SSCP difficulty for CCNA: Security and Security+ certified?

G'day all!
Now that the Christmas break is over, time for me to move on to my next certification, the SSCP.
I passed my Security+ recently, and CCNA: Security a month prior, and I have been looking over the Gibson and OCG for SSCP, despairing that I haven't wisely spent my hard-earned money.
From what I can tell based upon the textbooks, SSCP doesn't cover much more than the Security+, meaning that I'm not going to need more than a couple of weeks to digest this and cover the gaps (mostly BCP and DR processes). The long-term plan is to obtain my CISSP within the next year and go the associate route (as I only have two years' worth of "experience", despite being a security-as-a-hobby geek for the better part of a decade).

My question is thus: For those of you with both the Security+ and SSCP, did you find the SSCP covered much more than the Security+ coursework? The only person I've seen on here with both is JDMurray, though I'm sure there's lots of other certified people lurking around in these forums that had one and considered the other.

I'm starting to go a little bit mad as I'm collecting certs but seeing no traction with them, career-wise.... It's all starting to become rather academic, in the grand scheme of things. Getting impossible to get out of Level1 in the NOC.
Cheers,
NrKy.

Find more posts tagged with

Comments

Remedymp

As someone who has taken both. If you already have SY0-401 and CCNA: Security, it doesn't really make sense to get the SSCP. If you didn't have either of the previous, then it would make sense to obtain SSCP by itself.

However, with the two certs you have, you may be better off focusing on the CISA for 2015 if you meet those requirements.

To answer your question about difficulty between SY0-401 and SSCP. The SY0-401 was the more challenging exam. The CASP exam was by far the most difficult for me and force me back to referring to resources.

H3||scr3am

As stated above, the SSCP doesn't make much sense, I would jump straight to the CISSP (associate of ISC^2) if you lack the experience for endorsement.

CISM and/or CISA would also be another route. you could also consider doing the GISP (CISSP exam prep course SANS) and then do the CISSP

nrky

Thanks for your advice, much appreciated!
I've been going through the Gibson and AIO textbooks for the SSCP and have noticed that it seems even less of a challenge than the Security+ (SYO-401, not 301).
Given the miniscule cost of the CISSP examination compared to an equivalent vendor-specific exam (CCIE Security lab exam, typically taken by people with 5yrs+ experience, costs USD$1,600), the SSCP seems like a waste money and I should really go the Associate CISSP route.

Next question is thus: If you only have 1-2 years InfoSec experience and other certifications, do you need to go through the whole 'endorsement' process after passing the CISSP if you want to only get the Associate cert? Is the Associate even worth getting? I'm stuck in between a rock and a hard place, where in I only have Help Desk experience yet have the knowledge required to pass some well-respected certs (CCNP Security, CISSP, CASP, CEH, PMP, ITIL Service Design, etc.)
I feel that my current certs are getting me nowhere in Melbourne, Australia. We have a MASSIVE glut of paper-cert Indian workers, but they don't know anything beyond the certs that they paid someone to help them study, yet they have more success obtaining good jobs here than a local with the same certs.

Remedymp

nrky wrote: »

Thanks for your advice, much appreciated!
I've been going through the Gibson and AIO textbooks for the SSCP and have noticed that it seems even less of a challenge than the Security+ (SYO-401, not 301).
Given the miniscule cost of the CISSP examination compared to an equivalent vendor-specific exam (CCIE Security lab exam, typically taken by people with 5yrs+ experience, costs USD$1,600), the SSCP seems like a waste money and I should really go the Associate CISSP route.

Next question is thus: If you only have 1-2 years InfoSec experience and other certifications, do you need to go through the whole 'endorsement' process after passing the CISSP if you want to only get the Associate cert? Is the Associate even worth getting? I'm stuck in between a rock and a hard place, where in I only have Help Desk experience yet have the knowledge required to pass some well-respected certs (CCNP Security, CISSP, CASP, CEH, PMP, ITIL Service Design, etc.)
I feel that my current certs are getting me nowhere in Melbourne, Australia. We have a MASSIVE glut of paper-cert Indian workers, but they don't know anything beyond the certs that they paid someone to help them study, yet they have more success obtaining good jobs here than a local with the same certs.

Have you tried applying with the Australian or New Zealand government?

DoubleNNs

You say you can pass the CCNP Security. WHy not go for that? If you pass, you pass. No endorsement or experience requirement.

nrky

Remedymp wrote: »

Have you tried applying with the Australian or New Zealand government?

Have been applying for ICT roles with all three levels of government (federal, state, council) for the better part of a decade now, with no luck whatsoever. It seems like all the people here with full citizenship status end up in government IT jobs, because they certainly aren't working in the private sector anymore (almost 100% Indian now).

DoubleNNs wrote: »

You say you can pass the CCNP Security. WHy not go for that? If you pass, you pass. No endorsement or experience requirement.

I only have just under two years' experience in resume-friendly work. I've been talking to the dozen+ people in the NOC where I work and the general idea tends to be that CCNP is really only for people with several years' experience as a Network Engineer/Technician, otherwise it looks utterly ridiculous. I'm starting to wonder at which point it starts to look silly and somewhat 'paper-tiger' when your certifications exceed your professional experience.

It's starting to make me want to go back to hacking, but legit pentesters are a dime a dozen in Australia.

Really making it hard for people to stay white-hat when it's nigh but impossible to get a real opportunity to prove yourself as someone who actually knows how to troubleshoot, even for technologies they've not studied.

DoubleNNs

if you're at the CCNP Security level, why does your "resume-friendly" experience matter? I think what is most important is that you can back up what you've put down on your resume.

nrky

DoubleNNs wrote: »

if you're at the CCNP Security level, why does your "resume-friendly" experience matter? I think what is most important is that you can back up what you've put down on your resume.

My studies and lab experience are at the point where I can pass the CCNP Security within the next few months (need to brush up on the new coursework), but I have almost no experience in actually configuring or troubleshooting networks at work, because I've been stuck in Level1 Helpdesk roles and haven't been successful in finding better employment, despite gaining certification and significantly adding to my knowledge base.

Sscp1986

I know what you mean of being stuck!

pandoso360

I dont know how it works in your country but unfortunately in Mexico, we have to impress those little trolls in the HR department, that rather hire more paper-cert Indian workers (btw you nailed it there) than give the local IT folk a chance, to land any position in the private sector.