RE: Which CERT to get

["Nigel Hedges" <netethix () iprimus com au>]

Hey Jason,

The SSCP is really a subset of the CISSP. It's aimed at 2 different groups,
one with less experience and knowledge (SSCP) - and one with more (CISSP).
They are both more conceptual than technical. Whilst they do go into some
technical terms, both certifications really test you more on your ability to
understand IT Security technologies and concepts across many different parts
of the IT Security field without going into the nitty-gritty of each domain.
"2 inches deep, and 20 miles wide" so to speak. A great base in which to
delve deeper if you're job (or future job) requires it.

CISSP is arguably the current golden security certificate in the
marketplace. As always, there's a mixed motivation to do the cert - those
that do it to break in to the security field (or promotion/salary increase)
and those that do it to consolidate their knowledge.... I bring this up
because the first reason dilutes the value of a cert such as CISSP (or any
other cert for that matter). Ultimately, doing it for both reasons would be
a good idea. If you do decide to do it, I recommend the Shon Harris book
(now in 2nd ed) - CISSP Certification. 

I'm afraid neither the CISSP, CISA or even Security+ will be close to being
your silver bullet if you're after more technical skills. Perhaps you should
try SANS (sans.org) and look at the GSEC, GIAC type certifications? Even the
ethical hacking courses by Ernst&Young or similar. You have a great start
with the CCNA, perhaps you should explore the CCSP Cisco cert? That involves
VPNs, IDS, and Network Security - and may be a great option for you. 

Just as a last comment -  I don't think you are correct on the managerial
aspect, CISSP is aimed at the Security Professional although inevitably
there will be some overlap of what Security Management means. But if you
think about it, if you've been using an Enterprise AV product and used their
management administrative interface - you've already done some security
management. :) ISC2 came out with some advanced certs that stream into
architecture, engineering or management to cover those specific needs. {I'd
be interested to hear from anyone who's done any of those}

Best of luck with your decisions!

Nigel







-----Original Message-----
From: Jordan, Jason D. "Dallas" [mailto:Jason.Jordan () honeywell-tsi com] 
Sent: Wednesday, 3 December 2003 4:14 AM
To: 'security-basics () securityfocus com'
Subject: Which CERT to get

Hello List, 
   I would like to get some opinions on which cert would be better to get.
I know this has been discussed a bit here on the list, but I have a couple
specific certs I mind.  I was wanting to know which would be the better one
to pursue, the CISSP or the
SSCP?  Both are from ISC2.  I am presently trying to get into the security
field and have been told the CISSP would be the best one to get, but it
seems to be a bit more managerially focused.  I'm not really trying to be a
Security manger.  I would like
to have the more technical skills.  Is the SSCP more technical or is it
similar to the CISSP?  Any opinions and advice would be greatly appreciated.
Thanks.  

Thank You,

Dallas Jordan  MCSE, CCNA
Electronics Technician II
Honeywell Technology Solutions
1010 Bankton Drive
Hanahan, SC 29406
843-744-1221  Ext 11


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------