hmmm, now what

djlomba

I just grabbed security+ and I am very interested in the security industry.

Should sscp be next or is that too similar to the security+ level?

Is cissp the next best step?

Jinuyr

CISSP is a great one to pursue. SSCP does not have as much exposure but can work as a stepping stone if you think you need one. Take a look at the experience requirements as well. Though you don't exactly need the experience to pass the exam, you won't get the full accreditation until you are able to submit it within the timeframe. Depending on the technologies you operate it, other concentrations may also come in handy such as the CCNA:Security after getting your CCNA. So to answer the question fully, the next best step would be what you are working on now and what you plan to work on in the future.

Darril

I'd echo Jinuyr.

SSCP is a good stepping stone on the path to the CISSP. The CISSP is much more valuable when pursuing jobs but there are some challenges.

1) The CISSP is a much more difficult exam to pass than the SSCP.

2) The CISSP has more stringent requirements related to years of experience than the SSCP.

3) People that pursue the CISSP without direct experience and knowledge often become overwhelmed with the amount of material and either never take the exam or fail it the first time they take it.

In contrast, if you take the SSCP first, you build on your Security+ knowledge, gain direct knowledge for the CISSP including how many of the questions are formatted and worded, and end up with three security certs: Security+, SSCP, and CISSP.

This blog talks goes a little more in-depth into the SSCP: http://blogs.getcertifiedgetahead.com/systems-security-certified-practitioner-sscp-2/

And here's a link to many SSCP blogs: Get Certified Get Ahead | SSCP

Hope this helps.

ChooseLife

Security is not about certs

DoubleNNs

But you learn while studying for the certs, don't you?

I don't understand how security could NOT be about certs, if a larger knowledge base (theoretically) allows you to perform your job better.

Darril

@DoubleNNs. I agree. People commonly learn while studying for certifications and ultimately this knowledge helps them perform their job better. Additionally, certifications on resumes help people land interviews with hiring managers, demonstrate their knowledge, and move up in their careers.

I guess you could say that driving a truck is not about a commercial driver's license (CDL). OK. But you certainly have an opportunity to gain some relevant knowledge about driving a truck as you pursue the license.

ChooseLife

There is security and there is security. One is about research and ideas, the other one is about careers and compliance. I am seeing a growing disconnect between the two, and witnessing it is disheartening.

docrice

I think security training and their certs provide a nice framework, but real-world security jobs (at least with technical areas like infrastructure, etc.) go far beyond what certifications provide. There's a ton of minutia and how you leverage those (often disorganized) details can vary greatly from one organization to another. To be blunt, after a while the certs themselves don't necessarily provide the same impression to employers for higher-level positions than they do for those just starting out in the field.

The problem with learning all the nitty gritty details is skill fade. It's almost inevitable you're going to forget a lot of things due to lack of reinforcement (because the roles you take don't immediately require them) and after a while your ability to improvise or research information to make informed decisions will make more of a difference than the letters after your name.

I still pursue security certifications because they help provide a stronger foundation, but ChooseLife's take is spot-on - security is not about certifications - it's about helping making informed risk-tradeoffs. There are plenty of smart people who get things done without being certified. I have a long list of certs after my name and it's quite obvious while on the job that I don't hold a candle to many of these guys. There's a lot of time spent getting your hands dirty and building up that wisdom.

I think his point was to just make clear that obtaining certifications won't necessarily always guarantee a job, although I think it will increase your odds. There seems to be a lot of people entering the IT industry thinking that passing a few exams will help them cross the finish line for employment. For security positions, that's definitely not that case in my experience.