"foodog" wrote: > I know there are a couple of CISSPs on the list. I'm wondering if > anyone has any firsthand experience with the ISC2's SSCP certification > (or CISSP) they'd be willing to share? I'd be happy to share my experienced. I landed my CISSP early last year, about the same time I got my Cisco CCNP cert. Much to my surprise, the CISSP proved to be the one that garnered interest when I was looking for work back in May. > >From the website it looks like a good cert for someone interested in > infosec work. One of the things that I'm leary of are the continuing > education requirements for certification beyond the initial 3 years. > If, for example, I'd have to take multiple classes from SANS (for > example) at $2400.00 a pop, that'd more than dispose of any pay raise > I'd get as a result of the cert. That'd bite. If I could retake the > test for $250 that wouldn't be so bad... BTW, I know SSCP only > materialised last year, but ISC2's been around awhile. If you work it right, your employer should pick up any such training. I've paid for my Cisco self-study router pod out-of-pocket, but most employers still pick up the rest of my training, even in these troubled times. If your job is security related, make the case that keeping current is required if you're to keep ahead of the bad guys. One caution: The CISSP is NOT very technical, although technical background does help in the domains where it applies. The SSCP seems to be more technically focused, but I expect there's still not a lot of depth. ISC2 seems to focus on "career" certification, where you have to know a lot from many areas. That's not BAD, it's just very DIFFERENT than most certifications where you're remembering product specifics. The good news is that it'll likely have a lot more shelf life as a result. The hardest part of CISSP prep was the lack of good study material. There are PLENTY of references mind you, but none that are particularly focused. The SRV texts which are the most CISSP-centric were so filled with errors that I spent more time underlining mistakes -- at least in the networking sections -- than underlining things to remember. Beware anything similar for SSCP. I have seen CISSP listed as a required certification on a couple of RFPs that we've responded to in recent months, so it is a recognized certification. SANS GIAC seems commonly asked for as well, but CISSP has tended to lead the list. > It looks like there's only one in-state test date this year, April 13, > so I'm trying to get whatever info I can as quickly as I can. If you're going for that date, I'd suggest you start by finding the list of references for each of the SSCP domains, and read 'em. It's a lot, but there's overlap. Keep notes according to domain for a final review, and pull the 'best of' from each text. I managed to do actual prep for the CISSP in two weeks, but I wouldn't recommend it. I did take the "Prep for Success" class during that time, and I'd recommended one if available. One encouraging note: While the SRV example questions were horrid, I had no issue with the actual exam questions. They seem to have weeded out most of the obnoxious ones. - Bob