ISC2 SSCP Certification Guide

 BACKGROUND:

I took this certification exam with around 4 months of experience in Information Security and with over 2 years of general IT experience. With that said, no experience is required in order to take the exam, however 1 year of "relevant" experience is required to obtain the full certification, otherwise you will only receive the "Associate of (ISC)2" title, which can be upgraded to the full certification when the experience requirements are met. The reason I took this exam was because my current employer offers a fully free discount on (ISC)2 exams specifically. I planned on initially studying for and attempting CISSP, however I decided to take SSCP first in order to get a feel for how (ISC)2 specifically likes to word their exam questions, as all of my previous IT certifications have been through CompTIA.

EXPERIENCE:

My mindset for this exam was similar to the mindset that I had when studying for the CompTIA Security+ exam. I did not buy a book however. I passively listened but did not take notes on a SSCP Certification Course provided by Udemy, and practiced with terms using the official (ISC)2 SSCP Quizlet deck. If you already have Security+ or a similar security certification, much of the terminology will be familiar to you, however (ISC)2 just like CompTIA likes to add in their own terminology for various things that literally mean the same exact thing but with different words. I studied for about 2 weeks every other day, the 2 days before the exam I studied around 4-5 hours practicing the flashcards and taking the post-exam test on the Udemy course.

I passed the exam on the first try. As far as I know, there is no exam score for (ISC)2 exams, only a pass or fail result. 

RECOMMENDATIONS:

  • Take your time. The allotted time for the exam is 3 hours, more than enough. There are 120 questions total, I finished with about an hour left after reviewing the questions that I flagged. Make sure you read each question fully and perform process of elimination, if you have a strategy you like to follow for exams, make sure to stick to it.
  • From what I can remember there were NO questions that included paragraphs or lengthy scenarios like CompTIA's exam questions. I'd say over 75% of the questions were "What would be the FIRST thing you would do here?" or "What would be the BEST response to these circumstances?" and so on. 
  • Know (ISC)2 and their terminology. If you have taken Security+ or another certification, the test should not be too difficult, however make sure that you are aware of (ISC)2 and their choices for names of various things that you already know but just by a different name.

LINKS:


A capybara with an interest in security.

Comments

  1. AnonymousApril 29, 2024 at 6:49 PM

    Wow that’s very ambitious good work on the blog love it so far 👍🏼

    ReplyDelete

Post a Comment

Popular posts from this blog

TryHackMe CTF Walkthrough - "Simple CTF"

Image
Note: This is a reupload of a CTF walkthrough from my original website which no longer exists. Tonight I'll be providing a writeup on the TryHackMe box "Simple CTF" similar to my writeup on Blue. TryHackMe is another great and incredibly educational site dedicated to teaching learners about offensive and defensive cybersecurity. As always, it's typical to start with a basic Nmap scan.  This is one of the typical Nmap scans that I like to run on TryHackMe and HacktheBox machines. It will take longer than most scans due to the enumeration being performed by the vulnerability script. Another I will typically run is - nmap -sC -sV -A x.x.x.x This is an aggressive service scan with default scripts enabled. Here we have quite a bit of output, the bulk of it being a list of CVE's for the specific version of Apache web server running on the target machine. As we can see, Port 21 (FTP), Port 80 (HTTP), and Port 2222 (SSH) are currently open on the target machine. We can al...
Read more

Malware Overview - ZeuS

Image
 Note: This is a reupload of my writeup of the history of the ZeuS malware from my original website. INTRODUCTION:  Image Source:  https://www.bankinfosecurity.com/zeus-banking-trojan-spawn-alive-kicking-a-10471 When discussing the history of malware, you are more than likely going to hear the same few names over and over again. Conficker, Welchia, ILOVEYOU, Stuxnet, Flame, CryptoLocker, Dridex, and even newer malware like WannaCrypt0r, Emotet, and Maze.  What is left behind but stands atop the lesser remembered malware of the last fifteen years in particular is the ZeuS or Zbot Trojan and its successor, the Gameover ZeuS Trojan. This will be a historical summary of the ZeuS and Gameover ZeuS Trojans, beginning from its initial discovery and ending in the current year.  I will be using a variety of sources for my analysis. This is NOT a technical analysis of the malware, simply a historical account. I plan on writing a full technical analysis of the ZeuS and Gam...
Read more

Group Overview - Evil Corp

Image
This will be my first post in a series of posts summarizing various cyber actors, including APTs, Cybercrime outfits, and Hacktivist groups. I will be mainly discussing the history of the group and their known and documented activities throughout their existence. I plan on making additional summaries of each group that will delve further into their TTPs and other technical information to compliment this summary. The first group I will be discussing is the Evil Corp cybercrime outfit. The group is also known to many by the name INDRIK SPIDER, which was coined by the Cybersecurity company CrowdStrike. I decided to write about the Evil Corp group first due to the fact that they are still very relevant in 2020, as just a few days ago, Symantec published a report discussing a widespread attempted ransomware attack against various U.S. companies carried out by the Evil Corp group earlier this month. Evil Corp is an extremely sophisticated threat actor. They are capable of developing their ow...
Read more