SSCP
How exactly does the application process work?
I've been looking into it more. With only a year of experience required, I could meet that criteria I think. The only thing is, how do I prove it to them that I meet the criteria?
I've been looking into it more. With only a year of experience required, I could meet that criteria I think. The only thing is, how do I prove it to them that I meet the criteria?
Comments
-
JDMurray Admin Posts: 13,099 AdminYou will have either your employer(s) or an (ISC)2 member(s) verify your employment experience and other requirements.
https://www.isc2.org/cgi-bin/content.cgi?page=46
Also, I've heard that not every (ISC)2 exam candidiate is fully audited to assure that they meet all certification requirements. The audit rate has been supposed to be only 50%, but it may be lower.
Does anyone have any accurate information on this? -
/usr Member Posts: 1,768 ■■■□□□□□□□Can an employer vouch for experience through school and certifications?
I don't know any (ISC)2 members. -
JDMurray Admin Posts: 13,099 AdminI think they want only practical work experience. You'll have to email the (ISC)2 for the the full details.
-
Webmaster Admin Posts: 10,292 AdminI heard they are pretty strict with the requirements, no special cases.The applicant must meet the following requirements to qualify to sit for the examination: A. Subscribe to the (ISC)² Code of Ethics; and B. Have one years of direct work experience in one or more of the ten test domains of the information systems security Common Body of Knowledge(CBK). Valid experience includes information systems (IS) security-related work performed as a practitioner, auditor, system administrator or analyst, network administrator or related activity that requires IS security knowledge and involves the direct application of that knowledge. The one year of experience must be the equivalent of actual full-time IS security work (not just IS security responsibilities for a one year period); this requirement is cumulative, however, and may have been accrued over a much longer period of time.
List positions that qualify for your one year of work experience. If your titles are not clearly IS security-related, describe your work in the space enterd. (ISC)² may, at its sole discretion, require more information and/or reject any candidate's application.Also, I've heard that not every (ISC)2 exam candidiate is fully audited to assure that they meet all certification requirements. The audit rate has been supposed to be only 50%, but it may be lower.
I'm hoping to take this exam 15th of April (in Utrecht), but I just found out ISC2 has a new branch location in Amsterdam that has a spot on Feb 12... -
/usr Member Posts: 1,768 ■■■□□□□□□□Bah, I doubt I qualify by their standards. I'm definately not studying for and taking the exam unless I know I'll be getting the certification. I still emailed and asked, it's worth a shot.
Guess I'll be moving on to something else... -
Ten9t6 Member Posts: 691/usr wrote:Bah, I doubt I qualify by their standards. I'm definately not studying for and taking the exam unless I know I'll be getting the certification. I still emailed and asked, it's worth a shot.
Guess I'll be moving on to something else...
How much experience do you have? could you have the year by the time you sit the test? The test is a really good stepping stone towards the CISSP.
If you are holding off for a while, you can always take the CWNA.....then go take the CWSP..and tell me what you think... hahaKenny
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA -
Ten9t6 Member Posts: 691actually...to stay with the security theme...you could look a Check Point.Kenny
A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA -
Webmaster Admin Posts: 10,292 Admin/usr wrote:I still emailed and asked, it's worth a shot.If you are holding off for a while, you can always take the CWNA.....then go take the CWSP..and tell me what you think... haha
-
/usr Member Posts: 1,768 ■■■□□□□□□□Am I reading right, in that the experience has to be in ONE of the domains, not spread out among them?
-
/usr Member Posts: 1,768 ■■■□□□□□□□So if I fill out all the required information, study for and pass the exam, and they decide to audit me and decide that I don't meet the standards, is it almost guaranteed that I can become an Associate as long as I didn't lie on the application?
On the other hand, if I study for and pass the exam and they don't audit me, I just get the certification, right?
Also, what is some good study material for the exam, and I can order it and study without approval, right? I just don't want to put a bunch of time into this, only to find out I'm not able to even sit for the exam.
Their methods for finding out if you qualify or if/when they'll let you know if you do, are fuzzy at best. -
JDMurray Admin Posts: 13,099 AdminThese are all great questions that you should directly ask of the (ISC)2 itself. Please let us know what they reply.
https://www.isc2.org/cgi-bin/contact.cgi -
Webmaster Admin Posts: 10,292 AdminAm I reading right, in that the experience has to be in ONE of the domains, not spread out among them?/usr wrote:Also, what is some good study material for the exam, and I can order it and study without approval, right? I just don't want to put a bunch of time into this, only to find out I'm not able to even sit for the exam.So if I fill out all the required information, study for and pass the exam, and they decide to audit me and decide that I don't meet the standards, is it almost guaranteed that I can become an Associate as long as I didn't lie on the application?
-
JDMurray Admin Posts: 13,099 AdminFrom a resume standpoint, I would bet that most employers who desire/require a CISSP certification don't know--or possibly care-- about the difference between a fully-certified CISSP and a CISSP Associate. Simply passing the CISSP exam may be enough "experience" for the majority of employers.
Also, the full details of the CISSP Associate is explined in the (ISC)2 FAQ: https://www.isc2.org/cgi-bin/content.cgi?page=8#cat07 -
/usr Member Posts: 1,768 ■■■□□□□□□□I don't mind being audited. I won't be putting any false information or stretching the truth at all. I just want to know what will happen after I take/pass the exam.
I'll email (ISC)2 tonight with more detailed questions. -
/usr Member Posts: 1,768 ■■■□□□□□□□Wow, they wouldn't even answer my questions through email...I'm supposed to call them. Guess I will tonight when I get home.
-
/usr Member Posts: 1,768 ■■■□□□□□□□Have at least 1 year of cumulative work experience in one or more of the seven test domains in information systems [IS] security.
Seems like your knowledge can be spread out or focused. -
/usr Member Posts: 1,768 ■■■□□□□□□□I'm going to go ahead with this certification. I spoke with the guy from (ISC)2 and he sounded positive about my experience, and especially the fact that I had other security-related certifications. He did explain that this cert isn't that well know, however. I think he said around 800 people, as opposed to 20,000 CISSP's? Don't quote me on the numbers, but it was similar. However, I expect it will grow, as it is a bit newer than the CISSP.
I just need some good study material. If anyone knows of anything to use, let me know. I would rather not use CISSP books, as I don't want to try and cram too much into my head when I won't even need it...not yet anyway. -
/usr Member Posts: 1,768 ■■■□□□□□□□A search on amazon only turned up 4 books, with one of them being the official CISSP exam guide.
Any suggestions? -
Webmaster Admin Posts: 10,292 AdminThis one: The Official (Isc)2 Guide to the Sscp Exam Nagement by Miguel J. Bagajewicz wasn't there yet when I bought my CISSP book so I don't know about that one, but I ended up bying Mike Meyers (actually Shon Harris) CISSP book, because I couldn't find much positive info about the others. With the exam objectives it's quite easy to pick out the topics that apply to SSCP as well, but I wouldn't recommend it because there are some topics on the SSCP exam that aren't covered by the CISSP exam.
Here's the best site for SSCP and CISSP info (including a huge load of free practice questions): www.cccure.org Maybe you can find some more book suggestions or reviews there. -
/usr Member Posts: 1,768 ■■■□□□□□□□Wondering if I should get the official CISSP guide, then match it up to the CSSP objectives. Then also get the two recommended on the cccure.org webpage to cover what I can't get from the CISSP book.
What do you think? -
Webmaster Admin Posts: 10,292 AdminI think that would do the trick for sure, but why 2 SSCP books? I think you'll be suprised how much you know already (i.e. the Malicious Code and the Cryptography domain). If you do get a CISSP book, get that All-in-one, it is a very good book, I'm sure Ten9t6 can confirm that.
Have you downloaded the 'Study guide for SSCP certification' (Basically the exam objectives)? It contains a book list that have been used as a reference during the test development process, you might be able to pick one or more of those to go with the CISSP guide to cover the rest. Those books are usually a better reference than yet another cert guide. -
Webmaster Admin Posts: 10,292 Admin/usr wrote:I'm going to go ahead with this certification. I spoke with the guy from (ISC)2 and he sounded positive about my experience, and especially the fact that I had other security-related certifications. He did explain that this cert isn't that well know, however. I think he said around 800 people, as opposed to 20,000 CISSP's? Don't quote me on the numbers, but it was similar. However, I expect it will grow, as it is a bit newer than the CISSP.
That's good news, and only fair considering the requirements for CEH.
Only 800? Well, I think putting 'ISC2' in front of it will do the trick. I knew it wasn't much but expected at least a couple of thousand. Did he mention worldwide? -
/usr Member Posts: 1,768 ■■■□□□□□□□No, just said 800. I didn't pursue it further.
I was going to go with two SSCP books because in EVERY review I've read, they say that you really need another source. Since this exam is most likely going to be the toughest (as well as the most expensive, at $350+), I figured I might as well go with as much material as I can find.
I don't like the idea of going through a book and picking things out, but since the CISSP book is the "official" guide, it may teach me most of what I need to know.
And yes, I have the objectives. The rep emailed it to me when I asked if they had an official study guide. I guess I confused him. -
Webmaster Admin Posts: 10,292 AdminYeah, with the cost of the exam a second book is certainly justifiable. I think the problem with certification guides is that they usually don't got far enough (not just for the exam but to really understand how the technologies and concepts apply in real world scenarios) hence a second book is not a bad idea, but I rather use some none-cert material in addition. I haven't found any practice exams for this one when I looked a couple of months ago, but that's kinda logical if only 800 are certified so far...
-
JDMurray Admin Posts: 13,099 AdminI've been looking through a lot of InfoSec job postings and the only security certification I continually see required (or desired) are CISSP, CISA, and CISM. Occasionally, there will be an IT security position that asks for Security+ or any GIAC cert. I found only one posting asking for MCSE+Security.
It looks to me that a CISSP Associate designation is a better investment than a fully-certified SSCP--if only for the acronym recognition among both peers and employers. -
/usr Member Posts: 1,768 ■■■□□□□□□□Webmaster, any comments on that? He seems to be right, but there has to be some downside, or upside to the SSCP, or else everyone would be ignoring it and going for the CISSP Associate route.
-
Webmaster Admin Posts: 10,292 AdminI wouldn't expect that from someone with a CWNA But, jdmurray has a valid point as usual.
Considering the popularity of ISC2's CISSP exam and the popularity of security knowledge and skills in general, there's only one way this cert can go. And once companies start to realize that Security+ doesn't mean much they'll be looking at more reputable certifications. Plus it is a bit cheaper than SSCP so personally I rather invest in the certification than the 'designation'.
Ten9t6 suggested it to me a while ago and there was something in particular why I decided to go for SSCP instead of the associate option. I'll have to check some of those hidden pages at ISC2 again but I think it had something to do with not being allowed to use 'CISSP', as in you wouldn't be a "ISC2 Associate on CISSP" or something like that (for the outside world), but 'just' an ISC2 Associate. Not sure if I remember that correctly and the site is currently down for maintenance, for two days... Maybe I read it in my book, will check that one in a bit.if only for the acronym recognition among both peers and employers.
I do plan to go for CISSP eventually though, so doing SSCP first is not the cheapest road. I haven't tried to strech it or including any writing in my security experience, or contact ISC2 to see what they think, but I still have a lot of time to go before I would be able to turn that associate into certified, so I really prefer the certificate. My main reason for these ISC2 certs is that I want to teach Security+ classes and increase my credibility for Security+ study material, and of course the knowledge I gain from preparing for those exams, so I haven't really checked jobsites myself to see for what jobs a SSCP would help.
Maybe Ten9t6 can shed some light on the issue. Ten9t6? What's your opinion about the associate option?He did explain that this cert isn't that well know, however.but there has to be some downside, or upside to the SSCP, or else everyone would be ignoring it and going for the CISSP Associate route.
Although this doesn't mean anything: I did see SSCP listed in a salary survey recently with a salary average close to CISSP. -
/usr Member Posts: 1,768 ■■■□□□□□□□Even if jobs aren't asking for an SSCP, it certainly won't hurt. I'm like you in that I have so far to go (much more than you, I'm sure) before I would ever be eligble to get the CISSP. The SSCP has to have some credibility. Perhaps it just isn't widely recognized yet. I would assume that it certainly won't hurt in getting you an entry level security job, plus you're really only "losing" the testing fee if you decide to go on to the CISSP, since everything (or most at least) from the SSCP will carry over.
I am simply not ready for the CISSP. I do not have 3 years of Information Security experience, and I don't know that any amount of studying would give me enough to pass that exam. SSCP just seems like the more logical of the two, at least at this point in MY certification path.