SSCP or CISSP - New to InfoSec

keecokeeco Member Posts: 5 ■□□□□□□□□□

This is my first post, but hopefully not my last! I'm currently enrolled at WGU in the IT - Security B.S. program and am planning on graduating in September 2012. After researching the industry, job postings, and talking with other infosec professionals, I am seeing a great value in the CISSP certification for those with the actual work experience. However, I'm struggling to find information regarding the benefits of going CISSP as an associate, waiting for the work experience to catch you up to the certification.

I guess my question is...in my case, does it make more sense to get the SSCP certification, which I'm confident I have the (1) year of required work experience, or should I just bite the bullet and do CISSP?

I've been working in IT as a systems/network engineer and small project lead for a little over 10 years. My background is pretty wide, everything from networking to web hosting and design. In addition, I've recently completed my Security+ (95% score) and A+, which were a breeze.

From my work experience, I have been involved in a lot of infosec tasks and have had infosec responsibilities. It is my goal to work my way into some type of infosec management, project management, team lead, etc. as I do have management experience.

The question, as stated, should I go for SSCP at this time to add value to my resume/salary requirements or go for CISSP?

So, to wrap up...I'm looking forward to these forums, the tools on TechExams.net, and the camaraderie of all of you! It seems like a great community!



  • Options
    shaqazoolushaqazoolu Member Posts: 259 ■■■■□□□□□□
    First off, welcome to the board. Sounds like you will like it here.

    If it were me, I would start off with the SSCP. Many of the job postings that I see, if they are not specifically asking for CISSP, they are just looking for someone with an ISC2 or GIAC cert that is marginally relevant to the responsibilities of the position. I personally feel like being fully certified in one is better than none but YMMV.

    It sounds like your background may actually qualify you in more domains than you may think. I would also suggest carefully reviewing the new 2012 domain layout for the CISSP to make sure that your experience doesn't fit any of them. Obviously if it does, you should probably go for that one first. I plan to take the CISSP this summer which will give me both and I think I will benefit from each of them separately.

    Now that ISC2 is about to start offering CBT for these exams, you can probably knock both of them out pretty quick anyway if you have the cash to pay to sit for them. In my general overview of the CISSP that I have done thus far, I can tell that the material in the SSCP is going to help with the CISSP so that is another reason you may want to consider SSCP first.

    Either way you decide to go, Godspeed. That material is tough to study.
  • Options
    JDMurrayJDMurray Admin Posts: 13,052 Admin
    Welcome to TechExams.net! :D

    The usual advice is to go straight for the CISSP if you already have the 4-5+ years of professional InfoSec work experience. If not then the SSCP is better route. Either way, you can't get the full SSCP or CISSP certification without the verifiable work experience.
  • Options
    kalkan999kalkan999 Member Posts: 269 ■■■■□□□□□□
    If I read you correctly, I think that you might actually benefit from taking a crack at the CISSP vs SSCP or CISA. If you have ten verfiable years as a systems/network engineer, and project management to boot, you qualfy to take the CISSP exam and get certified as same.

    Know this: If you take on this cert, start studying now if you plan on taking this exam in 3-6 months. Unless you are the 1% of those CISSP test takers who have a true photographic memory coupled with a mild to moderate case of Asperger's (the kind of disorder that works in your favor as so many IT Security personnel seem to be diagnosed), then this test will be INSANELY DIFFICULT for you, and you will emerge on the back side of the test:
    • NOT feeling very confident about your results, and
    • You won't remember any of the questions because you will have 'CISSP Exam Amnesia.'
    I am lobbying WEBMD to have 'CISSP Exam Amnesia' listed as an actual and diagnosable ailment! As a second time test taker who is still waiting on his results 24 days later, I will apply for US Social Security Disability citing the aforementioned ailment, because I cannot do this a third time.
  • Options
    keecokeeco Member Posts: 5 ■□□□□□□□□□
    Hah - thanks for both the informative and comical views! I take both to heart and really appreciate it. My hope is to expand on what Security+ started to teach, to understand a wider breadth of information. However, I also see the need to focus in on an aspect of infosec at some point.

    What are the current attitudes about someone foregoing CISSP and instead focusing on a SANS and/or CEH certification?
Sign In or Register to comment.