topic Re: SSCP after CISSP in Exams

SSCP after CISSP

scasc — Tue, 12 Sep 2023 21:04:18 GMT

Hi all,

Has anyone obtained the SSCP after CISSP? Appreciate it’s a stepping stone to obtaining it but I’ve been recommended to look at it as I’m keen to further enhance my technical knowledge aa my role entails undertaking technical assurance assessments.

Have 20 years experience and lots of other certs but just keen to I) keep up CPE’s and II) enhance technical knowledge for work related reasons.

From what I see SSCP is pretty much for someone with only 1 year experience, so not sure if it goes into depth regarding technicality. I obtained CISSP 10 years ago.

I did look at CGRC but from what I can tell it’s RMF process related, I’m looking to enhance knowledge of technical security controls as part of my work in undertaking security architecture and assurance assessments.

Any advise would be greatly appreciated

Thanks in advance.

Re: SSCP after CISSP

dcontesti — Wed, 13 Sep 2023 07:45:13 GMT

For my nickel,

I got the SSCP (many moons ago) after holding the CISSP for a number of years. My reasoning at the time, was that I was CISO and wanted to gage the knowledge level of multiple certifications for my staff (i.e., did all my staff need to be CISSPs or did they all need the CISM or ?). Some of folks, only needed to be a SSCP as they were going to specialize in other areas.

The SSCP was initially developed as an entry level certification and the original intent was to build additional certifications on it such as Firewall, or UNIX or Networking, etc. Through time and management teams, this changed.

Depending on your job function, I might recommend that you look at the CSSLP or the Cloud Certification or even a certification that specializes in Firewalls or Fraud.

Again only my nickel Canadian.

Re: SSCP after CISSP

heidymadia — Wed, 13 Sep 2023 09:06:42 GMT

@dcontesti I just wonder your thought on CISSP-ISSMP after CISSP.

Re: SSCP after CISSP

dcontesti — Wed, 13 Sep 2023 12:16:21 GMT

@heidymadia

My take only, the ISSMP is great to for folks who are looking to become CISOs. It allows someone to demonstrate that they have advance knowledge in the Management areas of the CISSP. It allows demonstrates an understanding of the Management of a Security Program from start to finish, as it covers areas such as Risk, Risk Management, Contingency management, Laws, etc.

It also will provide a leg up for folks that wish to work for Security Vendors.

Of course, these are MY personal opinions only.

d (full disclosure, I hold the SSCP, CISSP, CISSP-ISSAP, CISSP-ISSMP, and the CSSLP).

Re: SSCP after CISSP

scasc — Wed, 13 Sep 2023 13:31:33 GMT

Thanks for the response. I was looking at CSSLP but my work is pretty much doing Technical Risk Assurance assessments looking at the technical controls proposed by the architecture team. This could cover pretty much anything - cloud/OS/networks/applications/DB's etc.

Based on this I thought the CSSLP may not be relevant to my work? Maybe SSCP more general and suitable as covers topics of interest - just concerned its for entry level/1 year experience.

For note - I have the CCSP as well, plus the ISACA and SANS/GIAC certs.

Any info would be greatly appreciated on what to look at next.

Re: SSCP after CISSP

Steve-Wilme — Wed, 13 Sep 2023 14:07:46 GMT

If the CSSLP is still broken down in something of a water fall manner you might want to consider how what it teaches might work in a DevOps environment, before committing to get certified. I bought the CBK, read and then decided I'd be better off taking the ISSMP and ISSAP concentrations, but it depends very much on the sort of organisation you work in.

Re: SSCP after CISSP

scasc — Wed, 13 Sep 2023 19:38:36 GMT

Thanks for the response. I work in the UK but in the Gov area. So heavily regulated, lots governance and basically technically assuring products, systems and controls.

Will check Csslp again, but any recommendations for issap perhaps?

Re: SSCP after CISSP

mav51 — Sun, 17 Sep 2023 06:08:38 GMT

Hi,

Hope all is well. I have passed SSCP in July and I must admit I liked it. I come with strong foundation in network engineering and system administration and yet again it didn't let me down. the course covers wide ranges of technical aspects mostly in a theoretic way, but I found it vital for those experts who wants to apply their knowledge in a more effective way.

It certainly helps you to make more solid technical decisions.

Re: SSCP after CISSP

Maxim-Masiutin — Tue, 26 Sep 2023 10:20:06 GMT

I took SSCP and then CISSP. Depending on your domain areas, SSCP can be more difficult because it focuses on technical controls, networks and communication, and data forensics. It has many questions that require deep analysis of situations and good technical knowledge in things such as cryptography and network protocols, in addition to what I already mentioned. While in CISSP, such domains are only a part of the question, in SSCP it is the majority of them. If you have experience in penetration testing, then SSCP should be easier for you, but If you practice in security governance administration and risk management, then SSCP should be difficult because it barely covers security governance, and is mostly focused on technical skills.

Re: SSCP after CISSP

scasc — Wed, 27 Sep 2023 14:33:12 GMT

Many thanks for the feedback everyone. I am looking to dive deeper into technical topics to support the technical assurance consultancy work I do. So by the sounds of it, it could be a good option.

I have been put off only because I have spoken to people who have said its entry level and they have simply gone for the exam and passed. Perhaps they have strong background.

Re: SSCP after CISSP

SebastienFr — Wed, 17 Apr 2024 07:46:56 GMT

Hello All,

Scasc, what did you decide in the end ? Did you take the SSCP ?

I have the same questions, so any feedback would be greatly appreciated.

Also, if anyone has any input on CCISO cert, it would also be greatly appreciated.

Thank you.

Re: SSCP after CISSP

scasc — Wed, 17 Apr 2024 12:51:29 GMT

Hi,

I never did the SSCP in the end as I have been told its more for beginners.

I have done the CCISO cert, so if you have any questions let me know. It was an interesting cert and covered key aspects of what a CISO would get involved with. Things like day 1 security governance, day 2 finance, day 3 project management etc etc.

Re: SSCP after CISSP

SebastienFr — Wed, 17 Apr 2024 12:55:04 GMT

Thank you your answer; I do also think SSCP is not a good answer after CISSP.

So, is the CCISO cert difficulat after CISSP (and CSSP)? Do you have any suggestions ?

Thank you for your help.

Re: SSCP after CISSP

scasc — Wed, 17 Apr 2024 15:02:43 GMT

Good to know thanks.
CCISO is tailored for a different market if compared to CISSP/CCSP. Its specifically covering CISO level topics such as risk, compliance, governance, finance etc. If your role needs such skills then its a good one to explore, otherwise little point.
I have found the SANS courses the best personally out of everyone as they have some great ones catering for different audiences.

Re: SSCP after CISSP

SebastienFr — Wed, 17 Apr 2024 17:26:14 GMT

Thank you for your feeback on CCISO domains and also the information about SANS training.