SSCP Exam Reaction
Greetings all,
I took the SSCP exam this past Saturday. Since there is so little info about the SSCP out there, I thought I'd post some of my reactions. I'm cautiously optimistic in terms of my performance. I wouldn't be shocked if I failed, but I think I did okay.
The exam taking process itself was as professional and thorough as one would expect. There were 46 individuals taking exams. It looks as though there was supposed to be three SSCP test takers, but only two were present. The rest of the group was CISSP, save for two or three others.
I used the ISC2 SSCP Exam Guide (one of the sloppiest manuals I have ever read - proofreading mistakes, very poor organization of data - very unprofessional), CISSP All-In-One 5th Ed, Pearson's SSCP flash cards, some portions of the CISSP DVD training, FreePracticeTests, and a number of other references/documents. I studied for a good 200 hours. A few hours a week for months, then dedicated structured study for the past month (3-4 hours a day, longer on weekends).
As for the exam itself, I'm very disappointed. I strongly question the reputation that SSCP is somehow "more" technical. I can't say more without risk of violating the confidentiality I agreed to.
I regret not putting the time into CISSP instead. Whether I pass or not, I wouldn't recommend expending the energy on SSCP unless the tester cannot qualify for CISSP for one reason or another.
I took the SSCP exam this past Saturday. Since there is so little info about the SSCP out there, I thought I'd post some of my reactions. I'm cautiously optimistic in terms of my performance. I wouldn't be shocked if I failed, but I think I did okay.
The exam taking process itself was as professional and thorough as one would expect. There were 46 individuals taking exams. It looks as though there was supposed to be three SSCP test takers, but only two were present. The rest of the group was CISSP, save for two or three others.
I used the ISC2 SSCP Exam Guide (one of the sloppiest manuals I have ever read - proofreading mistakes, very poor organization of data - very unprofessional), CISSP All-In-One 5th Ed, Pearson's SSCP flash cards, some portions of the CISSP DVD training, FreePracticeTests, and a number of other references/documents. I studied for a good 200 hours. A few hours a week for months, then dedicated structured study for the past month (3-4 hours a day, longer on weekends).
As for the exam itself, I'm very disappointed. I strongly question the reputation that SSCP is somehow "more" technical. I can't say more without risk of violating the confidentiality I agreed to.
I regret not putting the time into CISSP instead. Whether I pass or not, I wouldn't recommend expending the energy on SSCP unless the tester cannot qualify for CISSP for one reason or another.
Comments
Director of IT for a software company by way of server operations and system engineering. Sixteen years experience, Fortune 500 through small entrepeneural enterprises. 5-13 years experience in each of the SSCP domains. I've been in strict management for the past five years, and most of my interest is on the ITIL/process/service desk side of IT. I found that a focus on those disciplines can come at a disservice to a detailed security focus and needed to do something about that. I decided to persue CISSP originally, and was encouraged to aim for SSCP as a middle ground/starter.
I came back to note that my first post may sound unchariatble, that's not my intention. I may be coming off more negative than I intend to.
Next Up: CCIE R&S Lab
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
If you want to read about my experience during exam as well as the method of study for CISSP exam, get to Secure Cyber: I passed. Such a relief!
I used the following resources for studying: CISSP Training and CISSP Exam Resources. CISSP Training Packages from Shon Harris. CISSP Books and DVDs. Common Body Knowledge..
If you, folks, have the questions, do not hesitate to ask because I can share not only CISSP exam tips but also what you can expect after you became CISSP.
The recent changes by (ISC)2 dictate that you sould have at least 5 years of proven experience in the security field to be able to register for CISSP exam but don't go for SSCP if you are qualified for CISSP. Period.
I didn't mean to imply that SSCP was technical compared to an exam like CCNP or even MCSE. The reputation I read on several forums was that SSCP is more technical than CISSP. I question this. Ironically, post-exam I found the following on Logical Security's website:
The only way to find out for sure is to take both exams, which I intend to do. At that time I'll have more perspective on this. In hindsight, the advice that SSCP + CISSP may be worth "more" seems silly. Barring conditions that would prevent one from taking CISSP, it seems as though taking both is closer to taking 1 1/2 CISSP exams rather than providing evidence that both certifications somehow amount to more verified accumulated knowledge.
I don't hold it against technical guides if they are boring, I do hold it against publishers when books are poorly proofread, or when data is illogically presented. That was my experience with the ISC2 manual. For example, in the Malicious Code section, there are at least two places where section headers appear mid-paragraph, instead of being formatted where they "belong". In other sections of the book, the author will discuss sub-elements of a heading, then deviate onto a different related subject, then return to the original without any clear indication that this is what is being done. When taking notes against the material, this became very obvious.
I'm not saying that the book is wholly flawed by any means, I was just very surprised to see things like this in an ISC2 publication. It feels rushed or as though it wasn't taken very seriously (though I am certain the authors of the seven domains would disagree). The book does a fair job of describing two thirds to three quarters of what an individual should know to prepare for the exam.
Thanks for the links, I'll be sure to check them out!
I agree with your comments in regards to that book. Hopefully the next edition will sort it out!
A
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
IMO it's probably not worth bothering those poor people with a call until you've exceeded the three weeks.
As for the SSCP v. CISSP, though there is technically a greater coverage area, this poster has a lot of trouble believing that there is a difference between the two exams aside from the quantity of questions. I'll know for sure 5/30 when I shoot for the big 'un.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
It is your personal IPS to stop the attack.