The Systems Security Certified Practitioner (SSCP) certification is ideal for individuals with technical skills and practical, hands-on security knowledge in operational IT roles. It validates the ability to implement, monitor, and administer IT infrastructure in line with information security policies and procedures. The SSCP covers seven domains:
- Security Operations and Administration
- Access Controls
- Risk Identification, Monitoring, and Analysis
- Incident Response and Recovery
- Network and Communications Security
- Systems and Application Security
Candidates must have at least one year of cumulative work experience in one or more of these domains, or they can become an Associate of ISC2 by passing the SSCP exam and then have two years to earn the required experience.
The SSCP exam lasts four hours, consists of 150 multiple-choice questions, and requires a passing score of 700 out of 1000 points. It’s available in several languages and can be taken at a Pearson VUE Testing Center. The weight given to each domain in the exam is as follows:
- Security Operations and Administration: 16%
- Access Controls: 15%
- Risk Identification, Monitoring, and Analysis: 15%
- Incident Response and Recovery: 14%
- Cryptography: 9%
- Network and Communications Security: 16%
- Systems and Application Security: 15%
Each domain has specific sub-topics and knowledge areas that candidates are expected to understand, such as ethical codes, authentication methods, risk management, incident response, cryptography concepts, network security, and more.
The SSCP certification is accredited and complies with ANSI/ISO/IEC Standard 17024. It undergoes regular updates through a Job Task Analysis (JTA) process to ensure it remains relevant to the roles and responsibilities of information security professionals.
Difficulty: 1 out of 5.
significant difference is the requirements for each. While Security+ is more geared towards true newcomers to the IT industry in general, the SSCP requires one year of experience (which can include schooling) in the industry. Having done both relatively close to one another, I felt the SSCP was a tad bit more technical.
Overall, I think SSCP is a good choice for a base-level cert if you’re looking to move over from the helpdesk or fresh out of school. It also makes a lot of sense if you are targeting the CISSP later on in your career.
From a federal perspective, ensure you know your target job. As some jobs may require an SSCP, and some may require the Security+.