Results 1 to 7 of 7

Thread: SSCP Certification

  1. #1
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default SSCP Certification

    Hi all,

    Has anyone passed this exam and earnd an SSCP certification? Where do you think it fits in an information security professionals toolbox?(I.e, Begginer,intermeediate, advanced) What are the requirements? (The real ones, i mean, what qualifys as infosec experience), What is the exam like, and maybe most importantly how does one get an endorsement?
    "You're only smoke and mirrors..."

  2. #2
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by SephStorm View Post
    Hi all,

    Has anyone passed this exam and earnd an SSCP certification? Where do you think it fits in an information security professionals toolbox?(I.e, Begginer,intermeediate, advanced) What are the requirements? (The real ones, i mean, what qualifys as infosec experience), What is the exam like, and maybe most importantly how does one get an endorsement?
    I think you'll find a lot of us around here think certs are good for when you run out of toilet paper in the bathroom. They look pretty on the wall (some times) and that's really about it. They just prove you can read and pass a test, doesn't actually mean you know the subject matter. See the 8 year old MCSE, or the 9 year old MCP. I'm pretty sure there are a few threads here on certs and what counts as experience in the field.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  3. #3
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    And I have heard that. but I dissagree. I work hard for every cert I have, and I respect those people who take the time and money (three grand for a course seems like dedication to me) to work towards a cert. I also know many professionals who earned their certs and know their stuff. I have heard the complaints, that they don't correctly test true understanding of the subject matter, that people can brain dump their way through it, however, none of that applies to me. I want to learn systems and systems administration security. I have no one to teach me. And these days you need experience to get any kid of a job. Certs are preferred and required by employers (Check out DoD 8570.1).

    I just recently got my Security5, A+/Net+. The last two are the basics. Most people in the industry have them. I earned the S5 to show that not only do I know computers and networks, but I have an interest in security. I will eventually get the Security+ for my MCSA: Security, but I'm looking for a cert that really bridges the gap for me, someone who has never worked on(Administered) a server, never done the things you guys have been doing since your teenage years.
    "You're only smoke and mirrors..."

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by SephStorm View Post
    Hi all,

    Has anyone passed this exam and earnd an SSCP certification? Where do you think it fits in an information security professionals toolbox?(I.e, Begginer,intermeediate, advanced)
    personally I've been doing IT Security stuff for about 5 years now and I don't know anyone that has this cert. However, everyone I know does have their CISSP.
    What are the requirements? (The real ones, i mean, what qualifys as infosec experience),
    What counts as InfoSec experience really kind of depends on who you get to endorse you. Some people feel that SysAdmin work (assuming you're a decent admin) involves InfoSec work on a daily basis (handling user accounts/permissions/privileges, dealing with security devices IDS/IPS/FW/VPN, performing secure builds of servers (OS/Web/DB), dealing with security incidents (Virii, spam, etc). Other people do not feel this is the case and only call full time Vulnerability Assessment Analysts, Pentesters, Threat and Risk Assessment Analysts, etc InfoSec professionals. Personally I lean towards option 1, just because it wasn't specifically in your job title doesn't mean you didn't actively deal with it regularly.
    What is the exam like,
    I haven't taken it, but if it's anything like the CISSP exam it's more about reading comprehension than anything.
    and maybe most importantly how does one get an endorsement?
    Find someone that already has a certification (I haven't read but does it have to be a SSCP? Or can any ISC2 certified individual do it? i.e.: Someone that holds a CISSP).
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Barry View Post
    I think you'll find a lot of us around here think certs are good for when you run out of toilet paper in the bathroom. They look pretty on the wall (some times) and that's really about it. They just prove you can read and pass a test, doesn't actually mean you know the subject matter. See the 8 year old MCSE, or the 9 year old MCP. I'm pretty sure there are a few threads here on certs and what counts as experience in the field.
    I both agree and don't. Yes someone can be certified and be clueless, ABSOLUTELY! But, at least 80% of the RFPs I see (Gov't and private) want to see some kind of certification(s). While we may not agree with this requirement, it seems to exist more often then not rightly or wrongly. [Keep in mind this is my Canadian perspective on RFPs].

    Edit: Sorry for posting two in a row, it appears we are not longer able to delete our own posts. (Or I waited too long/not long enough to see the option).
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Member imported_blackfoot's Avatar
    Join Date
    Jun 2007
    Posts
    386

    Default discipline

    Certification is necessary both to open applications potential and also to provide a focus and framework for study.

    In my review of vacant positions I see all too often that certification is mandatory. This sometimes expresses both inability of the hiring authority to accurately define that which they want (and laziness) and also a pigeon-holing of a skill-set to a predetermined class.

    I think you would be wise to seek advice of several established HR personnel to determine goals to follow.

    As for bt, it has great potential to supply a number of elements which form the basis of part of your study and might well form a background to any important project.
    Lux sit

  7. #7
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    Thank you all for your input. As far as the certification issue, take me for example, I find out yesterday that my job allows me to take some courses on the CBK Domains from SSCP, online. So I took a few of them last night, Malicious Code first because I am familiar with it, then I stared at the first domain, access control. now outside of anything that may have been mentioned in my previous cert preps, I knew nothing about access controls. Now I do. This is the true benefit in my view, that you can take someone who doesn't know a subject and teach it to them, and have them come out on the other end, a competent professional. That's not to say that they are a master, but that they know what they are talking about.

    I see SSCP as a good choice for me as I will learn topics that will make me a better SysAdmin, and keep me away from the lofty concepts of CISSP (and I am not sitting through a four hour test).

    For the other question, any ISC2 professional can endorse you. generally, if you are taking a course, I would ask the instructor to endorse you (Spoke to one of my superiors, knows some CISSP's).
    "You're only smoke and mirrors..."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •