Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
(ISC)²
SSCP
Best Security Certification for newbie...
new2ITSecurity
Hi there...
A little about myself. I just received my Master of Science in Cybersecurity from the UMUC (undergrad also from UMUC: Bachelor in Computer Studies). I have never worked in the IT Security field. I am currently studying for the CISSP but I am wondering if this is the best route for me to obtain a job. I would love any advice/direction! Thanks...Ali
Find more posts tagged with
Comments
Iristheangel
I wouldn't consider the CISSP as an "entry-level" certification for a newbie. You might pass the test but without 5 years of security job experience, you're not really getting the CISSP. I would recommend picking up some certifications that you can put on your resume: Security+, CASP, etc
zxshockaxz
Iris hit the nail on the head.
I would get your 5 years work experience before going for the CISSP. If you don't have any certifications yet, security+ is going to be the easiest to get, and it doesn't require any work experience. CCENT/CCNA will be a good way to get your foot in the door and start getting some related work experience. If you're interested in the penetration testing route, the Offensive Security certifications are great and require no work experience, as well as the eLearnSecurity certifications.
new2ITSecurity
Thanks Iris...would you recommend studying for the SSCP over Security +...
Iristheangel
You need at least 1 year of security experience still for the SSCP so you're in a "chicken before the egg" situation here. I would say to get your Security+ or even some more technical security-oriented certifications (CCNA:Security or whatever), get a job, work for a year, and then consider some more advanced certifications that require the experience behind them. Don't get me wrong, the SSCP is a great certification to get but you won't actually be able to put it on your resume before you get the experience. You'll have the lesser-known "Associate of ISC2" which employers and recruiters don't really know as well so it won't open as many doors. One of the hardest things for someone new to this industry is getting their foot in the door at that first IT job so to improve your odds and make yourself more marketable, shoot for those certifications that you can put on your resume and that recruiters can search for
TechGuy215
SSCP you need 1 year of experience. If you have no "real-world/work experience", take the Sec+ or CASP.
joebanny
Hi There,
I agree with much of everything that has been said. Security+ is where to start from, however, you might be qualified to take the SSCP too. You mentioned you have no IT security experience but do you have any IT experience? Sometime people don't realize that they've actually be involved in security with other things they've done in IT. For instance if you're are a helpdesk analyst but also perform access control (AD, Permission settings, Password mgmt etc) you might already be qualified for Access Control domain, What about if you have been involved in Network & Telecommunication domain doing things like VOIP, Blackberry, Network configuration services etc, those could also qualify you for the Telecommunication domain, So I will say evaulate what you have done in your resume, take a look at the ISC2 qualification for any of the certs you're interested in, you might be qualified to take the test already, it all depends on what you've done. Not having a IT Security job title is not enough to disqualify you.
Here is the SSCP requirement:
https://www.isc2.org/sscp-how-to-certify.aspx
By the way, I'm also a UMUC alumni of the Master's in IA. Good luck to you in your pursuit.
new2ITSecurity
Thanks for the info on SSCP joebanny! After reading your post, I ordered the SSCP All-In-One study guide by Gibson. Congrats on your Masters as well!
jez2cool
I would go for the CISSP, You will gain more and there are not many places looking for an SSCP. InfoSec is not an easy field to get in, everyone wants experience and not many well give you a chance to gain that experience. I am apart of my local ISSA chapter and most of the CISSP's told me not to bother with the SSCP from there experience. Far as the best security cert for a newbie would be security +. If you are serious about security I would look in to the CISSP because even with out the experience you will be gain the CISSP-associate and 6 years to get experience to drop the tag and would not have to retake the test.
YFZblu
CISSP would be a nice marketing piece for your resume'. If that's what you're looking for, I would skip the SSCP all together. Obviously you will be an 'Associate' of ISC2 but listing the CISSP on your resume' at all will fulfill your goal of becoming a search result when hiring bots comb the web for resumes. Other than marketing, the certification choice you make totally depends on what you want to do in security. The CISSP is really a management certification and the material you learn there will not be super useful in a purely technical security role. Of course, if being in a purely technical role is not your goal, then the CISSP may be a perfect fit for you.
For technical roles I believe SANS and Offsec are the best certification paths one can take; obviously those paths cost a relatively large amount of money and aren't for everyone.
For individuals looking for technical roles in security but lack the deep pockets or ways to get SANS or Offsec training, I would start with Security+ and dive into information about mastering TCP/IP, IR methodologies, programming basics, Linux fundamentals, etc. A few books I recommend:
-TCP/IP Illustrated, Vol. 1 (1st edition)
-The Tao of Network Security Monitoring
-The Practice of Network Security Monitoring: Understanding Incident Detection and Response
-Counter Hack Reloaded
-The Network Security Bible
..regarding Linux and programming basics I would seek out material that fits your learning style. Good luck
CoolAsAFan
SSCP and CISSP are more intermediate/advanced certs, also without the required work experience you just get the associate designation. I agree with what others have said, Security+ then CCNA:Security would be a great start. Good luck!
new2ITSecurity
Thanks for the advice everyone!! Looks like I have my work cut out for me
At least it will be totally worth it!
Kaine
It will be worth it friend and good luck. I work for the DOD as a Server Admin and am working on my CISSP now.
joebanny
Agreed, it is a lot of work, it took me 3 intensive, sleep-deprived, time- away-from-family months, to work on my CISSP, a month after passing, the payoff came big time, I can assure you, it is worth the trouble. All the best to you!
beads
Security+ followed by CCNA Security would be much more believable than suddenly posting an advanced/mid career level certificate. Shows rational progression. Seeing too many "sudden CISSP" in the market from folks in there mid to late 20's and next to no real experience in the field.
- beads
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
