We’ve said it before so we’ll say it again – cybersecurity is a happening field, and that’s not likely to change anytime soon. If you like computers and you’re good at security, let’s talk about the Systems Security Certified Practitioner (SSP) certification.
The SSP is a certification awarded by the (ISC)² which is an international, non-profit organization. It was originally founded in 1989 as the International Information System Security Certification Consortium, Inc.
The (ISC)² offers multiple certifications including cloud security, risk management, software development and security administration. All of these certifications are recognized by national and global organizations like International Accreditation Forum (IAF), Department of Defense (DoD), American National Standards Institute (ANSI), and the International Accreditation Service (IAS).
SSCP currently has over 7,000 members both in the U.S. and internationally. According to Payscale, the average base salary for a SSCP is $78,000 per year.
What’s the difference between SSCP and CISSP?
There are many security-based IT certifications available. A very popular one also from the (ISC)² is the Certified Information Systems Security Professional (CISSP). Both exams are offered by (ISC)² and both deal with security. While there is common ground between the two, the exams are designed for different people with different purposes. Here are the highlights:
SSCP
- More for technical application of security principles
- Not entry level – but earlier career than CISSP
- 1 year of full time work required
CISSP
- Designed for business application of security principles
- Mid to senior level career
- 5 years of full time work required
If you want a more detailed breakdown of the differences, the (ISC)² blog is a great resource to learn more about these two certifications.
Who takes this exam?
The (ISC)² recognizes that the SSP is a great certification but may not be right for everyone. They list out a few different professions that would benefit from this certification:
- Network Security Engineer
- Systems Administrator
- Security Analyst
- Systems Engineer
- Security Consultant/Specialist
- Security Administrator
- Systems/Network Analyst
- Database Administrator
As mentioned, at least one year of experience in one of the domain areas is required to sit for this exam.
Exam details
The exam has 125 questions and you will have three hours to complete it. A passing score is 700 out of 1000. There are seven domains of knowledge and they’re all pretty evenly weighted (between 9-16% per domain). Here are the domains and some of the topics covered under each one:
- Security operations and administration: Ethics compliance, security control implementation, asset management lifecycle, and security training
- Access control: Authentication method knowledge, internetwork trust architecture, access control, and identity management
- Risk identification, monitoring and analysis: Risk management process, security & vulnerability assessment, platform monitoring, and results analysis
- Incident response and recovery: Incident lifecycle reporting, forensic investigation, understanding business continuity planning, and disaster recovery
- Cryptography: Cryptography reasons and requirements, concepts and implementation, and PKI systems
- Network and Communications Security: Networking fundamentals and attacks, network security, and wireless communications security
- Systems application security: Malicious code recognition, endpoint security, MDM, virtual environment operation, and security
The SSCP is a tactical, hands-on approach to systems security. If you’re the type of person who wants to be the doer when it comes to security, this might be the certification for you.