Making Sense of Certifications: SSCP vs. Security+
Systems Security Certified Practitioner (SSCP) OverviewThe SSCP certification strengthens an individual’s security posture, proving they have the hands-on technical ability to handle daily procedures, which will improve data confidentiality, integrity, and availability.Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.ISC2 says, “The SSCP is a certification for the hands-on practitioner who continuously monitors information systems to safeguard against security threats while having the knowledge to apply security concepts, tools and procedures to react to security incidents… The SSCP’s focus is on the technical aspects of information security and on the design, implementation, and administration of information systems in compliance with stated policies.”
Who is the SSCP Meant for?According to ISC2, they list the following positions as ideal for those working as or transitioning into to obtain the SSCP:
- Network Security Engineer
- Systems / Network Administrator
- Security Analyst
- Systems Engineer
- Security Specialist/ Consultant
- Security Administrator
- Systems/ Network Analyst
- Database Administrator
Required ExperienceProfessionals must have a minimum of 1 year cumulative paid full-time work experience in 1 or more of the SSCP CBK domains, this is quite unlike the Security Pus exam, in which testers do not have to have any previous work experience to sit for the exam.
Earning PotentialAccording to Payscale.com, the average SCCP holder has between one to four years of experience in IT, and earns as much as $88,000 per year. The highest paid employees with the SCCP are those who also hold a master’s degree in a related field.
Additional NoteSSCP certification is one of the US Department of Defense (DOD)-approved baseline certifications for both Level I and Level II Information Assurance Technical (IAT) certifications.
SSCP Exam DetailsThe SSCP is the only exam required to obtain your SSCP certification. This exam tests an individual’s competence in 7 domains, which include:
- Access Controls
- Security Operations and Administration
- Risk Identification, Monitoring, and Analysis
- Incident Response and Recovery
- Network and Communications Security
- Systems and Application Security
Security+ Exam DetailsThe CompTIA SY0-401 is the only exam required to obtain your Security Plus certification. This exam covers 7 general topics, which include:
- Network Security
- Compliance and Operation Security
- Threats and Vulnerabilities
- Application, Data, and Host Security
- Access Control
- Identity Management
What do your peers say?“The SSCP is for serious, dedicated information security professionals who are not quite ready to take the CISSP exam… The SSCP is administered in a very professional fashion, just like the CISSP, and it thus carries some degree of the respect that goes along with that credential. It’s also from ISC2 just like the CISSP, so that helps it as well. It shows that you’re serious about your career. If you can’t show the 3-4 years experience required for the CISSP, or you don’t feel you can pass the CISSP exam, and someone else is paying, I’d say go for the SSCP. If nothing else, it will help prepare you for the CISSP that will surely be in your future.”
- Daniel Miessler
How can I prepare for the SSCP exam?We recommend using the Systems Security Certified Practitioner (SSCP) Practice Exam to prepare for your certification exam. When you purchase a practice exam, you gain 6-month access to a world of information that can help you succeed on the exam, including analytics on your strengths and weaknesses.This Transcender product offers 3 study modes including: simulated exams, topical review, and flashcards.
SSCP vs. Security+Now that you’ve seen greater detail of the SSCP, as well as some of the similarities between the two, I’ll dive a bit deeper.The SSCP requires working experience where the Security Plus does not, and although each exam is composed of 7 domains, they do not match to one another directly. From the research I’ve done, the SSCP exam itself requires more knowledge application and less straightforward questions. The exam is written in a similar style to the CISSP, so critical thinking is crucial. One example SSCP question I came across was ‘At what temperature does damage start occurring to magnetic media?’You may find the SSCP less commonly requested than the Security+ in terms of job requirements, but remember, that depends on the job and the role. In the description of the SSCP, it puts an emphasis on’ technical aspects of information security.’ Mike Chapple of Certification Magazine said, “Holders of the SSCP credential are particularly well-qualified for security engineering, monitoring, and implementation positions, where they serve in a hands-on security capacity.”
To SummarizeWhile there are certainly a number of similarities to the Security+, the SSCP is a different exam. Whether it’s more like the CASP or CISSP, is a matter of opinion. Certain elements of each of these exams overlap, but they are not entirely the same, so it’s best to consider a few things before making a decision on which is best for you:
- Your current skillset/ certifications
- The content of the exam/ what skills it focuses on
- The job you would like relative to which certifications one in that role is likely to have
- Future goals. So, as Daniel said, if you want to eventually obtain the CISSP but are not quite ready, perhaps consider the SSCP first
Hopefully, with the information I provided, you’ve gotten more insight into the ‘less-known’ SSCP exam and are one-step closer to identifying which exam is best for you.
Looking for More?Comment below with your request for future posts.
Do you like to write about your infosec knowledge, skills, opinions, or exploits?
Publish your original research, tutorials, articles, or other written content on Cybray's blog to be seen by thousands of infosec readers daily!