Security Basics mailing list archives
RE: Question on Certification (SSCP or GSEC)
From: "Mark Brunner" <kohi10 () rogers com>
Date: Thu, 7 Apr 2011 19:36:36 -0400
I have had the pleasure of certifying first years ago at the SSCP level, and currently hold the CISSP certificate as well. The SSCP designation is definitely less understood, but really is an examination of depth of knowledge versus breadth of knowledge for the CISSP in my opinion. There is some subject matter overlap, however the context is the differentiator. Both will test your metal, and present you with 250 multiple guess questions come exam time. The SSCP exam expects knowledge in 7 domains, focusing on technical knowledge: - Access Controls - Security Operations and Administration - Analysis and Monitoring - Risk, Response, and Recovery - Cryptography - Networks and Telecommunications - Malicious Code I had a lot of questions regarding protocols, the OSI model, networking and communication, and routing. The CISSP exam covers 10 domains, focusing more on tactical and strategic security management: - Access Control - Application Security - Business Continuity & Disaster Recovery - Information Security & Risk Management - Operations Security - Physical Security - Security Architecture and Design - Telecom and Network Security - Regulations, Compliance - Incident Response & Investigation Much more focus on my exam on the methodologies, planning and management considerations of security. In discussions with GSEC certified colleagues they liken the content and context to that of the CISSP. There are other certifications that might be more useful to you as a developer, such as secure coder http://www.sans.org/gssp/, certified ethical hacker http://www.eccouncil.org/, etc. They may not be as widely marketable, but consider your intentions. Looking for professional improvements or another job? Just my opinion, your milage may vary. Mark Brunner Information Security Manager & IT Consultant Greater Toronto Area, Ontario Canada -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Eggleston, Mark Sent: Thursday, April 07, 2011 3:30 PM To: Mr Horse; security-basics () securityfocus com Subject: RE: Question on Certification (SSCP or GSEC) Mr. Horse, GSEC is open book and more technical; CISSP is not open book and is more managerial. If your long-term goal is to get a CISSP you might be better off getting the GSEC in the interim because: (1) it is from a different accrediting body (SANS) and shows you have diverse credentials if you later get a credential from ISC and (2) I would think it is more recognized and sought after compared to the SSCP (which is a stepping stone to the CISSP anyhow). Of course, I might be biased though. Hope this helps. Regards, Mark Eggleston, CISSP, GSEC, CHPS Manager, Security and Business Continuity -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mr Horse Sent: Wednesday, April 06, 2011 5:11 AM To: security-basics () securityfocus com Subject: Question on Certification (SSCP or GSEC) I'm a software developer with about 6 years experience, and act as the lead for application and some network security issues at my current employer. My manager wants me to a certification, and ideally I would go with the CISSP but I don't have 4 years employment experience in the information security field. As far as I can tell, my options are the GIAC GSEC and the ISC SSCP. As far as I can tell, the GSEC requires a similar level of knowledge to the CISSP, but does not have the experience requirement. The SSCP seems to have limited recognition. We will some IT security positions opening up down the line, and I am hoping to apply for one of these in the future. Can anyone suggest what might be the better certification for me to hold? Thanks ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ This message, together with any attachments, is intended only for the use of the individual or entity to which it is addressed. It may contain information that is confidential and prohibited from disclosure. If you are not the intended recipient, you are hereby notified that any dissemination or copying of this message or any attachment is strictly prohibited. If you have received this message in error, please notify the original sender immediately by telephone or by return e-mail and delete this message along with any attachments, from your computer. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Question on Certification (SSCP or GSEC) Mr Horse (Apr 07)
- RE: Question on Certification (SSCP or GSEC) Eggleston, Mark (Apr 07)
- RE: Question on Certification (SSCP or GSEC) Mark Brunner (Apr 08)
- RE: Question on Certification (SSCP or GSEC) Hung Lee (Apr 08)
- RE: Question on Certification (SSCP or GSEC) Mark Brunner (Apr 08)
- Re: Question on Certification (SSCP or GSEC) Todd Haverkos (Apr 08)
- RE: Question on Certification (SSCP or GSEC) Eggleston, Mark (Apr 07)