You’re considering a cybersecurity certification and the SSCP and CISSP are both on your list. After comparing the material, you’re thinking there’s a good bit of overlap between the two. But is there, really? And if you sit for one exam would you be able to sit for the other without additional study or preparation?
These are excellent questions. In fact, we hear them a lot. And the reality is, there ARE commonalities, which is true for most things in the field. However, these two certifications are wholly different and were developed from two distinct perspectives.
In many ways, the CISSP certification holder would find the SSCP exam more difficult, as it’s focused on technical application. Although considered “entry level,” the SSCP is designed for the technical practitioner. It covers how to incorporate, build, design and apply security to technology.
Alternatively, the CISSP was designed with leaders in mind. It emphasizes how to build a program and apply concepts of security to the business. Also, the frame of reference for each certification is poles apart. SSCP tends to focus on technical application, and CISSP on the business alignment of that application.
Another important point to consider is depth and breadth: SSCP has more depth; CISSP has more breadth. (ISC)2 members who hold both credentials say each opens doors and benefits them professionally. Many pursue the SSCP first as they work toward getting managerial experience needed to obtain the CISSP.
To qualify for the SSCP, candidates must have at least a year of cumulative, paid, full-time work experience in one of the seven domains. For the CISSP, candidates must have at least five years of cumulative, paid, full-time work experience in two of the certification’s eight domains.
|SSCP Domains||CISSP Domains|
|Access Controls||Security Risk Management|
|Security Operations and Administration||Asset Security|
|Risk Identification, Monitoring and Analysis||Security Architecture and Engineering|
|Incident Response and Recovery||Communication and Network Security|
|Cryptography||Identity and Access Management|
|Network and Communications Security||Security Assessment and Testing|
|Systems and Application Security||Security Operations|
|Software Development Security|
|Number of Items||125||100-150|
|Maximum Time Allowed||3 hours||3 hours|
|Passing Score (out of 100)||700||700|
|Available Formats||English, Japanese, Brazilian Portuguese||English, French, German, Brazilian Portuguese, Spanish, Japanese, Simplified Chinese, Korean*|
*Format also available to accommodate visual impairment.
For a deeper dive into each certification, download the latest (ISC)² Ultimate Guides to the SSCP or CISSP.
For a quick knowledge check, take the (ISC)² Practice Quizzes on CISSP or SSCP.