SSCP program? kinda off-topic.
Bob George
plug-discuss@lists.plug.phoenix.az.us
Sun, 10 Feb 2002 12:26:51 -0700
"foodog" <foodog@uswest.net> wrote:
> I know there are a couple of CISSPs on the list. I'm wondering if
> anyone has any firsthand experience with the ISC2's SSCP certification
> (or CISSP) they'd be willing to share?
I'd be happy to share my experienced. I landed my CISSP early last year,
about the same time I got my Cisco CCNP cert. Much to my surprise, the
CISSP proved to be the one that garnered interest when I was looking for
work back in May.
> >From the website it looks like a good cert for someone interested in
> infosec work. One of the things that I'm leary of are the continuing
> education requirements for certification beyond the initial 3 years.
> If, for example, I'd have to take multiple classes from SANS (for
> example) at $2400.00 a pop, that'd more than dispose of any pay raise
> I'd get as a result of the cert. That'd bite. If I could retake the
> test for $250 that wouldn't be so bad... BTW, I know SSCP only
> materialised last year, but ISC2's been around awhile.
If you work it right, your employer should pick up any such training. I've
paid for my Cisco self-study router pod out-of-pocket, but most employers
still pick up the rest of my training, even in these troubled times. If your
job is security related, make the case that keeping current is required if
you're to keep ahead of the bad guys.
One caution: The CISSP is NOT very technical, although technical background
does help in the domains where it applies. The SSCP seems to be more
technically focused, but I expect there's still not a lot of depth. ISC2
seems to focus on "career" certification, where you have to know a lot from
many areas. That's not BAD, it's just very DIFFERENT than most
certifications where you're remembering product specifics. The good news is
that it'll likely have a lot more shelf life as a result.
The hardest part of CISSP prep was the lack of good study material. There
are PLENTY of references mind you, but none that are particularly focused.
The SRV texts which are the most CISSP-centric were so filled with errors
that I spent more time underlining mistakes -- at least in the networking
sections -- than underlining things to remember. Beware anything similar for
SSCP.
I have seen CISSP listed as a required certification on a couple of RFPs
that we've responded to in recent months, so it is a recognized
certification. SANS GIAC seems commonly asked for as well, but CISSP has
tended to lead the list.
> It looks like there's only one in-state test date this year, April 13,
> so I'm trying to get whatever info I can as quickly as I can.
If you're going for that date, I'd suggest you start by finding the list of
references for each of the SSCP domains, and read 'em. It's a lot, but
there's overlap. Keep notes according to domain for a final review, and pull
the 'best of' from each text. I managed to do actual prep for the CISSP in
two weeks, but I wouldn't recommend it. I did take the "Prep for Success"
class during that time, and I'd recommended one if available.
One encouraging note: While the SRV example questions were horrid, I had no
issue with the actual exam questions. They seem to have weeded out most of
the obnoxious ones.
- Bob