Showing results for 
Show  only  | Search instead for 
Did you mean: 

Help Shape the Next (ISC)2 Cybersecurity Certification

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Help Shape the Next (ISC)2 Cybersecurity Certification

Help Shape the Next (ISC)2 Cybersecurity Certification

Community Manager

Group_JTA_Certification.jpg(ISC)² is excited to share with you that we are initiating an important step in our exam development process, and we need your help!


We are looking for cybersecurity professionals to take our newest Job Task Analysis (JTA) survey. Typically, we will reach out to you to take a JTA survey for the certification that you hold, but this time it’s a little different. (ISC)² is working on developing our first new certification since the CCSP, and it’s aimed at helping cybersecurity career hopefuls get started in the field!


To fill the cybersecurity workforce gap, we need to address the workforce shortage facing the industry, especially among entry- and junior-level positions. A foundational certification will help (ISC)² build a path for professionals around the world to a rewarding, successful career in cybersecurity.


Regardless of what certification you hold (even if you don’t hold one at all), your experience level, your specialty, your industry, your organization size … we want to hear from you! This survey is open to take until October 20, 2021. If you’re an (ISC)² member, you can provide your name and ID # when taking the survey and you’ll earn 5 CPE credits. We’ll add them to your member account by November 12, 2021. If you’re not an (ISC)² member, we still welcome your input and appreciate your participation.


The outcome of this survey will be an exam outline for a new (ISC)² examination to help validate the necessary fundamental skills and abilities cybersecurity deem necessary for those just setting out on their career journey. You can access the survey here:


Please feel free to share the survey with any of your colleagues and peers. Thank you for helping us build a path to cybersecurity success and taking one crucial step toward addressing the workforce gap!


Stay connected for exciting developments on this front in the weeks and months to come. 

Community Champion


Why?  The SSCP was developed as an entry level certification.  I question why the organization needs another entry level certification.


I am asking a few folks that were around for the development of the SSCP to chime in here.


It seems the organization is spending money on recreating the wheel when Money could be well spent on other much needed certification.




I am also asking the new board members their thoughts?


@dhouser @JP 

Newcomer III

Hi Diana,


I can't comment on the reason for this direction (yet - I'm not formally in post until January), but from my view, a true entry level exam is less demanding than the current SSCP. Also the SSCP focuses on technical knowledge hence the "Systems" part of the title, but aspiring security pros may not be wanting to explore the technical route. 


I know its not exactly a direct comparison but when I compare SSCP with other popular tech certifications, Microsoft for example, their fundamentals exams are 40-60 questions over 85 mins rather than 125 over 3hrs and $99 rather than $249. 


I'm not privy to the decision to explore another exam, vs updating the SSCP (albeit I would expect hesitation to change the SSCP drastically due to the impact on existing SSCP certified members), but I do see the need for something super accessible. And I agree with you, there are other certification avenues needing to be explored also. 




Community Champion

@dcontesti I didn't develop the SSCP exam but I have that cert and CompTIA's Security+ cert. While some of the domains between the two are different, they are definitely comparable in a lot of ways (at least in 2018). I view Security+ as an entry level cert with the only difference being you don't have to have the one year experience to get the full cert. CompTIA did add a fundamentals cert that's supposed to be taken before the A+ so that could be what they are trying to do here.   


I have a few guesses but that's all they are at this point.

  • Business decision because there is a bigger market for entry level rather than current experienced professionals seeking certs.
  • Trying to focus on the "what" and "why" we do certain things rather than "how" a particular process works, e.g., cryptography. OJT can help fill in the gaps or studying for higher level certs.
  • The SSCP, while entry level, is rather broad for the necessary knowledge needed for an entry level SOC 1 analyst.

All this being said, I hope it helps alleviate the shortage but my cynical side thinks this is more of an issue with employers not being realistic with their job requirements for entry level staff. 



Just my 2 cents. The CompTia A+, Net+, and Sec+ fill this niche and I'm not sure whether ISC2 needs an entry-level certification. It probably won't dilute the value of our existing certifications but battling for novice level shelf space with EC Council and CompTia may not be the best return on investment.