Should you take the CCSP/SSCP before the CISSP? [updated 2022]
With the number of information security certifications seemingly growing by the day, some in information security are starting to wonder whether there are any specific benefits to be had by earning the common certifications for this career track in a certain order. Those focusing on systems security (including Cloud) may be asking themselves the optimal order in which to earn the Systems Security Certified Practitioner (SSCP), Certified Cloud Security Professional (CCSP) and the Certified Information Systems Security Professional (CISSP).
FREE role-guided training plans
SSCP
Released by (ISC)², the Systems Security Certified Practitioner (SSCP) is intended for those working in systems and network security who develop information security standards, policies and procedures, and who manage hardware and software implementation for an organization. The SSCP is fairly broad, as it covers seven domains of knowledge. Below is a list of these domains and their respective exam content weights:
- Domain 1 - Security operations and administration (16%)
- Domain 2 - Access controls (15%)
- Domain 3 - Risk identification, monitoring and analysis (15%)
- Domain 4 - Incident response and recovery (14%)
- Domain 5 - Cryptography (9%)
- Domain 6 - Network and communications security (16%)
- Domain 7 - System and application security (15%)
SSCP requirements
Candidates for this certification have several options to meet the experience requirement. SSCP candidates must have either one year of paid work experience minimum in one of the seven knowledge domains covered by the certification exam. Or they may be granted a one-year prerequisite pathway for earning either a bachelor’s or master’s degree in cybersecurity.
Another possible option is that if candidates do not have the work experience or prerequisite pathway, they can earn an Associate of (ISC)² by passing the SSCP certification exam and have two years to earn one year of experience. Those that pass the exam will have to find another (ISC)²-certified professional and obtain an endorsement from them.
SSCP exam information
- Number of questions: 150
- Length of exam: 4 hours
- Exam question format: Multiple-choice
- Passing score: 700 (out of 1000 possible)
Please note that effective November 1, 2021, the following SSCP exam outline applies.
CCSP
This certification, also hosted by (ISC)², is a vendor-neutral approach to broad cloud security knowledge, including practices, principles, cloud platforms and technologies. Intended for experienced professionals in cloud security, this certification exam covers six CSSP domains of knowledge (along with their respective exam content weights):
- Domain 1 - Cloud concepts, architecture, and design (17%)
- Domain 2 - Cloud data security (20%)
- Domain 3 - Cloud platform and infrastructure security (17%)
- Domain 4 - Cloud application security (17%)
- Domain 5 - Cloud security operations (16%)
- Domain 6 - Legal, risk and compliance (13%)
CCSP requirements
Candidates for the Certified Cloud Security Professional (CCSP) certification must have five years of paid work experience in information technology, with three years being in information security and one year in at least one of the domains of knowledge this certification exam covers. CCSP candidates also can go for the Associate of (ISC)² if they do not meet the experience requirement.
Paid internships and part-time work qualify for your work experience. This certification also requires an endorsement from an (ISC)²-certified professional.
CCSP exam information
- Number of questions: 125
- Length of exam: 3 hours
- Exam question format: Multiple-choice
- Passing score: 700 (out of 1000 possible)
CISSP
Last is another (ISC)² certification — the Certified Information Systems Security Professional (CISSP). This certification is intended for seasoned information security professionals and is highly sought after by organizations looking to take their information security to the next level.
You must pass a longer certification exam than the others explored above to earn this certification. It covers eight domains of knowledge:
- Security and risk management
- Asset security
- Security architecture and engineering
- Communication and network security
- Identity and access management (IAM)
- Security assessment and testing
- Security operations
- Software development security
CISSP requirements
The requirements for CISSP are steeper than the certifications above. CISSP candidates must have at least five years of paid, cumulative work experience in at least two of CISSP’s knowledge domains. Those with a four-year college degree, or another (ISC)² certification from an approved list, can subtract one year of work experience from that requirement. There is also the option to earn an Associate of (ISC)², at which point the candidate would have six years to satisfy the experience requirement.
CISSP exam information
- Number of questions: 100-150
- Length of exam: 3 hours
- Exam question format: Multiple-choice and advanced innovative questions
- Passing score: 700 (out of 1000 possible)
For more on the CISSP certification, view our CISSP hub.
Recommendations
This article will forward two recommendations, one general and the other situation-specific.
General recommendation
As you can see from the exam requirements above, SSCP is an entry-level certification that requires one year of paid work experience. In contrast, both CCSP and CISSP require at least five years of paid work experience, so it should be no surprise that you should earn SSCP first if you want to earn all three certifications. CISSP should be earned last by at least 95% of those seeking these certifications.
Situation-specific recommendation
The proverbial “odd man out” in this progression of certifications is CCSP. While the other two certifications focus on system and network information security, CCSP is unique because it focuses on cloud-based security.
You need to ask yourself whether you want to become certified in cloud-based security. If you do, I would say to either take CCSP before CISSP or concurrently if you think you can handle the workload.
The first choice would be ideal, as there is a slightly less strict experience requirement for CCSP, leaving candidates with the time to prepare for the CCSP certification exam before they are qualified to take the CISSP exam. Of course, if you have earned a four-year degree, you will be ready to take the CCSP and CISSP simultaneously, at which point you can decide for yourself which certification you want to earn first.
FREE role-guided training plans
Pursuing the right certification
SSCP, CCSP and CISSP are highly respected information security certifications that can help information security professionals reach new heights in their careers. Before you begin to prepare for these exams, it is essential to realize that they apply to different points in their career and will have to adjust their timetable for earning these certifications accordingly.
Sources
In this Series
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
- I failed my CREST Certified Infrastructure Tester exam: Here’s my story
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity