sscp or security+ first?

chickenlicken09 · December 2014

hi guys, so im still debating where to start in terms of the security route. i was thinking cissp but now i think it makes sense to start with something lighter like the security+ or sscp just to make sure i like it and get my feet wet. Are there pros or cons as to where to start?
Im thinking the sscp would look better on the cv as i dont see security+ listed much. Any thoughts would be great?

Thanks

JoJoCal19 · December 2014

Do you already have security experience? The CISSP requires 5 years of experience in at least 2 of the 10 domains it covers. I believe the SSCP is more along the lines of what you'd be looking at. Having had the Security+ and not having it help me a single bit (nor did the Network+), along with the expensive cost of the CompTIA certs, I wouldn't take it. I would however buy the Security+ book and read it and learn the material as if you are going to take the test. Then move on to other certs such as the SSCP.

PJ_Sneakers · December 2014

This is the best advice I've found on the subject:
http://www.techexams.net/forums/security-certifications/28593-security-certification-where-start.html

dustervoice · December 2014

I would say get security+ then move on to SSCP then CISSP. Security + for your knowledge only and to build a solid foundation/springboard as no employer will be impressed by security+ being on your CV. I passed the A+ and Net+ some years back i've now officially deleted them from my CV as they are just taking up valuable real estate on a limited 2 page document. After being in IT for so long if i have to still prove to someone that i know how to change out a NIC card(A+) or demonstrate that i know what a cat5 cable is(N+) then am in real trouble

Remedymp · December 2014

If you already have SY0-401, skip the SSCP then. It's not worth it IMO.

Here are a few postings of Jr. IT Security positions recently:

General Summary of Position:
The Junior Network Security Administrator role is to assist the Information Security Officer with planning, designing, development, and implementation of efficient network integrity, systems security, log management, business continuity and disaster recovery. This individual will apply proven communication, analytical and problem-solving skills to help identify, communicate and resolve issues in order to maximize the benefit of internal systems investments and will be involved in a variety of other projects including assisting with firewall, anti-virus, web filtering, threat remediation and security compliance.
Duties & Responsibilities:
Performing analysis of network security needs and contributes to design, integration, and installation of hardware and software

Analyzing, connectivity requests to insure compliance with Mass 201 CMR 17, PCI and other policies

Provide recommendations for the development and analysis of Network Security policies and procedures

Document computer security policies, procedures and provide alternative solutions to requests that violate policies

Ability to work Hands-on with Internet protocols, IPS, firewalls, packet capture and analysis, SSH, TLS/SSL, web servers, application servers, database security, patch management and vulnerability assessment tools

Device/vendor agnostic (needs to support Check Point, Fortinet, Cisco, F5, etc.)

Software/vendor agnostic (needs to support Websense, McAfee, Tenable, etc.)

Required Qualifications:
Bachelor's degree

2 years of networking experience with Cisco Routers and Switches

Network security experience with Checkpoint

Problem Solving - must be able to provide technical solutions to a wide range of complex difficult problems.

Self-Motivator possessing a high sense of urgency and high level of integrity

Strong written and verbal communication, as well as organization and documentation skills

Strong knowledge of networks and network topologies and protocols

Reporting for internal/external use and compliance

Preferred Qualifications:
Candidates with these desired skills will be given preferential consideration:

Cisco CCNA

Check Point CCSA

CISSP

Microsoft MCSA

Familiar with standard security and PCI best practices

Vulnerability Management / Risk Assessment

Knowledge of features of Active Directory, Group Policy and Certificate Authority technologies.

Experience with endpoint security software and encryption products

Responsibilities:
The position requires a higher degree of technical ability and skills, that relate directly to the operation, maintenance, and troubleshooting of specialized security related infrastructure. Examples of such infrastructure are the RSA DLP (Data Loss Prevention), SEIM (Security Event Information Management), IPS (Intrusion Prevention), WAF's (Web Application Firewalls). The position also requires a higher level of specific experience and formal structured training to be effective.

Due to sensitive nature of the data being analyzed and administered this person must exhibit distinct discretion. However, a self-assured manner and authority is also necessary when interacting with management in non-Operations areas.

Day to day administration of security infrastructure including:

Operations of the Security systems, including maintenance, configuration, issue remediation, audit and troubleshooting

Administer Data Privacy Committee Sharepoint portal Administering RSA DLP and SEIM software and Hardware

Analysis, categorizing and reporting the DLP results, including informing the DLP gate-keepers within Legal, HR and ACS of any suspicious activity

Development and administration of correlated customized real-time security alerts

Education of sensitive information owners of their data protection responsibilities and data encryption techniques

Enforcement of data encryption automation

Staying current with US and global Data Privacy Laws Development and administration of metrics reporting to the Data Privacy Committee

Qualifications:
Excellent verbal and written communications skills

Advanced knowledge of Microsoft Office suite, and Lotus Notes

Advanced knowledge of TCP/IP networks, routing, protocols, and topology

Excellent Internet troubleshooting skills

Good working knowledge of Windows & Linux Operating systems, and Database technologies

Project Management involvement required to understand project scheduling and criticality of tasks and prioritization

Excellent customer service, and troubleshooting skills

Highly analytical with structured approach experience

Excellent problem detection and resolution skills

Detail oriented, self starter

I would go for SY0-401, then focus on either CCNA:Security or RHCSA. More ROI for either of those two, IMHO...

JDMurray · December 2014

The SY0-401 now covers most--if not all--of the topics covered by the SSCP exam. However, the Sec+ exam itself is simpler than the SSCP exam. Either exam is good preparation for the other. If you had to choose only one or the the other, you will get more resume recognition from the Security+ cert.

PJ_Sneakers · December 2014

JDMurray wrote: »

The SY0-401 now covers most--if not all--of the topics covered by the SSCP exam. However, the Sec+ exam itself is simpler than the SSCP exam. Either exam is good preparation for the other. If you had to choose only one or the the other, you will get more resume recognition from the Security+ cert.

That being said, do you think there is any tangible benefit to obtaining the SSCP certification rather than the Security+? Does it help with any CISSP prerequisites or anything like that? I know it knocks a year off of the CISSP experience requirement, but so does the Sec+ cert.

chickenlicken09 · December 2014

some good advice there thanks, i have the security+ book already and it seems interesting. although i have the ccna already i think i would
enjoy the security+ more. will prob skip the sscp all together if there that much overlap. that job spec gives me an indication of where i should be going.
although its a junior role they seem to expect a certain amount of experience already so would i be right in saying it would pay better than a junior role?
im trying to not go backwards in salary also!

Remedymp · December 2014

eddo1 wrote: »

some good advice there thanks, i have the security+ book already and it seems interesting. although i have the ccna already i think i would
enjoy the security+ more. will prob skip the sscp all together if there that much overlap. that job spec gives me an indication of where i should be going.
although its a junior role they seem to expect a certain amount of experience already so would i be right in saying it would pay better than a junior role?
im trying to not go backwards in salary also!

If you already have CCNA. Push for CCNA: Security. After CCNA: Security, I would go for RHCSA.

Taking a pinch in salary by way of transitioning from one role to another is not uncommon in IT. It's just the nature of the game.

Being able to balance out your expertise in OS(RHCSA), Networking(CCNA), as well as Security Fundamentals (SY0-401) could be great way to become a decent security generalist.

JDMurray · December 2014

PJ_Sneakers wrote: »

That being said, do you think there is any tangible benefit to obtaining the SSCP certification rather than the Security+?

If the SSCP gets you a first-round interview for job that the Security+ by itself won't then that would be a tangible benefit. You are far more likely to find jobs asking for the Security+ than the SSCP, but higher paying job requiring more InfoSec experience will ask for the SSCP (and CISSP and GSEC) over the Security+. It really depends on what level you are hiring at.

diggitle · December 2014

Just get them both....lol as you can see JDMurray has them both. I say its worth it.

Karthik524 · October 2015

Hi JD,

Currently i am working in Avaya TAC and i have total 5 years of experience into Networking and i am working on security devices and firewalls as well now i would like follow Information Security path so which one would be better Security + or SSCP. which certification has more value please suggest.

Thanks,
Karthik

sscp or security+ first?

Comments