SSCP Certification: Overview and Career Path [updated 2021]
Are you now — or want to become — an information security (InfoSec) professional and unsure what certification to pursue? Well, an option might be the Systems Security Certified Practitioner (SSCP), which validates your experience and technical skills in monitoring and managing IT infrastructure using security best practices, policies and procedures.
The SSCP could be the right credential to launch your IT security or cybersecurity profession.
The SSCP exam and certification is offered by the International Information System Security Certification Consortium, or (ISC)². It is a credential that has met ANSI/ISO/IEC Standard 17024 and is now also listed as one of the DoD Approved 8570 Baseline Certifications that allow professionals to meet the requirements for their position category or specialty and level.
As cybersecurity gets more complex, the U.S. federal government needs a qualified workforce. It has identified the need to establish minimum knowledge requirements for their resources when employed in various IT security-related positions. SSCP fulfills IA Technical (IAT) functions at levels I, II, and CSSP Infrastructure Support requirements.
So, wherever you are in the cybersecurity or InfoSec journey, to jumpstart your career or give yourself a competitive edge, you might want to think about getting SSCP certified.
What is the SSCP certification?
The (ISC)² SSCP certification is often compared to Security+, which is CompTIA’s entry-level IT security certification. Still, this credential offers an in-depth, real-world practice that can be readily applied in a professional’s day-to-day work activities and is often regarded as a great way to prepare for CISSP, a credential that suits experienced security practitioners, managers and executives.
Earning a security administration and operations certification like the SSCP is a good fit for those in roles like consultant and systems/security analyst and network security and systems engineer. It is also a great addition to the portfolio of systems and security administrators.
What experience do you need to apply for the SSCP?
SSCP targets security practitioners with at least one year of experience in one or more of the common body of knowledge (CBK) domains that (ISC)² feels are most important for aspiring IT security professionals to know. A minimum of 34 hours/week for four weeks is necessary to accrue one month of work experience or 2080 hours of part-time work. The experience requirement can also be satisfied by candidates with a bachelor’s or master’s degree from an accredited institution in a cybersecurity program to be evaluated and approved. Pre-approved degrees include computer science, computer engineering, computer systems engineering, management information systems (MIS) and information technology (IT). Qualifications are randomly checked.
Those that do not have the required work experience can still take the SSCP exam. If passed, they can earn an Associate of (ISC)2 designation; this is an alternative to normal certification processes and enables someone to have up to two years to complete the endorsement process and become SSCP certified.
A paid or unpaid internship is also acceptable to apply for the SSCP but does require the company/organization to confirm the position.
Getting SSCP certified
The first step for applicants is to gather as much information as possible on the exam by downloading the official certification web page’s free material. It is important to be familiar with the actual content of the test and its domains and all the administrative requirements to prevent any problems in getting certified.
This certification demonstrates you have familiarity with the SSCP CBK — i.e., the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals. The SSCP has recently been refreshed to better align with today’s required professional knowledge. Candidates can expect the new exam that comes effective Nov. 1, 2021, to focus on the following subject matter:
Security operations and administration (16%)
- Comply with codes of ethics
- Understand security concepts
- Identify and implement security controls
- Document and maintain functional security controls
- Participate in asset management lifecycle (hardware, software and data)
- Participate in change management lifecycle
- Participate in implementing security awareness and training (e.g., social engineering/phishing)
- Collaborate with physical security operations (e.g., data center assessment, badging
Access controls (15%)
- Implement and maintain authentication methods
- Support internetwork trust architectures
- Participate in the identity management lifecycle
- Understand and apply access controls
Risk identification, monitoring and analysis (15%)
- Understand the risk management process
- Understand legal and regulatory concerns (e.g., jurisdiction, limitations, privacy)
- Participate in security assessment and vulnerability management activities
- Operate and monitor security platforms
- Analyze monitoring results
Incident response and recovery (14%)
- Support incident lifecycle
- Understand and support forensic investigations
- Understand and support business continuity plan (BCP) and disaster recovery plan (DRP) activities
- Understand reasons and requirements for cryptography
- Apply cryptography concepts
- Understand and implement secure protocols
- Understand and support public key infrastructure (PKI) systems
Network and communications security (16%)
- Understand and apply fundamental concepts of networking
- Understand network attacks
- Manage network access controls
- Manage network security
- Operate and configure network-based security devices
- Secure wireless communications
Systems and application security (15%)
- Identify and analyze malicious code and activity
- Implement and operate endpoint device security
- Administer Mobile Device Management (MDM)
- Understand and configure cloud security
- Operate and maintain secure virtual environments
Be sure you view both the new SSCP Exam Outline and The Ultimate Guide to the SSCP to get more specifics on the broad spectrum of domains, the topics you’ll be required to master and that are included in the CBK.
This refreshed exam is available in English, Japanese and Brazilian Portuguese. The SSCP exam has a cost of $249, 230 euros or 199 pounds depending on the student’s location; additional fees include:
- Rescheduling exam: $50/35 euros/40 pounds
- Canceling exam: $100/70 euros/80 pounds
Candidates will need to sign in to their Pearson VUE account, select their preferred test location and date and pay the required fees. Pearson VUE will then transfer the information to (ISC)². A phone registration option is also available.
Participants will have three hours to complete the SSCP examination, which consists of 125 multiple-choice questions with four choices each. The test results will be released by (ISC)² via email, as real-time results may not be available. A minimum score of 700 on a 1,000-point scale signifies a passing grade. The applicant will also need to be endorsed by another (ISC)² certified professional in good standing before the cert can be awarded.
What is the best way to train for the SSCP exam?
The SSCP exam consists of experience-based questions that cannot be learned by studying alone, but there are several online resources that can help students master the content that will be tested. The (ISC)² website offers some training options, including the Official (ISC)² Training Seminars with courses offered in person or online to best suit students’ needs, schedules and learning styles.
In addition to the available (ISC)² SSCP training course, there are also many other options for self-study, from traditional textbooks and study guides to more contemporary tools, such as interactive flashcards and study apps, including The Ultimate Guide to the SSCP. See (ISC)² Self-Study Resources to find what’s right for you.
Other exam prep options include third-party vendors who use official courseware developed by (ISC)². Other reputable online training providers can help fill gaps in knowledge and address different aspects of each topic. To ensure you’re ready on the exam day, consider this short 10-item quiz and get recommendations on the next steps toward SSCP certification.
How can I earn CPEs to maintain my SSCP certification?
To maintain the SSCP credential, professionals must abide by the (ISC)² Code of Ethics and earn and register a minimum of 60 Continuing Professional Education (CPE) credits within the three-year certification cycle. Professionals will also be asked to pay an annual maintenance fee (AMF) of $125, due on the member’s start date of the certification cycle. See the (ISC)² CPE Handbook for more info.
So, how can CPEs be earned? SSCP credential holders can receive CPE credits by attending conference sessions, webinars, seminars, workshops and training courses, like those at the (ISC)2 Security Congress 2021 (Oct. 18-20, 2021). The congress allows you to earn up to 20 CPE Credits live and access 100 CPE credit opportunities for recorded sessions through Dec. 31. This is an effective way to stay abreast of the newest trends in the cyber threat landscape today and learn of best practices in incident response and handling, with the opportunity to hear from recognized expert speakers and the prospect of networking with peers in the IT security field.
Is the SSCP certification worth the effort? Salary and job outlook
The SSCP certification can help any IT practitioners expand their cybersecurity knowledge. Certified holders may progress in the career ladder, have access to promotions and higher salaries.
The SSCP certification from (ISC)2 is among the best beginner-level qualifications. It gives professionals the specialized learning and hands-on involvement needed to execute organizations’ data security approaches and techniques. Professionals with SSCP certifications might earn an average base salary of $75,000, as per PayScale, but can earn up to $114,000 depending on their position and residence.
Pursuing the SSCP
The SSCP can validate professionals’ skills in applying security policies and procedures in the administration of IT infrastructure. This credential, then, can give them the competitive edge they need to start a rewarding IT security or cybersecurity career on the right foot.