Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Viewer II


Is it a good idea the get your SSCP first and then go for the CISSP or should I go directly for the CISSP and not bother with the SSCP? What do you recommend and why? Thanks in advance.

17 Replies
Contributor III

Hard to say. It depends on your ability to learn, what you already know, the amount of time you have available and the date on which you want to have achieved something. SSCP requires less experience (1 year versus 5 years), in less domains (1 out of 7 versus 2 out of 😎 and the domains are not quite the same either. SSCP is more "down to earth", practical, more technical, CISSP is more abstract and has more focus on processes, law / legalese. 


If you are already employed for a longer time in the IT/Infosec business and have or aim for a leadership role, given sufficient talent and other resources, I'd go straight for the CISSP. If you are relatively new in our field and aim to (at least for now) do more practical security work, go for the SSCP first.


Another option, especially if you don't have sufficient experience but still aim for a leadership role is to go for Associate first, e.g. study for your CISSP, sit (and pass...) the exam, then acquire sufficient experience to become a CISSP. However, in practice not too many HR departments, headhunters etc. will filter on "associate", probably you'd stand a better chance of being hired if you held the SSCP credential and published that in/on CV's and profiles.


Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E CTT+
Newcomer III

Heinrich is dead on right.  I couldn't say it any better if I tried!  Great advice.

Best regards,
Newcomer II

For your idea..


In March 2017 I had one week, 5 days, SSCPcourse. I did the exam on 31 October and passed.
I have 5 years experience as a system administrator, but not in security.


In the meanwhile I read the study book and made notes, then I learned the slides from the course, learned the notes from the book and did practice questions.

If you are not familiar with the terms of security, like the CIA triad, I would not do SSCP first, but do a beginners course and then SSCP or CISSP depending on your work experience.


Jeroen van de Weerd

Loose lips sink ships....


Newcomer I

Zaib, your "testing" post are good (both the new posting and on this reply..), man.

Newcomer I

Why not both? If you can dedicate the time and effort to write both exams, you should aim for that. Unless there's a specific reason for either/or (i.e., you've found yourself a posting for a position looking for a particular certification, etc.).

In my opinion, the idea behind testing is to ensure you have a firm grasp of the respective topic(s) and being able to complete the examination should only reinforce this fact to potential employers (and of course yourself - boost self-esteem if you need that).


There's a myriad of variables that would dictate one certificate or the other that you can check for yourself. Maybe doing a "pro/con" list for the SSCP and CISSP, then moving forward with what you see?




In either case good luck!


I think several good points were made regarding requirements and the differences between the SSCP and the CISSP.  Personally, I hold the CISSP and the GIAC-GSEC.  I had the GIAC-GSEC prior to gaining the CISSP.  I think from a senior management level the CISSP has been very beneficial.  Also, looking at Information Assurance positions with government related entities such as the DoD, the CISSP will open more doors.  The GIAC-GSEC was a great benefit to me as I started in the security realm of IT, and continues to hold respect with the "boots on the ground".  I think both certifications compliment each other very well.  I've looked a numerous opportunties that prioritized security certifications, and had the CISSP number one with the GIAC-GSEC right behind it.  I think that you can't go wrong with getting the CISSP but the SSCP could be a benefit as well.  That said, it might be worth your while to branch out as well.  At a high-level the CISSP is great, but at some point you'll have to be or work with the guys in the trenches doing the work.  The more detail, knowledge and experience you can have in getting the job done, the more respect you'll earn at multiple levels.  Something like the GIAC-GSEC or the SSCP can help with that.

Newcomer II

My question to that question is always:


"What are your career goals?"


The CISSP is great, as it is well recognized.  I do think some HR departments don't understand it, requiring it for lower level positions.


SSCP is a good practitioner certification.  CISSP is a management level certification.


Without knowing more about your background and goals, it is hard to provide an answer.


Newcomer III

I agree with both Heinrich and Duchess.  


Your ability and experience in the field will of course dictate where you are and which test you should take.  That being stated though, one could assume that the reason you are reviewing these two is for the ultimate goal of a security management position.  Unless you are already working in the security field, and are just one cert away from making the jump to a management position, both certs can be useful. 


In my case, I have taken the SSCP to advance my career in the security arena, and will then take the CISSP to help me move up the ladder to security manager/CISO position.  



Good luck