CEH vs SSCP, better?

i was studying CEH but I realized SSCP is more popular with jobs, I cant take CISSP because of no 5 yrs experience.

Comments

  • YuckTheFankeesYuckTheFankees Member Posts: 1,281 ■■■■■□□□□□
    I just did a search for both CEH and SSCP on indeed.com...I was surprised to see CEH had 855 results compared to SSCP's 800. It really depends on what you want to do or learn. CEH= pentesting tools, etc.. SSCP= security policies/procedures
  • ptilsenptilsen Member Posts: 2,835 ■■■■■■■■■■
    SSCP for sure. They are very different, but ISC2 is a much more reputable vendor. The SSCP is also a bit less specific. CEH makes sense if you are specifically going for pentesting, but I would probably (actually, probably will) get SSCP over CEH. SSCP and CISSP are both about theory, while CEH is just about tools. Tools have man pages. The info on SSCP and CISSP by comparison should be known, not looked up as needed.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,661 Admin
    SSCP is technical and of the more practical side of InfoSec, while the CEH is aimed at more specialized fields of InfoSec knowledge. If you are looking for an anti-hacking, vulnernerability assessment, or pen testing type of job, the CEH is closer to what you want. If you are keeping your options open for a broader range of InfoSec professions then the SSCP is the way to go.

    And you can take the CISSP (or SSCP) exam at any time. The professional work experience requirement is only for the full certification and is not as an eligibility requirement for taking the exam itself. In some cases, an employer will only care if you have passed the CISSP exam and not that you a have the full cert (sad, but true).
  • HLRSHLRS Banned Posts: 142
    o really, nice to hear
    JDMurray wrote: »

    And you can take the CISSP (or SSCP) exam at any time. The professional work experience requirement is only for the full certification and is not as an eligibility requirement for taking the exam itself. In some cases, an employer will only care if you have passed the CISSP exam and not that you a have the full cert (sad, but true).
  • cdupuiscdupuis Inactive Imported Users Posts: 32 ■■□□□□□□□□
    Good morning to all,

    Even thou you don't have five years of experience you could still take the CISSP ASSOCIATE exam.

    It is the exact same exam as the CISSP but you must gain five years of professional experience before you would be granted your full blown CISSP.

    JD is right, as far as employment is concerned they accept both. The Department of Defense accept either.

    The SSCP has never caught up as an exam. People would do Security+ or Network+ instead which are at the same level as the SSCP within the 8570 directive from DoD.

    I would recommend you go for the CISSP Associate. That would open a lot more doors.

    Best regards

    Clement
  • badrottiebadrottie Member Posts: 116
    I agree with JD and Clement: Get thee a CISSP exam passed. I will hire someone who has passed the exam, but does not have the requisite job experience to qualify as a full-fledged CISSP.

    Bear in mind, it is not at the same pay scale as someone who has it, but that is to be expected. The CISSP exam is a notoriously difficult and rigorous exam, and that helps set the bar on what a candidate is bringing to the table (Insert favorite cliché here: "Separates the wheat from the chaff", "Separates the men from the boys", etc.). Cross that hurdle, and you have set yourself apart from others that do not have it, and it shows a demonstration on someone's commitment to the profession. It is a crucible that we have all experienced, and know what it takes to obtain it.

    I agree with JD that the SCCP is more technically focused, but our clients do want SSCP's, they want CISSP's. It is a sad truth, but it is the reality of what the marketplace is demanding. Go for the more recognized credential.
  • Vik210Vik210 Member Posts: 197
    This is a difficult question for me too. I have around 3 years of experience in security and wanted to do SSCP. After reading “All in One” for SSCP it looked quite easy and I starting studying for CISSP (couple of weeks ago). For CISSP, I need few more months to prepare and will be very pleased if I can attempt it this year.
    What I want to ask is; do you really think doing SSCP is important if the aim is to be a CISSP in long run? If I study for SSCP exam, I can attempt it next week but will it be worth the fee if I am going to attempt CISSP later this year or early 2013?
  • KeenerKeener Member Posts: 146 ■■■■□□□□□□
    Don(t forget that getting the SSCP can help you shave off 1 year on the requirements for the full CISSP. If you are that close it seems worth it to me. I will be taking the SSCP either at tje end of this month or next myself.
    Pain is only temporary. No matter how bad it gets, it always ends!
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,661 Admin
    Security+ will also "shave off" one year from the requirements too.
  • Vik210Vik210 Member Posts: 197
    Keener wrote: »
    Don(t forget that getting the SSCP can help you shave off 1 year on the requirements for the full CISSP. If you are that close it seems worth it to me. I will be taking the SSCP either at tje end of this month or next myself.

    I already have that year benefit with full time masters and CISA.. So SSCP is just another certification. I just got a new job and not even looking for a change very soon. This is confusing for me.. I am watching CBT nuggets for CISSP now a days as I am waiting for my book to be delivered.
    All the best for your exam! I may attempt it as well..
  • Vik210Vik210 Member Posts: 197
    JD Murray, can you please comment on this..
    In all honesty, I think you have done most of the certifications I want to have in years to come. Where have you started from? Just to give you a brief, I have little over 2 years of experience as system/ network admin and 2 years as IT Manager for a midsize company in London (plus 3 years of semi technical exp is the beginning of my career). I left my last job as I wanted to come back to India for few years (because of personal reasons) and this has given me few months (of job hunting) to do some certification. I have done ITIL and CISA and prepared for SSCP in last 3 months as I had a lot of time. I am starting my next job in 4-5 weeks from now. For the next approx. 1 month I can easily study for 10h/day and cover Shon Harris ‘All in One’ for CISSP or give couple of weeks and do SSCP (I have completed the ‘All in One’ book and CBT Nuggets). How would you best utilize this last one month (of freedom) if you are in my situation?
    I have done full time masters in computer networks and have very strong interest in Security. CISSP is a dream and CISM is another one I want to do in long run.
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,661 Admin
    Vik210, if you have the work experience to get the full CISSP certification, go for that and forget about the SSCP. Having the CISSP brings with it the annual need to collect CPEs and pay the AMF. Having the SSCP will add more CPEs and AMF to your load and not give you any more value or recognition in the job market than having both the CISSP and CISA will. Once you have the InfoSec management experience, the CISM is an excellent complimentary certification to have with the other two.
  • Vik210Vik210 Member Posts: 197
    Thanks James.. That's what I wanted to hear ;)
    Don’t know when will I be able to get in to full-fledged InfoSec role. I tend to get job offers where Security is just a small part (in reality if not on paper) and everything else revolves around systems, network and management. I have big hopes from CISSP!
  • JinuyrJinuyr CISSP, SSCP, Security+, Network+ https://www.linkedin.com/in/francis-nunziata-4a95b624/Member Posts: 251 ■■□□□□□□□□
    What they said...

    You can use other exams to save yourself a year from the requirements and doing the SSCP will put you on the road towards your CISSP. Security+ which it still have value to DOD was a piece of cake. The SSCP exam made me sweat and feel like I didn't pass, though I did, thankfully.

    I highly recommend you do the SSCP if you are not willing to take on the CISSP at this time since it will give you a great deal of insight on what to expect when the time comes for you to take your CISSP exam.
Sign In or Register to comment.