For my nickel,
I got the SSCP (many moons ago) after holding the CISSP for a number of years. My reasoning at the time, was that I was CISO and wanted to gage the knowledge level of multiple certifications for my staff (i.e., did all my staff need to be CISSPs or did they all need the CISM or ?). Some of folks, only needed to be a SSCP as they were going to specialize in other areas.
The SSCP was initially developed as an entry level certification and the original intent was to build additional certifications on it such as Firewall, or UNIX or Networking, etc. Through time and management teams, this changed.
Depending on your job function, I might recommend that you look at the CSSLP or the Cloud Certification or even a certification that specializes in Firewalls or Fraud.
Again only my nickel Canadian.
My take only, the ISSMP is great to for folks who are looking to become CISOs. It allows someone to demonstrate that they have advance knowledge in the Management areas of the CISSP. It allows demonstrates an understanding of the Management of a Security Program from start to finish, as it covers areas such as Risk, Risk Management, Contingency management, Laws, etc.
It also will provide a leg up for folks that wish to work for Security Vendors.
Of course, these are MY personal opinions only.
d (full disclosure, I hold the SSCP, CISSP, CISSP-ISSAP, CISSP-ISSMP, and the CSSLP).
Thanks for the response. I was looking at CSSLP but my work is pretty much doing Technical Risk Assurance assessments looking at the technical controls proposed by the architecture team. This could cover pretty much anything - cloud/OS/networks/applications/DB's etc.
Based on this I thought the CSSLP may not be relevant to my work? Maybe SSCP more general and suitable as covers topics of interest - just concerned its for entry level/1 year experience.
For note - I have the CCSP as well, plus the ISACA and SANS/GIAC certs.
Any info would be greatly appreciated on what to look at next.
If the CSSLP is still broken down in something of a water fall manner you might want to consider how what it teaches might work in a DevOps environment, before committing to get certified. I bought the CBK, read and then decided I'd be better off taking the ISSMP and ISSAP concentrations, but it depends very much on the sort of organisation you work in.
Hope all is well. I have passed SSCP in July and I must admit I liked it. I come with strong foundation in network engineering and system administration and yet again it didn't let me down. the course covers wide ranges of technical aspects mostly in a theoretic way, but I found it vital for those experts who wants to apply their knowledge in a more effective way.
It certainly helps you to make more solid technical decisions.
I took SSCP and then CISSP. Depending on your domain areas, SSCP can be more difficult because it focuses on technical controls, networks and communication, and data forensics. It has many questions that require deep analysis of situations and good technical knowledge in things such as cryptography and network protocols, in addition to what I already mentioned. While in CISSP, such domains are only a part of the question, in SSCP it is the majority of them. If you have experience in penetration testing, then SSCP should be easier for you, but If you practice in security governance administration and risk management, then SSCP should be difficult because it barely covers security governance, and is mostly focused on technical skills.
Many thanks for the feedback everyone. I am looking to dive deeper into technical topics to support the technical assurance consultancy work I do. So by the sounds of it, it could be a good option.
I have been put off only because I have spoken to people who have said its entry level and they have simply gone for the exam and passed. Perhaps they have strong background.