- Closer Look #1: Security+
- Closer Look #2: Systems Security Certified Practitioner
- Which One Is Right for You: Security+ or SSCP? Can You Do Without Either?
Which One Is Right for You: Security+ or SSCP? Can You Do Without Either?
In general, the more precise language of the SSCP requirements, experience elements, and domains within the CBK reflect a deeper and more nuanced understanding of the field of information security than what’s reflected in the Security+ objectives. You’ll also find a detailed bibliography, sample questions, and more detailed exam information included in the SSCP candidate bulletin than you’ll find in the Security+ exam objectives. In general, IT professionals with less information security knowledge and experience should find the Security+ more approachable and less work to earn than the SSCP. On the other hand, those who do earn the SSCP may have more to show for their efforts than those who earn Security+, based on differences in the breadth and depth of coverage.
Any IT professional who’s worked for more than two years in the area of information security could skip these exams entirely, and move up a notch in the information security certification hierarchy to exams such as the (ISC)2’s CISSP (Certified Information Systems Security Professional), the ISACA CISM (Certified Information Security Manager), or any of the various SANS mid-level GIAC (Global Information Assurance Certification) credentials related to Security Administration, Security Audit, or Software Security topic areas (see this Wikipedia article for a good overview, and check the DoD Approved Baseline Certifications in the DoD8570.1 documents for specific mention of SANS, ISACA, and (ISC)2 certifications).
Based on the Information Assurance Technician (IAT) job tracks, defined as part of DoD Directive 8570.1 (which requires IT workers who work for or with the US Federal Government to obtain and maintain specific information security certifications if their job duties have a security component), the SSCP qualifies for positions at IAT Level 1 and Level 2, while Security+ qualifies only at Level 2. In addition SSCP also qualifies individuals for CND Infrastructure Support positions as well. This may make a profound difference to those whose jobs require them to earn such certification.