+ Reply to Thread
Results 1 to 10 of 10
  1. Junior Member Registered Member
    Join Date
    Oct 2017
    Posts
    2
    #1

    Question CISSP Associate or SSCP

    Hi all, I've just finished a (uk) masters degree in infosec, with no direct security experience but plenty of other related experience. Im now looking for a infosec job but am wanting to keep up a bit of study in the mean time. ISC(2) have suggested I work towards the SSCP as my masters would mean I dont need any experience to get the full qualification, but looking at the test questions think I could take the CISSP exam with a bit of extra work. I wouldnt have the experience for a full CISSP but I could still get the Associate. From what I can tell ISC2 intend for someone like me to do the SSCP first but it also seems like more HR people have heard of CISSP and its more respectable. I understand the intended path is SSCP then CISSP and that they're meant to be for different people in different job roles etc, but also that some companies I have spoken to prefer anything CISSP related and SSCP isnt as well known so most people seem to value CISSP more. Therefore my question is... which is a better path, getting the Associate of ISC(2) from the CISSP exam or first going for SSCP and waiting until I have enough experience before taking the CISSP exam. If time and money was no object I could work towards both, but unfortunately it is. I have no particular path at the moment, I just want to get the most out of my study and something extra to put on my CV.
    Thanks in advance.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2014
    Posts
    221

    Certifications
    Security+, CISSP
    #2
    I would go SSCP first. If you happen to pass the CISSP, you're an Associate of (ISC)2 and can't mention in your resume or cover letter that you passed the CISSP exam. Not being able to mention the CISSP doesn't get you past the HR filters, so having the SSCP is at least a certification endorsement.
    Reply With Quote Quote  

  4. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,619

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #3
    Quote Originally Posted by nicelydone View Post
    with no direct security experience but plenty of other related experience
    I would check on seeing how much of the "related experience" can be applied to the CISSP. A lot of tasks can fit into those domains... Might be closer than you think. And if you are pretty close, I would say just go for the CISSP.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Apr 2013
    Location
    Fort Worth
    Posts
    292

    Certifications
    MS IS, CISM, CRISC, PMP, PMI-ACP, CSM, VCP5-DCV, EMCISA, COBIT 5, ITIL, Qualys
    #4
    Quote Originally Posted by jt2929 View Post
    I would go SSCP first. If you happen to pass the CISSP, you're an Associate of (ISC)2 and can't mention in your resume or cover letter that you passed the CISSP exam. Not being able to mention the CISSP doesn't get you past the HR filters, so having the SSCP is at least a certification endorsement.
    I'm curious as to how the DoD recognizes Associate of (ISC)2 for their IAT/IAM Level III jobs?
    "If I were to say, 'God, why me?' about the bad things, then I should have said, 'God, why me?' about the good things that happened in my life."

    Arthur Ashe

    Reply With Quote Quote  

  6. Senior Member
    Join Date
    May 2013
    Posts
    1,195

    Certifications
    GWAPT, GSEC, Associate of (ISC)2, C|EH, CCNA:Security, CCNA:R&S, CCENT, Security+, Network+
    #5
    Op, when you say related experience what do you mean? If it’s IT experience, you can generally claim it towards the requirement....but outside of that or software development, there isn’t any other experience that is “related”. If you aren’t somewhere around the 2.5-3+ year mark, you are unlikely to have the background or knowledge to rely on for the exam, so taking it wouldn’t be useful. You could take the SSCP and get exposure to a lot of the domains...it shows drive but it’s not going to “impress” people. Security+ is another option...but again, explain your experience because if you don’t have a solid system or network background of knowledge, you should build that early on.
    Reply With Quote Quote  

  7. Junior Member Registered Member
    Join Date
    Oct 2017
    Posts
    2
    #6
    Thanks everyone for your help. When I said related experience, I have been working with both system development and networking as part of my current role for 8 years or so. I try and practice good security but the job isn't security focused and I couldn't honestly say that I have 4 years security experience.

    Based on all your comments, is correct therefore to say that if someone is getting close to the experience requirements then they should go for CISSP, if not then study for SSCP or security+ or just wait for more experience? I.e the "associate" isnt worth doing unless its quickly converted into the full blown cissp?
    Reply With Quote Quote  

  8. They are watching you NetworkNewb's Avatar
    Join Date
    Feb 2015
    Location
    Off the grid
    Posts
    2,619

    Certifications
    A+/Net+/Sec+, CCENT, CCNA:Sec, CCSK, GCIH
    #7
    Quote Originally Posted by nicelydone View Post
    the "associate" isnt worth doing unless its quickly converted into the full blown cissp
    This ^^

    Also, your job doesn't have to be security focused. Just as long as you do tasks that fit in the domains as part of your job.
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Oct 2017
    Posts
    14

    Certifications
    CISA, CRISC, CASP
    #8
    Quote Originally Posted by jt2929 View Post
    I would go SSCP first. If you happen to pass the CISSP, you're an Associate of (ISC)2 and can't mention in your resume or cover letter that you passed the CISSP exam. Not being able to mention the CISSP doesn't get you past the HR filters, so having the SSCP is at least a certification endorsement.
    From a testing standpoint (for those who have taken both), how much difficult is the CISSP compared to the SSCP? If cost is not an issue (and SSCP is "easier"), it wouldn't hurt going for SSCP first just to get a feel of how ISC2 exams go...
    Last edited by Info_Sec_Wannabe; 11-01-2017 at 04:19 PM.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    274

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE
    #9
    I have done the SSCP in Feb 2017, and I will be doing the CISSP in 2 weeks. I would tell you that CISSP seem an order of magnitude harder than SSCP. CISSP is more a management exam while SSCP is much more technicaly focused. The breath of knowledge required for CISSP is much wider than SSCP. Compare both outline and compare the domain.

    SSCP domain

    1. Access Controls 16%
    2. Security Operations and Administration 17%
    3. Risk Identification, Monitoring and Analysis 12%
    4. Incident Response and Recovery 13%
    5. Cryptography 9%
    6. Network and Communications Security 16%
    7. Systems and Application Security 17%


    While CISSP
    • Asset Security.
    • Communications and Network Security. ...
    • Identity and Access Management. ...
    • Security and Risk Management. ...
    • Security Assessment and Testing. ...
    • Security Engineering. ...
    • Security Operations. ...
    • Software Development Security.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    May 2015
    Posts
    134
    #10
    Nobody knows about the SSCP though. Keep in mind when you are looking at jobs trying to comply with IAT Level II on the cheap, Security+ and CCNA Security are thrown in the mix. Even if you aren't going for DoD jobs, I'd go for Sec+ before I go for SSCP. SSCP is not bad, and its got a different focus than the other ISC2 exams, but when your older brother is the CISSP well, people tend to care about that one instead.

    But my path would be to find absolutely any way to start getting infosec experience and THEN tackle the CISSP, even if you spend 5 and a half year as an associate, it'll pay off dividends in the end. Never ever take the CISSP if you are not already in a qualified infosec role. Thats a huge gamble.

    Quote Originally Posted by datacomboss View Post
    I'm curious as to how the DoD recognizes Associate of (ISC)2 for their IAT/IAM Level III jobs?
    Associate is 110% fine for the DoD. Infact, I'm pretty sure the DoD is the only reason we have the associate status anyway.
    Last edited by jelevated; 11-03-2017 at 05:50 AM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks