View RSS Feed

JDMurray's Blog at www.TechExams.Net

Pluralsight (ISC)2 Systems Security Certified Practitioner (SSCP) Course

Rate this Entry
by , 11-25-2013 at 07:39 PM (27093 Views)
Here at, members sometimes remark how difficult they find the (ISC)2 SSCP exam study for because there are few study guides for it. Some members find the official SSCP study guide from the (ISC)2 difficult and tedious to read, and definitely not written at the entry-level of typical SSCP candidates. Some available guides are unrevised and outdated. However, the problem is usually not the lack of useful texts, but not knowing about SSCP study material in an audio/visual media format.

I was recently given an opportunity to teach a BSIT-level information security class based on the SSCP Common Body of Knowledge. The course used Darril Gibson’s SSCP Study Guide as the primary text, and supplemented with material from the OIG SSCP CBK book to provide more depth and detail. To prepare for teaching the course, I also viewed TrainSignal’s new SSCP training course and become quite familiar with its content and presentation.

TrainSignal is now Pluralsight

While I was writing this review, TrainSignal was acquired by Pluralsight, a major online provider of software developer training. TrainSignal’s entire IT training library has been migrated into the Pluralsight platform, which brings their total number of technical training titles to around 1000. Included in the product migration is the integration of TrainSignal’s courses into Pluralsight’s distribution model and user interface. I used TrainSignal’s interface to research this article, so I’ll skip those details and include them in a future review of Pluralsight’s user experience.

What is the SSCP?

The SSCP is the (ISC)2’s entry-level InfoSec exam and is marketed to people with only a year or so of InfoSec work experience, or to those who don’t otherwise qualify for the full CISSP certification. The SSCP is actually a mid-level InfoSec exam in that it contains both elementary and advanced InfoSec topics that do overlap with CompTIA’s entry-level Security+ certification and the (ISC)2’s own CISSP certification. The SSCP is also an excellent study choice when preparing for a much more advanced InfoSec certification exams.

I must be fair in giving my opinion of a reason why you might not want to pursue the SSCP certification. Although the information that the SSCP certification does cover is very thorough and useful for Information Security people, and indeed any technical professional who needs to be more InfoSec-minded, the $65/year you pay to maintain the SSCP certification may not be worth it to you if the SSCP certification itself isn’t much help in getting you an InfoSec job.

The major drawback of the SSCP is marketability and (lack of) recognition within the InfoSec community. The SSCP exam was released in the year 2000 and adopted by the US DOD Directive 8570.01 in 2005. However, as of November 2013, only 1587 people have become SSCP-certified. Compare this count to the more than 90,000 people that have become CISSP-certified since 1996, and the nearly 250,000 people that have acquired the entry-level CompTIA Security+ certification since 2002. This translates to a better likelihood of the CISSP and Security+ certifications being recognized and valued much more highly by employers than the SSCP.

So why am I being so down on the SSCP? Not really--I have the SSCP myself and, as I said, the information in the SSCP CBK is very useful and necessary for a career in Information Security. There’s no rule that says you must take the exam for any certification that you study for. Even if you decide the SSCP certification is not for you, consider strongly that educating yourself with SSCP exam preparation material may be what you need to take the next step in your Information Security career.

The Course Material

I reviewed about 90% of the Pluralsight’s SSCP course material, both online and using the downloadable MP3 files and slides in PDF format. As you would expect, it contains the full compliment of information described in the SSCP Common Body of Knowledge and in the SSCP Candidate Information Bulletin. I didn’t find any topics missing that I would expect to see on the SSCP exam.

Pluralsight’s SSCP course is narrated by no stranger to Microsoft certification community, Tony Northrup. Northrup has authored many books on Microsoft certifications and has taught Microsoft subject for over a decade. I must admit that I was interested when I saw he had done video instruction for a non-Microsoft Information Security cert, as I had never really heard his name bantered about by the InfoSec community (outside of the Microsoft security community, anyway).

Northrup has a friendly, relaxed speaking style that people who find InfoSec material unfamiliar and even anxiety-producing will take comfort in hearing. Northrup’s voice is very good at both the 1x and 1.5x speeds of the TrainSignal (and Pluralsight) media player. If you find his relaxed pacing and friendly conversational style to be to your liking, the 1x speed will be good for you. However, if you find yourself growing impatient with his storied and occasional silly humor, you will find that the 1.5x speed of his voice to causes Northrup to dispense information much more quickly while remaining quite intelligible. It’s quite a bonus to find an instructor whose voice is enjoyable at both 1x and 1.5x speeds.

I can’t lie and say the information in this course is perfect. There are occasional mis-speaks and assertions that caused me to grimace and furrow my brow. On some topics, Northrup drones on a little too long for me, such as on how to create strong passwords and basic wireless security. Rarely, I thought Northrop missed a mark completely, such as his discussion of OSI Layers 5 & 6. Northrup also presents an overkill of information on some topics that you may not see that much on your SSCP exam, such as cloud computing and data flow management. However, that is just bonus information you will eventually need both for some future IT certification exam and in your InfoSec career.

Use Pluralsight’s SSCP Course or Read a Study Guide or Both?

Realize that study guides and courses are only as strong or as weak as the authors and subject matter experts that write them. This is why a certification candidate needs a mix of study materials from different sources when studying for most certification exams. The exception are exams based on a single source of materials. (Hello GIAC.)

I found Nothrup’s and Pluralsight’s SSCP training course to be complete and detailed, an effective way to learn the SSCP CBK by presenting the material in an engaging way that stimulated me to study it. I don’t have to tell you the convenience of having the MP3 files on my smartphone to have with me in my car or in the gym, and the online course player on my computer. Now, with Pluralsight’s training course available, I just wish people would more seriously consider the SSCP certification and the (ISC)2 would do more to market it.

Updated 11-26-2013 at 04:49 AM by JDMurray

Tags: sscp, trainsignal Add / Edit Tags


  1. horusthesun's Avatar
    I recently finished watching the training videos. They are very enjoyable and informative. Thanks for the review
  2. SephStorm's Avatar
    Thanks for the review JD, I rarely get a chance to read your blogs, trying to fix that now.
  3. IT-Security's Avatar
    Thank you JDMurray for this amazing information since I am working to get the CISSP in the near future. I heard about the SSCP, but like you said it doesn't attract employers much. Most of the Information Security jobs out there are requiring CISSP certification on candidates. Your blog is very informative and I would recommend it to anyone that would be pursuing the CISSP like myself.


Total Trackbacks 0
Trackback URL: