I'd post some of my reactions. I'm cautiously optimistic in terms of my performance. I wouldn't be shocked if I failed, but I think I did okay.

The exam taking process itself was as professional and thorough as one would expect. There were 46 individuals taking exams. It looks as though there was supposed to be three SSCP test takers, but only two were present. The rest of the group was CISSP, save for two or three others.

I used the ISC2 SSCP Exam Guide (one of the sloppiest manuals I have ever read - proofreading mistakes, very poor organization of data - very unprofessional), CISSP All-In-One 5th Ed, Pearson's SSCP flash cards, some portions of the CISSP DVD training, FreePracticeTests, and a number of other references/documents. I studied for a good 200 hours. A few hours a week for months, then dedicated structured study for the past month (3-4 hours a day, longer on weekends).

As for the exam itself, I'm very disappointed. I strongly question the reputation that SSCP is somehow "more" technical. I can't say more without risk of violating the confidentiality I agreed to.

I regret not putting the time into CISSP instead. Whether I pass or not, I wouldn't recommend expending the energy on SSCP unless the tester cannot qualify for CISSP for one reason or another.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

veritas_libertas

Thanks for the review. What do you do that qualified you to be able to take the test?

VoxOrion

veritas_libertas wrote: »

Thanks for the review. What do you do that qualified you to be able to take the test?

Director of IT for a software company by way of server operations and system engineering. Sixteen years experience, Fortune 500 through small entrepeneural enterprises. 5-13 years experience in each of the SSCP domains. I've been in strict management for the past five years, and most of my interest is on the ITIL/process/service desk side of IT. I found that a focus on those disciplines can come at a disservice to a detailed security focus and needed to do something about that. I decided to persue CISSP originally, and was encouraged to aim for SSCP as a middle ground/starter.

I came back to note that my first post may sound unchariatble, that's not my intention. I may be coming off more negative than I intend to.

SysAdmin4066

I wasnt under the impression that the SSCP was a "technical" exam, no more than the CISSP is a technical exam. What info told you the SSCP was "more technical" and more than what exactly? There are much more technical exams out there in security than both the SSCP and the CISSP, they are considered more management level exams.

JDMurray

The SSCP is technical when compared to the CISSP. The SSCP items are generally less complex than many of the items on the CISSP, and that makes them (somewhat) easier. The items in the exam booklets are randomly selected, so it is possible to get an SSCP exam that is (somewhat) easier or more difficult than the average exam. And yes, there are plenty of exams that are far more technical, such as the SANS GIAC certs exams. But realize that the SSCP is a mid-level exam for people with a year or more of InfoSec work experience, so don't put it on a high pedestal that it doesn't deserve.

zbatia

I agree that (ISC)2 book 1st edition is a "dry" and boring book, so I used it as an additional reference when I have compiled my Study Notes. Should you have it? Possibly. But I know many folks who did not even open this book and were able to pass the exam.
If you want to read about my experience during exam as well as the method of study for CISSP exam, get to Secure Cyber: I passed. Such a relief!
I used the following resources for studying: CISSP Training and CISSP Exam Resources. CISSP Training Packages from Shon Harris. CISSP Books and DVDs. Common Body Knowledge..
If you, folks, have the questions, do not hesitate to ask because I can share not only CISSP exam tips but also what you can expect after you became CISSP.

The recent changes by (ISC)2 dictate that you sould have at least 5 years of proven experience in the security field to be able to register for CISSP exam but don't go for SSCP if you are qualified for CISSP. Period.

VoxOrion

SysAdmin4066 wrote: »

I wasnt under the impression that the SSCP was a "technical" exam, no more than the CISSP is a technical exam. What info told you the SSCP was "more technical" and more than what exactly? There are much more technical exams out there in security than both the SSCP and the CISSP, they are considered more management level exams.

I didn't mean to imply that SSCP was technical compared to an exam like CCNP or even MCSE. The reputation I read on several forums was that SSCP is more technical than CISSP. I question this. Ironically, post-exam I found the following on Logical Security's website:

The SSCP is just a subset of the CISSP exam. Don't let anyone fool you by telling you different or that it is more technical.

The only way to find out for sure is to take both exams, which I intend to do. At that time I'll have more perspective on this. In hindsight, the advice that SSCP + CISSP may be worth "more" seems silly. Barring conditions that would prevent one from taking CISSP, it seems as though taking both is closer to taking 1 1/2 CISSP exams rather than providing evidence that both certifications somehow amount to more verified accumulated knowledge.

VoxOrion

zbatia wrote: »

I agree that (ISC)2 book 1st edition is a "dry" and boring book, so I used it as an additional reference when I have compiled my Study Notes. Should you have it? Possibly. But I know many folks who did not even open this book and were able to pass the exam.

I don't hold it against technical guides if they are boring, I do hold it against publishers when books are poorly proofread, or when data is illogically presented. That was my experience with the ISC2 manual. For example, in the Malicious Code section, there are at least two places where section headers appear mid-paragraph, instead of being formatted where they "belong". In other sections of the book, the author will discuss sub-elements of a heading, then deviate onto a different related subject, then return to the original without any clear indication that this is what is being done. When taking notes against the material, this became very obvious.

I'm not saying that the book is wholly flawed by any means, I was just very surprised to see things like this in an ISC2 publication. It feels rushed or as though it wasn't taken very seriously (though I am certain the authors of the seven domains would disagree). The book does a fair job of describing two thirds to three quarters of what an individual should know to prepare for the exam.

Thanks for the links, I'll be sure to check them out!

AD200

Hi Voxorion,

I agree with your comments in regards to that book. Hopefully the next edition will sort it out!

A

SephStorm

Hmm, interesting. I have heard here, that the CISSP is more management level information. I guess I will have to review both materials to see. I intend on looking at Shon Harris' SSCP Video Mentor series when it comes out next month(hopefully), *runs off to check*

JDMurray

SephStorm wrote: »

Hmm, interesting. I have heard here, that the CISSP is more management level information. I guess I will have to review both materials to see. I intend on looking at Shon Harris' SSCP Video Mentor series when it comes out next month(hopefully), *runs off to check*

The CISSP does contain much more management and business level info, but that doesn't mean there isn't technical information covered by it. It's more accurate to say that the SSCP doesn't cover much in the way of business and management topics as compared to the CISSP.

VoxOrion

Quick update - I passed the exam. Took just under three weeks to get results (despite my calling ISC2 and being told it would definitely take the full six). One of my co-workers who took his CISSP exam on 4/10 also received his results today (he passed as well).

IMO it's probably not worth bothering those poor people with a call until you've exceeded the three weeks.

As for the SSCP v. CISSP, though there is technically a greater coverage area, this poster has a lot of trouble believing that there is a difference between the two exams aside from the quantity of questions. I'll know for sure 5/30 when I shoot for the big 'un.

JDMurray

VoxOrion wrote: »

As for the SSCP v. CISSP, though there is technically a greater coverage area, this poster has a lot of trouble believing that there is a difference between the two exams aside from the quantity of questions. I'll know for sure 5/30 when I shoot for the big 'un.

You will be surprised at how much more complex and diverse many of the CISSP exam items are when compared to those on the SSCP.

impelse

Congrats on your pass