Assoc of CISSP or SSCP

rob7278rob7278 Member Posts: 57 ■■□□□□□□□□
Hello, I was hoping to get some advice as to best route to go. I was initially thinking about going for the SSCP and then once I got closer in security experience taking the CISSP, however the Security Manager (who is a CISSP) at my previous company said "Are you nuts? On a resume the Assoc of CISSP is almost as good as the CISSP - because on job boards employers search by keywords". He said that any employer searching for - CISSP is still going to pull up my resume, where as many employer looking for Security Engineers have no idea what SSCP is and rarely ever use this in their search words. He then explained that many employers would read my resume and see that I had passed the CISSP exam, but still needed to fulfill the security work experience requirements and think - what a great bargain. I could hire this person that has the knowledge of a CISSP, yet since they aren't an actual CISSP I could negotiate a much lower hourly rate than what a true CISSP would expect to be paid. However on the flip side I would probably have a much better chance of getting hired as a Security Engineer or even an Associate Security Engineer than I ever would with the SSCP. Although I may have to accept a lower hourly rate, at least I would be getting an opportunity - where as with the SSCP I may not even get that.
I was hoping to get some feedback from the Tech Exams community as to whether you would generally agree with this logic or disagree.
Although I have taken a slight detour in my current position as an Incident Manager (for financial reasons), it is very much my goal to follow the security path in my IT career; and actually Incident Manager should still count towards my work experience requirements - in the the Business Continuity and Disaster Recovery Planning domain.
I do realize that 1 obvious difference between the 2 options is - the CISSP exam would be much harder to pass than the SSCP. So it isn't necessarily an apples to apples comparison.

Comments

  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    The official designation is 'Associate of ISC(2) - note that CISSP is not anywhere in there, and it is that way for a reason. I would tread softly in going down this road - ISC(2) will very much frown upon you making up your designator that includes the word CISSP.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    The SSCP is a well-known InfoSec cert, [URL="https://www.isc2.org/uploadedFiles/(ISC)2_Public_Content/Community/Government/DoD 8570.pdf"]especially by the US DoD[/URL]. I suggest going to a major job board, like dice.com, and searching for "SSCP" to check what kind of employers are asking for it.
    colemic wrote: »
    The official designation is 'Associate of ISC(2) - note that CISSP is not anywhere in there, and it is that way for a reason. I would tread softly in going down this road - ISC(2) will very much frown upon you making up your designator that includes the word CISSP.
    I'm not so sure about that. Information like this on the (ISC)2 web site would tend to indicate that the cert name is in the designation. I'll ask about this and post back.
  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    I couldn't find it looking earlier, but I am certain that I have seen in literature somewhere that you cannot use CISSP as part of the designator. (Might have been the AIO or something similar.) And you are right about it appearing to include the cert name in the designation, but it is is not included in the logo.


    The designator is not mentioned at all here, either. https://www.isc2.org/associates/default.aspx

    It also is not mentioned on your ISC(2) link regarding 8570...
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • apr911apr911 Member Posts: 380 ■■■■□□□□□□
    The only question I have about the associates of either is if there is a way to verify either or.

    I know when I passed my CISSP, I drug my feet getting my endorsement in (well not me really, but my endorser). During that time I kept going to ISC2's verification site looking to see if my name had come up as I officially was an Associate of ISC2 CISSP having passed the exam.

    Not once in the approx. 6 weeks it took me to get my endorsement in did my name return in the verification search. Nor did it show up in the approx. 2 weeks it took for them to complete the review of my endorsement and enter me as a fully certified CISSP.

    Maybe it just takes a while to get your name on the tracker but I do know the day I got the email from ISC2 saying I was now a fully certified CISSP was also the first day I showed up in ISC2's verfication tracker.

    So maybe Im wrong but to me it seems like a big issue that ISC2 needs to fix as there could be a number of people claiming to be an associate walking around out there when they havent passed or even taken the exam. Anyone out there an associate willing to confirm if they show up in the ISC2 verification page?

    All that being said, as JDMurray has already pointed out, SSCP is well known especially by the DoD as it is 8570 compliant and applies to a number of positions, some of which the CISSP doesnt even apply to (CND Infrastructure Support). A CISSP associate is allowed for 8570 compliance but Im not sure about the SSCP.

    In any event, there are plenty of jobs out there for SSCP and CISSP but the 2 certifications generally apply to vastly different job titles and responsibilities.

    As JD stated, go to dice or another job board and do a search for SSCP, but do one for CISSP too. Determine which of those 2 roles is more in line with what you are looking for and make your decision on which associates to go for from there.
    Currently Working On: Openstack
    2020 Goals: AWS/Azure/GCP Certifications, F5 CSE Cloud, SCRUM, CISSP-ISSMP
  • rob7278rob7278 Member Posts: 57 ■■□□□□□□□□
    Actually it looks like colemic and JDMurray are both correct. I did quote the Associate (ISC)2 certification incorrectly as - Associate of CISSP, whereas the correct name is Associate of (ISC)2 for CISSP (or if you were to take the SSCP exam it would be Associate of (ISC)2 for SSCP).
    From the (ISC)2 website:
    [h=1]How to Become an Associate[/h] Do you not yet meet the CISSP or SSCP professional experience requirements? You can still become an Associate of (ISC)² by completeing and submitting the examination form and successfully passing either the CISSP or SSCP examination.
    The Associate of (ISC)² for CISSP designation is valid for a maximum of six years from the date (ISC)² notifies you that you have passed the exam, within which time, you'll need to obtain the required experience and submit the required endorsement form for certification as a CISSP.
    The Associate of (ISC)² for SSCP designation is valid for a maximum two years from the date (ISC)² notifies you that you have passed the exam, within which time, you'll need to obtain the required experience and submit the required endorsement form for certification as a SSCP.


    At any rate I should have checked the proper name of the certification before posting this, because I did not intend to infer that I was thinking about doing something shady (like change the name of the cert to make it sound more prestigious, to try to fool employers into thinking I was more qualified than I really was). Or for that matter imply that a SSCP was an unknown certification.
    Ultimately I was really just trying to get some feedback as to what others felt would be the better route to go. But I suppose the answer would be - that depends: could you pass the CISSP exam without having the security experience someone taking this exam would typically have and without the benefit of the knowledge one would gain by first studying for and passing the SSCP?
    Thank you for the feedback
  • rob7278rob7278 Member Posts: 57 ■■□□□□□□□□
    JDMurray - I should have read your The-SSCP-Certification-Experience blog before posting this :)
    Based on your blog I am going to take the SSCP exam, as I do see the value in this certification.
    Thank you!
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,665 Admin
    I'm glad that you think the SSCP cert will be a good thing for your career! icon_thumright.gif
Sign In or Register to comment.