In an earlier post, I compared the CSA+ against the CEH, and touched upon a few additional security certs I felt may be of interest. Since then, I’ve gotten the suggestion to compare two other popular security certifications, the Systems Security Certified Practitioner (SSCP) from ISC2 and CompTIA’s Security+.Perhaps both fortunately and unfortunately for us in the IT and cyber world, there are plenty of certifications to choose from, so while we may have many options based on our skill set, it can be difficult for those just starting out to determine which is best.You may have heard that the SSCP is comparable to the Security Plus certification, and sure in terms of pricing, length, and essential ‘domains,’ it is. Others would argue it is closer to the CISSP. Based on my research, I would argue it is closer to the CASP, right in the middle despite the fact that SSCP is labeled an ‘entry-level’ certification.But, for the sake of the request, I will compare it to the Security+ and offer greater details regarding the SSCP overall.
Systems Security Certified Practitioner (SSCP) Overview
The SSCP certification strengthens an individual’s security posture, proving they have the hands-on technical ability to handle daily procedures, which will improve data confidentiality, integrity, and availability.Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.ISC2 says, “The SSCP is a certification for the hands-on practitioner who continuously monitors information systems to safeguard against security threats while having the knowledge to apply security concepts, tools and procedures to react to security incidents… The SSCP’s focus is on the technical aspects of information security and on the design, implementation, and administration of information systems in compliance with stated policies.”
Who is the SSCP Meant for?
According to ISC2, they list the following positions as ideal for those working as or transitioning into to obtain the SSCP:
- Network Security Engineer
- Systems / Network Administrator
- Security Analyst
- Systems Engineer
- Security Specialist/ Consultant
- Security Administrator
- Systems/ Network Analyst
- Database Administrator
Professionals must have a minimum of 1 year cumulative paid full-time work experience in 1 or more of the SSCP CBK domains, this is quite unlike the Security Pus exam, in which testers do not have to have any previous work experience to sit for the exam.
According to Payscale.com, the average SCCP holder has between one to four years of experience in IT, and earns as much as $88,000 per year. The highest paid employees with the SCCP are those who also hold a master’s degree in a related field.
SSCP certification is one of the US Department of Defense (DOD)-approved baseline certifications for both Level I and Level II Information Assurance Technical (IAT) certifications.
SSCP Exam Details
The SSCP is the only exam required to obtain your SSCP certification. This exam tests an individual’s competence in 7 domains, which include:
- Access Controls
- Security Operations and Administration
- Risk Identification, Monitoring, and Analysis
- Incident Response and Recovery
- Network and Communications Security
- Systems and Application Security
The exam consists of 125 multiple-choice questions which testers have 3 hours to complete. You must receive a score of 700 or higher out of 1,000 in order to pass.
Security+ Exam Details
- Network Security
- Compliance and Operation Security
- Threats and Vulnerabilities
- Application, Data, and Host Security
- Access Control
- Identity Management
The exam consists of 90 multiple choice and performance-based questions which testers have 90 minutes to complete. You must receive a score of 750 or higher out of 900 to pass.
What do your peers say?
“The SSCP is for serious, dedicated information security professionals who are not quite ready to take the CISSP exam… The SSCP is administered in a very professional fashion, just like the CISSP, and it thus carries some degree of the respect that goes along with that credential. It’s also from ISC2 just like the CISSP, so that helps it as well. It shows that you’re serious about your career. If you can’t show the 3-4 years experience required for the CISSP, or you don’t feel you can pass the CISSP exam, and someone else is paying, I’d say go for the SSCP. If nothing else, it will help prepare you for the CISSP that will surely be in your future.”
- Daniel Miessler
How can I prepare for the SSCP exam?
We recommend using the Systems Security Certified Practitioner (SSCP) Practice Exam to prepare for your certification exam. When you purchase a practice exam, you gain 6-month access to a world of information that can help you succeed on the exam, including analytics on your strengths and weaknesses.This Transcender product offers 3 study modes including: simulated exams, topical review, and flashcards.
SSCP vs. Security+
Now that you’ve seen greater detail of the SSCP, as well as some of the similarities between the two, I’ll dive a bit deeper.The SSCP requires working experience where the Security Plus does not, and although each exam is composed of 7 domains, they do not match to one another directly. From the research I’ve done, the SSCP exam itself requires more knowledge application and less straightforward questions. The exam is written in a similar style to the CISSP, so critical thinking is crucial. One example SSCP question I came across was ‘At what temperature does damage start occurring to magnetic media?’You may find the SSCP less commonly requested than the Security+ in terms of job requirements, but remember, that depends on the job and the role. In the description of the SSCP, it puts an emphasis on’ technical aspects of information security.’ Mike Chapple of Certification Magazine said, “Holders of the SSCP credential are particularly well-qualified for security engineering, monitoring, and implementation positions, where they serve in a hands-on security capacity.”
While there are certainly a number of similarities to the Security+, the SSCP is a different exam. Whether it’s more like the CASP or CISSP, is a matter of opinion. Certain elements of each of these exams overlap, but they are not entirely the same, so it’s best to consider a few things before making a decision on which is best for you:
- Your current skillset/ certifications
- The content of the exam/ what skills it focuses on
- The job you would like relative to which certifications one in that role is likely to have
- Future goals. So, as Daniel said, if you want to eventually obtain the CISSP but are not quite ready, perhaps consider the SSCP first
Hopefully, with the information I provided, you’ve gotten more insight into the ‘less-known’ SSCP exam and are one-step closer to identifying which exam is best for you.
Looking for More?
Comment below with your request for future posts.