Last week I passed the SSCP exam. Here are my thoughts and experience in how it went.
For study materials, I used Darrel Gibson's All-in-One book (Gold) and Sybex study guide by George Murphy. I started with the Sybex book and found that in some areas it was thorough, but in other areas, like Disaster Recovery, I suspected the author was getting paid by the word. The topics were too drawn out. Switching to the All-in-One book was a more effective strategy for me. If there were call outs in the books that noted specific items for testing, I wrote them down as notes in my notebook. Additionally, if there were topics that were too lightly covered or summarized, I would research those on my own.
After reading through both books, I went over my notes and reviewed anything that I was uncomfortable with. I walked in to the test without any practice testing, although I have done plenty in the past for Microsoft exams.
I was overly impressed with the security at the Pearson-Vue center. It was professional and there were no shortcuts to validating one's identity. After the 30 minute check-in process, I was seated in the testing room and I felt prepared.
I can't go in to details about the exam, but my advice is to be prepared to fully understand each topic of the CBK as if you were teaching it.
After 1.5 hours, I was through the question bank, I went back and reviewed the questions I flagged (which were the ones I felt least comfortable with). I hit submit, feeling a lot less confident that I passed. But after the march to the front, I was given my result, which was a pass! Whew.
If you are preparing for the exam, focus on the concepts. If you understand them completely, you can answer any questions about them. Was it tough? Yes. Was it worth it? YES.
Now, back to studying for the CISSP...
I'm failed in CISSP Yesterday as the exam was purely based on concepts & real world experience. You need to think & act like a infosec manager, CISO, COO, CIO etc...
I'm working as a system analyst & have end-to-end technical expertise in 3 domain out of 8 in CISSP.
As I'm failed in CISSP, I'm thinking to pursue SSCP becuase 80% course study material is same. But, prior to book the exam, I'd like to know is it a technical exam or not. CISSP is purely managerial kind of exam. I referred many CISSP official books & while entering into exam centre, I was quiet confident that will clear exam within 2 hours considering my preparation on technical ground, but I was wrong....!!! 😞
So, considering my technical expertise, I want to undergo SSCP or CompTIA Security+ & need your vital inputs of selection the right certification track. Will go for CISSP once I act & think like a manager.. 🙂
Please guide me.