SSCP experience validation and Security+

neocybe

I have a few questions:

Are the SSCP and Security+ exams viewed as equals in the security industry or is the SSCP a next step after the Security+?

Also, I've been in IT for awhile now and have had positions that touch upon the 7 CBK subjects that I believe equal the required 1yr of experience, virus remediation, full disk cryptography implementation, CIA triad functions, group membership audit and control, auditing, firewall and vpn monitoring etc.

Is this the type and depth of experience ISC2 is looking for to establish one year of experience?

Thanks!

veritas_libertas

The best way to get a feel for whether or not your experience will be accepted is to call them and ask.

earweed

neocybe wrote: »

Are the SSCP and Security+ exams viewed as equals in the security industry or is the SSCP a next step after the Security+?

Security+ is entry level. SSCP is definitely held to a higher regard.

Bl8ckr0uter

earweed wrote: »

Security+ is entry level. SSCP is definitely held to a higher regard.

The test objectives are much tougher but I am not sure if that means the test is held in higher regard. S+ is more well known.

JDMurray

neocybe wrote: »

Are the SSCP and Security+ exams viewed as equals in the security industry or is the SSCP a next step after the Security+?

The SSCP is generally seen as the next step after Security+ for technical InfoSec people. People on the management/business track of InfoSec can skip the SSCP.

Realize that not all organizations in the "security industry" have an equal regard for all certs. Some who know of the Security+ have no idea what the SSCP is, and visa versa. And it really comes down to what an individual hiring manager thinks about a cert, not the company or the industry.

neocybe wrote: »

Is this the type and depth of experience ISC2 is looking for to establish one year of experience?

The requirement is to have at least one year of experience in at least one of the domains of the SSCP CBK. If you've been doing what you say for over a year, then you easily have that.

Bl8ckr0uter

JD

As a person who has both, how would you rate the difficult of the exams (on a 1 to 10 scale)?

JDMurray

knwminus wrote: »

JD

As a person who has both, how would you rate the difficult of the exams (on a 1 to 10 scale)?

Well, if the SSCP is a "10" then the Security+ would be "5-6". However, I haven't taken the 2008 Security+ exam, so I might be a bit off in that assessment.

If you plan to get both certs, just study for them at the same time and you won't need to worry about the difference in their difficulty level.

Bl8ckr0uter

JDMurray wrote: »

Well, if the SSCP is a "10" then the Security+ would be "5-6". However, I haven't taken the 2008 Security+ exam, so I might be a bit off in that assessment.

If you plan to get both certs, just study for them at the same time and you won't need to worry about the difference in their difficulty level.

That's what I plan to do. I don't think I am going to be ready in 2 weeks (the next time the exam is offered close to me) so I will be shooting for first thing next year. S+ is up for next month.

neocybe

Thanks to everyone for your responses!


What is everyone using for study materials?

Most of the materials on amazon and BN seem out dated at first glance; published pre-2004 at least. I hope the material and subject matter has changed in the last 6 years. . .

JDMurray

I there is a new SSCP official study guide coming out in December 2010: Amazon.com: Official (ISC)2 Guide to the SSCP CBK, Second Edition ((ISC)2 Press) (9781439804834): Harold F. Tipton: Books

apr911

JDMurray,

As a person who has the CISSP, SSCP and Security+, where would you rank each exam on difficulty?

I recently passed my CISSP and I am now pending my endorsement and I took and passed the Security+ a little over 2 years ago now.

Now Im considering the possibility of adding SSCP to the list.

What are your thoughts?

-APR911

azjag

apr911 wrote: »

JDMurray,

As a person who has the CISSP, SSCP and Security+, where would you rank each exam on difficulty?

I recently passed my CISSP and I am now pending my endorsement and I took and passed the Security+ a little over 2 years ago now.

Now Im considering the possibility of adding SSCP to the list.

What are your thoughts?

-APR911

Coming from someone who just passed the Sec+ and SSCP and is scheduled to sit the CISSP in December. Unless you want the cert on your wall, to take the extra CPE's to maintain it, and pay annual dues on another cert, I wouldn't. The SSCP is geared for people who have a year of experience. The CISSP is geared for people who have 5 years experience. Unless you want to be a part of a very exclusive group of people who have both certs. Currently there are 67,744 CISSP's and only 1,025 SSCP according to ISC2 as of May 2009(probably a lot higher now). I'd look into the concentrations offered by ISC2 for the CISSP. Engineering, Architect or Management. Good luck in your certs.

JDMurray

If you already have the CISSP then there is very little reason to get the SSCP. I got it as preparation for the CISSP exam. If you want to pay an additional $65US annually to the (ISC)2 for the privilege of having the framed SSCP certificate on your wall next to your CISSP, then by all means.

veritas_libertas

azjag wrote: »

Coming from someone who just passed the Sec+ and SSCP and is scheduled to sit the CISSP in December. Unless you want the cert on your wall, to take the extra CPE's to maintain it, and pay annual dues on another cert, I wouldn't.

I didn't realize that you would have to take extra CPEs to maintain it. Are you sure of that? I'm kind of surprised...

JDMurray

veritas_libertas wrote: »

I didn't realize that you would have to take extra CPEs to maintain it. Are you sure of that? I'm kind of surprised...

Each (ISC)2 cert has its own required AMF and CPEs. You are not allowed to double-up CPEs for the same cert vendor, but you can across different cert vendors. Every cert vendor accredited by ISO/IEC 27014 must follow the same rules.

aethereos

JDMurray wrote: »

Each (ISC)2 cert has its own required AMF and CPEs. You are not allowed to double-up CPEs for the same cert vendor, but you can across different cert vendors. Every cert vendor accredited by ISO/IEC 27014 must follow the same rules.

I have Sec+, SSCP, and CISSP.

I pay both AMF's, but the 24 CPEs I submitted so far this year count towards both the SSCP and CISSP.

And to answer the OP, if you can why not take all three? They really compliment each other well.

JDMurray

aethereos wrote: »

I pay both AMF's, but the 24 CPEs I submitted so far this year count towards both the SSCP and CISSP.

Then you are special. When I enter CPEs into the (ISC)2 Web site, I choose which cert to apply them to, and they only show up for that cert.

aethereos

JDMurray wrote: »

Then you are special. When I enter CPEs into the (ISC)2 Web site, I choose which cert to apply them to, and they only show up for that cert.

JDMurray, it says on this page https://www.isc2.org/minimum-CPEs.aspx

[QUOTE=
Multiple Credentials:

If you hold more than one (ISC)² credential, the CPEs you submit will automatically be counted toward all of your active credentials. CPE activities should not be entered more than one time.

If the domain you select for your submission corresponds to a domain of one of your additional credentials, the CPE credits will be considered a Group A credit for each credential.

If the additional credential does not have a corresponding domain, the credits will be considered Group B for the additional credential.

For example, if you submit a CPE with the domain CISSP – Application Security, the CPE will count as a Group A credit for the CISSP as well as the CSSLP because the CISSP domain corresponds to the CSSLP – Software Acceptance domain. This domain would count as a Group B credit for the CAP because there is no corresponding domain for the CAP.[/QUOTE]


I submitted 24 units for a graduate course in telecomm security, was selected for audit, and passed. I just gave them proof and forgot about it; 2 weeks later they approved the CPEs.

I submitted all 24 CPEs to my CISSP, but after they got approved I selected SSCP and they're also there.

JDMurray

aethereos wrote: »

I submitted all 24 CPEs to my CISSP, but after they got approved I selected SSCP and they're also there.

I just checked my CPE submissions again and they are segregated by each cert, so it's not working that way for me, and it's never worked that way for me. Maybe it's a recent change in policy, or maybe my CPEs recorded in the database are screwed up. I'll find out when my three-year cycle comes due.

tdean

is there a lot of overlap between SSCP and CISSP? i mean, if i plan on going for the CISSP, is it assumed i already know the SSCP material, or is it covered as part of CISSP anyway..... i got the Sec+ a couple years ago.

JDMurray

There is some overlap in the SSCP and CISSP domains in access controls, administration, networking/communications, and risk management. In the SSCP there is no BCP, PhySec, or Laws/Ethics. The CISSP is not as technical as the SSCP and has no specific domain for Malware and malicious code, but a little overlap is there with the CISSP's AppSec domain.

tdean

JDMurray wrote: »

There is some overlap in the SSCP and CISSP domains in access controls, administration, networking/communications, and risk management. In the SSCP there is no BCP, PhySec, or Laws/Ethics. The CISSP is not as technical as the SSCP and has no specific domain for Malware and malicious code, but a little overlap is there with the CISSP's AppSec domain.

thanks Jim. im just trying to figure out which one to go for. i saw your other post about exp vs study and which certs to get. i have 8ish years net admin experience.... im not sure what that would qualify me for or how i'd get it validated since none of my old bosses are around anymore. i'd probably go the SSCP --> Assoc CISSP route?

JDMurray

tdean wrote: »

i'd probably go the SSCP --> Assoc CISSP route?

You are certainly qualified for that with your experience. And your endorser must be someone who is not only familiar with your work experience, but also has an (ISC)2 cert and is in good standing (due paid, etc.).

SephStorm

why are the SSCP books so expensive?

tdean

JDMurray wrote: »

You are certainly qualified for that with your experience. And your endorser must be someone who is not only familiar with your work experience, but also has an (ISC)2 cert and is in good standing (due paid, etc.).

damn, what about people (like me) that have been the only technical presence on site everywhere they've worked?

JDMurray

SephStorm wrote: »

why are the SSCP books so expensive?

Books from Auerbach/CRC Press tend to be text books, or at least marketed like text books, so that may be a reason.

JDMurray

tdean wrote: »

damn, what about people (like me) that have been the only technical presence on site everywhere they've worked?

If you know of no one that is qualified to be your endorser, you can request an audit of your experience by the (ISC)2 once you have passed the exam. They'll look at your resume, references, and whatever else they do. I've never talked with anyone who has gone this route, so I don't have any details or know how long it might take.

Refer to the bottom section of this page: https://www.isc2.org/endorsement.aspx

tdean

JDMurray wrote: »

If you know of no one that is qualified to be your endorser, you can request an audit of your experience by the (ISC)2 once you have passed the exam. They'll look at your resume, references, and whatever else they do. I've never talked with anyone who has gone this route, so I don't have any details or know how long it might take.

Refer to the bottom section of this page: https://www.isc2.org/endorsement.aspx

ok.... thanks. either way, it's not gonna stop me from studying...

veritas_libertas

tdean wrote: »

damn, what about people (like me) that have been the only technical presence on site everywhere they've worked?

You can request a review from (ISC)2.