SSCP after CISSP

scasc · ‎09-12-2023

Hi all,

Has anyone obtained the SSCP after CISSP? Appreciate it’s a stepping stone to obtaining it but I’ve been recommended to look at it as I’m keen to further enhance my technical knowledge aa my role entails undertaking technical assurance assessments.

Have 20 years experience and lots of other certs but just keen to I) keep up CPE’s and II) enhance technical knowledge for work related reasons.

From what I see SSCP is pretty much for someone with only 1 year experience, so not sure if it goes into depth regarding technicality. I obtained CISSP 10 years ago.

I did look at CGRC but from what I can tell it’s RMF process related, I’m looking to enhance knowledge of technical security controls as part of my work in undertaking security architecture and assurance assessments.

Any advise would be greatly appreciated

Thanks in advance.

dcontesti · ‎09-13-2023

For my nickel,

I got the SSCP (many moons ago) after holding the CISSP for a number of years. My reasoning at the time, was that I was CISO and wanted to gage the knowledge level of multiple certifications for my staff (i.e., did all my staff need to be CISSPs or did they all need the CISM or ?). Some of folks, only needed to be a SSCP as they were going to specialize in other areas.

The SSCP was initially developed as an entry level certification and the original intent was to build additional certifications on it such as Firewall, or UNIX or Networking, etc. Through time and management teams, this changed.

Depending on your job function, I might recommend that you look at the CSSLP or the Cloud Certification or even a certification that specializes in Firewalls or Fraud.

Again only my nickel Canadian.

d

heidymadia · ‎09-13-2023

@dcontesti I just wonder your thought on CISSP-ISSMP after CISSP.

dcontesti · ‎09-13-2023

@heidymadia

My take only, the ISSMP is great to for folks who are looking to become CISOs. It allows someone to demonstrate that they have advance knowledge in the Management areas of the CISSP. It allows demonstrates an understanding of the Management of a Security Program from start to finish, as it covers areas such as Risk, Risk Management, Contingency management, Laws, etc.

It also will provide a leg up for folks that wish to work for Security Vendors.

Of course, these are MY personal opinions only.

d (full disclosure, I hold the SSCP, CISSP, CISSP-ISSAP, CISSP-ISSMP, and the CSSLP).

scasc · ‎09-13-2023

Thanks for the response. I was looking at CSSLP but my work is pretty much doing Technical Risk Assurance assessments looking at the technical controls proposed by the architecture team. This could cover pretty much anything - cloud/OS/networks/applications/DB's etc.

Based on this I thought the CSSLP may not be relevant to my work? Maybe SSCP more general and suitable as covers topics of interest - just concerned its for entry level/1 year experience.

For note - I have the CCSP as well, plus the ISACA and SANS/GIAC certs.

Any info would be greatly appreciated on what to look at next.

Steve-Wilme · ‎09-13-2023

If the CSSLP is still broken down in something of a water fall manner you might want to consider how what it teaches might work in a DevOps environment, before committing to get certified. I bought the CBK, read and then decided I'd be better off taking the ISSMP and ISSAP concentrations, but it depends very much on the sort of organisation you work in.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS

scasc · ‎09-13-2023

Thanks for the response. I work in the UK but in the Gov area. So heavily regulated, lots governance and basically technically assuring products, systems and controls.

Will check Csslp again, but any recommendations for issap perhaps?

mav51 · ‎09-17-2023

Hi,

Hope all is well. I have passed SSCP in July and I must admit I liked it. I come with strong foundation in network engineering and system administration and yet again it didn't let me down. the course covers wide ranges of technical aspects mostly in a theoretic way, but I found it vital for those experts who wants to apply their knowledge in a more effective way.

It certainly helps you to make more solid technical decisions.

Maxim-Masiutin · ‎09-26-2023

I took SSCP and then CISSP. Depending on your domain areas, SSCP can be more difficult because it focuses on technical controls, networks and communication, and data forensics. It has many questions that require deep analysis of situations and good technical knowledge in things such as cryptography and network protocols, in addition to what I already mentioned. While in CISSP, such domains are only a part of the question, in SSCP it is the majority of them. If you have experience in penetration testing, then SSCP should be easier for you, but If you practice in security governance administration and risk management, then SSCP should be difficult because it barely covers security governance, and is mostly focused on technical skills.

scasc · ‎09-27-2023

Many thanks for the feedback everyone. I am looking to dive deeper into technical topics to support the technical assurance consultancy work I do. So by the sounds of it, it could be a good option.

I have been put off only because I have spoken to people who have said its entry level and they have simply gone for the exam and passed. Perhaps they have strong background.