Brandon Little

The (ISC)2 SSCP Exam was the first cybersecurity exam I have ever taken, and I would like to share my review and study process. In September 2019, I accepted the opportunity to transition from a project manager role to a role as an information security officer within my company. Although I have several years of experience leading IT projects and doing certain security functions, I have never had the opportunity to work in a security role full time. Anyone working in cybersecurity knows there is a major shortage of talented workforce, so many companies and hiring managers are relaxing their requirements and providing training to the right person upon hiring. I was one of these people who benefited from this shortage.

I started out on a temporary assignment from a different organization, and over the course of a year it became clear this was a mutually beneficial arrangement. Consequently, myself and the manager both wanted me to stay past my end date, so he initiated the process to make me a full-time member of his team. The process wasn’t hard except a bit of paperwork and waiting. Almost immediately upon hiring, my manager ask me to look at different types of training to help bring me up to speed on few items.

I looked at a number of certification paths to help me get my feet wet and get a cybersecurity credential attached to my name. After a few weeks of researching and deciding, I chose to pursue the Systems Security Certified Practitioner exam. I am proud to say that on July 14, 2021, I sat for and provisionally passed the (ISC)² System Security Certified Practitioner (SSCP)exam.

What Is The SSCP Exam

The Systems Security Certified Practitioner exam is an intermediate cybersecurity exam by the International Information System Security Certification Consortium, abbreviated (ISC)². The SSCP is a globally recognized advanced security administration and operations certification, which demonstrates you have the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures. The SSCP is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization’s critical assets, including those in the following positions:

• Network Security Engineer
• Systems Administrator
• Security Analyst
• Systems Engineer

• Security Consultant/Specialist
• Security Administrator
• Systems/network Analyst
• Database Administrator

Those who are pursuing the elite certification of Certified Information Systems Security Professional (CISSP) will often use the SSCP as a steppingstone. I cannot confirm this number, but some sources say the SSCP covers roughly half the content as the CISSP. This was my primary driver for obtaining the SSCP. My plan is to obtain the CISSP once I meet the experience requirements.

SSCP Study Materials

When looking for the right training program and materials I was at a slight disadvantage compared most. The organization I work for does not pay for certification exams. They will provide you with all the training you need, and offers a robust online training program, but when it comes to exams they will not pay. Their archaic fear is people will leave after they better themselves and makes themselves more marketable. I don’t see the logic in that, but I will save that rant for later. Therefore, I had to find a training provider who’s price included an exam voucher. This proved to be a lot more elusive than I originally thought because I was also limited on the cost of the training. Finally, I found the provider that met all of my needs.

Learning Tree

The SSCP Exam prep class by Learning Tree is an Official (ISC)² training program which is five (5) days of live instruction focused on helping you pass the exam. The course includes the Official (ISC)² SSCP Student Guide, headphones with a mic, practice exams, and, most importantly, an exam voucher. Additionally, you gain one-on-one access with the instructor for a limited amount of time after training. So, if you are struggling with any areas or need additional assistance, there is someone there to help you. Upon completing the course, you will learn how to:

• Prepare for and pass the SSCP Exam
• Implement authentication mechanisms
• Document and operate security controls
• Perform security assessment activities
• Understand security issues related to networks

Learning Tree follows the (ISC)² official exam outline which details seven different domains in the cybersecurity realm, which help the candidate in understanding what will be on the exam and what kind of questions they may see. I found this very helpful as it provides a breakdown of the topics, and they go in depth to cover what you need to know. Here are the seven domains:

• Access Controls
• Security Operations and Administration
• Risk Identification, Monitoring, and Analysis
• Incident Response and Recovery
• Cryptography
• Networks and Communication Security
• Systems and Application Security

My overall learning experience with Learning Tree was very positive, and I look forward to working with them again for my next cybersecurity certification

SSCP Books and Practice Exams Review

SSCP: Systems Security Certified Professional Exam Guide

Aside from the Official (ISC)2 Student Guide, I used the SSCP: Systems Security Certified Professional Exam Guide by Darrell Gibson as my primary book of study. The author breaks the domains down into individual sections with more focused explanations than the Student Guide, and keeps it to a language that’s easy to understand by a non-technical or semi-technical audience. The book is full of Exam Tips, good-to-know tips, and exam strategies that can help you to pass the exam with ease.

The book divides topics into 14 chapters that cover the seven domains with extra chapters to cover security fundamentals and malicious code. Here are the chapters by what they cover:

1. Security Fundamentals
2. Access Controls
3. Basic Networking and Communication
4. Advanced Networking and Communication
5. Attacks
6. Malicious Code and Activity
7. Risk, Response, and Recovery
8. Monitoring and Analysis
9. Controls and Countermeasures
10. Auditing and Management Processes
11. Security Operations
12. Security Administration and Planning
13. Legal Issues
14. Cryptography

Systems Security Certified Practitioner Official Practice Tests

The final book I used was the (ISC)2 Systems Security Certified Practitioner Official Practice Tests. The practice test book is intended to be used in conjunction with the official student guide. I found it to be very well suited to compliment the SSCP book written by Darrel Gibson described above. The practice test book covers all seven of the domains in detail. The questions are broken down into each domain and the final chapters, 8 & 9, are two full scale practice tests.

These tests are meant to be taken for time without looking at the answers. This is to help simulate the actual test you will be taking, and you should follow the exam taking rules when doing these. The chapters are broken down as follows:

• Chapter 1: Access Controls (Domain 1)
• Chapter 2: Security Operations and Administration (Domain 2)
• Chapter 3: Risk Identification, Monitoring, and Analysis (Domain 3)
• Chapter 4: Incident Response and Recovery (Domain 4)
• Chapter 5: Cryptography (Domain 5)
• Chapter 6: Network and Communication Security (Domain 6)
• Chapter 7: System and Application Security (Domain 7)
• Chapter 8: Practice Test 1
• Chapter 9: Practice Test 2
• Appendix: Answers and Review Questions

Final Thoughts On The SSCP Exam Review

The SSCP Exam is an excellent place to kick off your cybersecurity career. The exam covers operational topics each up and coming professional will need. The skills I learned in studying for this exam helped my to secure my own web server. This served as a launch pad to start my blog and do all the security configurations myself.