topic CCSP and Security+ in CCSP Study Group

CCSP and Security+

wmheid — Sun, 12 May 2024 20:07:21 GMT

I am just curious, has anyone pursued both CCSP and Security+? If so, your thoughts on the pro's and con's please. Is there any benefit in getting both?

Re: CCSP and Security+

emb021 — Mon, 13 May 2024 18:52:05 GMT

That's an interesting combo.

The Sec+ is an entry-level cert, loosely equivalent to the CC.

the CCSP requires the same level of experience that the CISSP does, so I would expect that if you're going for the CCSP you have the CISSP already or could get it, as you have the same amount of experience.

And if you have that level of experience, just get the CISSP and don't bother with the Sec+.

Re: CCSP and Security+

riffjim4069 — Mon, 13 May 2024 19:21:11 GMT

I have both CCSP and Security+, but my path may be very different than yours. I've been a CISSP-ISSEP type for going on 20-years and, although I was hands-on building, deploying, and managing SOCs for years, my backside mainly sits behind a desk where I'm not allowed to touch-things/break-things for the past decade. I mostly deal with building security programs, security control and architecture frameworks, formulating cybersecurity strategy and IT risk posture, and deal with all the business process owners and people factors - and anything else (dirty jobs) that comes along. LOL!

I studied for the CCSP back in 2016 (purchased the book), but just finally got around taking/passing the exam back in February. I'm very family with Azure, and to a lesser extend AWS, but I mainly define security standards and work to ensure cloud services are property configured and hardened - so I mostly just snoop 'n poop or shoulder surf. Although I wasn't planning on it, I also took the Cloud+ (Beta) exam within a couple days - so I studied for both. The reason I took the Cloud+ was because the only $50 and I already had the Study Guide...so what the heck. There was about 50%-60% overlap in KSA, but the CCSP is focused more on solving cloud security business problems from Cloud Security Architect/Practitioner perspective...whereas the Cloud+ is more from the perspective of the security admins spinning-up and configuring cloud services.

Back to Security+...I took Security+, CySA+, Pentest+, and CASP+ because of some downtime due to Covid plandemic, along with the fact an employer had money to pay the bill - so what the heck. Security+ is a very nice certification for anyone waiting on their 5-years of experience to earn the CISSP. While not the CISSP (Gold Standard IMO) it's highly sought after by HR Tech Recruiters and I recommend it. Does a CISSP, or even a CISM need it? No! But it goes very well paired with the CCSP IMO.

As far as the CCSP goes...I recommend all Security types/CISSPs/Security+ also round-out their portfolio by earning the CCSP or CCSK (CCSP IMO)--platform agnostic--and at least one or two certifications be it Azure, AWS or Google Cloud. Why? There's just too many hybrid environments requiring security folks know both infrastructure AND cloud.

When I joined my organization two years ago, employees ran the network/infrastructure and contractors (@ $350 per hour) ran their Azure/M365 and very small AWS environment...poorly and insecurely I might add. We eventually got rid of our contracted support, and not all of our employees were eager to learn cloud engineering and admin skills...sadly, they were the one's let go when downsized last Fall/Winter. The reality was many of our legacy systems were being reengineered in the Azure cloud, and they didn't use their training funds, learn new skills, and certify within a year so just didn't need them. Here's what recommend (all my staff) to remain highly, and quickly, employable: (Street Cred)

1. Security+/CISSP - don't need both...buy most cybersecurity doors won't open without one)
2. CCSP/CCSK - don't need both, but I strongly advice if you're dealing with cloud issues...which is like everyone)
3. Azure/AWS - I don't care if it's fundamentals...recommend at one in Azure and one in AWS.

I hope this answers your question(s). Again, you don't need Security+ and CISSP (or CASP+ for that matter) but you should one in conjunction with the CCSP/CCSK. Not written in stone, just my two-cents and I've done a lot of hiring over the years.

Also, CompTIA is getting ready to roll-out Xpert Series certifications (e.g., Security+ (Professional)-->which leads to CASP+ being rebranded as SecurityX (Expert), Network+ and Cloud+ (Professional)-->which leads to CloudNetX (Professional).

Re: CCSP and Security+

emb021 — Tue, 14 May 2024 14:59:40 GMT

Good comment!

Would add to this.

* CCSP/CCSK. The CCSK is a certificate (not a certification, yes there is a difference!) from the Cloud Security Alliance (CSA). They worked with ISC2 to create the CCSP. Most people say the CCSP is basically the CCSK + CISSP. So if you have the CCSP, don't bother with the CCSK. And if you have the experience, I would say get the CCSP over the the CCSK. I do like that the CSA worked with ISACA to create the CCAK certificate, which is cloud auditing.

I agree on getting AWS/Azure specific certs along with the CCSP. When I was a consultant and looking at getting the CCSP, as I had clients who worked with one or the other, I also planned on doing. Until I got a new job. Weirdly, it was at a company that used BOTH AWS and Azure, so I did plan on getting both. But now I'm at a company that doesn't use the cloud (nor plan too). CCSP is still on my radar, but not as high up on my list. Don't overlook the GCP as well.

Interesting update on what CompTIA is doing. Was aware of their newish "stackable" certs. Guess I'll have to update again my presentation on certifications...

Re: CCSP and Security+

riffjim4069 — Sat, 18 May 2024 19:06:45 GMT

Michael,

I was vaguely aware of the CompTIA stackable certs, but really didn't care about them nor know anyone writing requisitions for them from a hiring manager perspective. Oddly, when I picked-up the Security+, CySA+, Pentest+ and CASP+ certifications, I was awarded five (yes, 5), stackable certifications. Who knew! Honestly, I don't know if they're of any use, or if anyone really cares, but I can honestly say I'm a "Secure Infrastructure Expert" without sounding like I'm boasting. LOL!

*CompTIA: CompTIA Secure Infrastructure Expert (CSIE)
(Security+ / CySA+ / PenTest+ / CASP+)
*CompTIA: CompTIA Security Analytics Professional (CSAP)
(Security+ / CySA+)
*Comptia: CompTIA Network Vulnerability Assessment Professional (CNVP)
(Security+ / PenTest+ )
*Comptia: CompTIA Network Security Professional (CNSP)
(Security+ / CySA+ / PenTest+ )
Comptia: CompTIA Security Analytics Expert (CSAE)
(Security+ / CySA+ / CASP+)

Re: CCSP and Security+

wmheid — Thu, 23 May 2024 11:39:58 GMT

Thank you for the thoughts and response, it gave me a lot to think about over the past week. I definitely have the work experience for the CISSP requirements and have been studying it as I review for my upcoming CCSP exam.

Last weekend, I took some time with LinkedIn and searched for jobs that list specific certifications. Between your response, input from family, input from a few others, and the LinkedIn results, my goals for the next several months in order are: CCSP, Security+, CISM and then CISSP.

We use Crowd Strike and it has some certifications as well, so I may sprinkle in one or two of those certs as well.

Re: CCSP and Security+

emb021 — Thu, 23 May 2024 16:37:02 GMT

@wmheid I would question why are you getting Sec+ when you seem to be shortly getting CISSP. Seems a waste of time and money to get Sec+ unless you can't get the CISSP right now and need it for a job. Because once you have the CISSP, IMO the Sec+ is unnecessary.

Re: CCSP and Security+

wmheid — Thu, 23 May 2024 17:07:19 GMT

@emb021, I agree with what your are saying.

When I searched open jobs in my area on LinkedIn this past weekend, there were 2,100 openings that had CISSP as a requirement and 3,498 for Security+. With the amount of overlap in the two certs, it shouldn't take to much effort for Security+ and since I have been in I.T. for a long while, the combination may open doors that otherwise might not be open.

Re: CCSP and Security+

emb021 — Thu, 23 May 2024 20:45:22 GMT

@wmheid
You do understand that Sec+ is an entry-level cert and would only be listed on entry-level positions? CISSP is a senior cert and would be on mid-level and higher roles. Same for the CCSP & CISM.

If you are at the level of experience to obtain certs like the CCSP, CISSP, and/or CISM, you should NOT be going after entry-level roles that expect only a Sec+.

Re: CCSP and Security+

Early_Adopter — Fri, 24 May 2024 00:26:53 GMT

I mean ultimately it’s your money that you are spending, so if you want to do Security+ before CISSP up to you, I wouldn’t say it’s worthless but most ISC2 certifications validate experience, along with domain knowledge and a decent amount of reading comprehension so you get a bit more use there.

There’s nothing wrong with Security+, and it’s clearly better suited than the CC is right now due to market acceptance, skills based testing however you wouldn’t really put it up against CISSPl(CASP+ fills that area for CompTIA).

It’s always going to be a YMMV, but to Michael’s point if you can prove your entry level/hands on skills the Security+ might give you less ROI over the alternatives.

Re: CCSP and Security+

emb021 — Fri, 24 May 2024 15:20:04 GMT

Despite what CompTIA feels, I would not compare their CASP+ to the CISSP.

I see the CASP+ as a half way to CISSP, between Sec+ and CISSP.

I agree on your point regarding CC vs Sec+. They should be equal, but the CC doesn't yet have awareness in the marketplace, thus companies aren't yet asking for it. That will come.

This is a great visual resource on where certs are:
https://pauljerimy.com/security-certification-roadmap/

He shows CASP+ below CISSP.

Re: CCSP and Security+

wmheid — Sat, 25 May 2024 12:18:52 GMT

Thank you for that awesome visual resource!

Re: CCSP and Security+

Early_Adopter — Sat, 25 May 2024 14:49:18 GMT

CASP+ is the most CISSP like of CompTIA’s certifications. Albeit more technical/hands on and not as well regarded, but it doesn’t require any experience component - and like most of CompTIA’s offering has a practical skills based training and testing, it’s demonstrably comparable it some areas:

https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/

CISSP is arguably much better known, and you’d surely choose it over CASP+, but it’s in the ballpark.

ISC2”’s CC isn’t anything like as useful an entry level certification as CompTIA Security+ nor is it likely to be inside the next 2-3 years. It doesn’t have any hands on training material, what is offered for free amounts to 14 hours of content, and well, it’s a loss leader for a reason.

That’s not to say it’s bad to have , it’s just if you could choose between CC and Security+ - well you switch organisations and go with Security+ - CC will only really be in the same ballpark when it’s as effective at securing roles.

As an aside I was looking at the ISC2/ IBM and Google/CompTIA routes on Coursera- and applied for ‘financial assistance’ telling them I didn’t want to pay any dollars at all, I also disclosed I could afford it but was doing some research:

“ Congratulations! You've been approved to enroll in Introduction to Cybersecurity Careers at 75% off the regular price with 6 months of course access. This discount is time sensitive, so be sure to enroll by Jun 07, 2024. The discount will be automatically applied when you check out.

In addition to financial aid, Coursera offers over 2,800 free courses. You'll get access to all of the course material, but you won't receive a certificate of completion.”

So basically you can do both IBM and google for 12 USD and month for six months then round off with CC for 50 USD AMF a year and Security+ at a third off plus whatever their dues are(mine are all very old and evergreen).

If you’re trying to break into Cybersecurity then anything you don’t spend you save and if I see a CV with Google, IBM, ISC2 and CompTIA on it it would catch my eye.

The Google course also gets you a discount on CompTIA Security+ exam post, it looks like hunting is required:

https://www.linkedin.com/posts/grant-godfrey-35b261100_note-if-you-complete-the-8-part-certificate-activity-7089492392226996224-dfzm

Re: CCSP and Security+

ericgeater — Mon, 01 Jul 2024 14:09:23 GMT

2,100 openings that had CISSP as a requirement and 3,498 for Security+

Those requiring CISSP likely have very different job descriptions than those requiring Security+, because...

With the amount of overlap in the two certs

"Overwhelm" is probably a better term than "overlap" for this comparison. Security+ is a good cert, but it's like looking at a rainbow and seeing only orange and violet. CISSP sees colors, feels heat, and detects gamma rays.

Re: CCSP and Security+

jameswil — Tue, 22 Oct 2024 06:33:48 GMT

Security+ is a great cert if you're just getting into cybersecurity. It covers a broad range of topics like network security, threat management, cryptography, etc. For me it was a solid foundation and helped me understand the core concepts that you need in almost any cybersecurity role.

As for getting both Security+ and CCSP it depends on your goals. Security+ is more general while CCSP is cloud-specific. I’d say Security+ is perfect if you're newer to the field or need to fill in some knowledge gaps. CCSP is better if you're working with cloud technologies or aiming for a cloud-focused role.

For more detailed comparisons, especially if you're trying to align these with your long-term career goals, I recommend checking out this blog post. It highlights key differences between certifications and might help you decide which combination is most useful for your path.