The Systems Security Certified Practitioner (SSCP) is a certification for cybersecurity practitioners tasked with monitoring information systems and reacting to security incidents. Becoming an SSCP could demonstrate to potential employers you have the technical skills to advance your cybersecurity career.
If you’d like to work hands-on with an organization’s security, becoming an SSCP could be a helpful step toward achieving your goal. It could be particularly suitable if you’ve already gained a year or two of work experience in cybersecurity or recently graduated from a cybersecurity or computer science degree program.
The SSCP is designed for security professionals that work with operational security. Here are just a few of the job titles on LinkedIn that request or require SSCP certification in Canada:
Network analyst: $74,482
Systems administrator: $77,243
Security analyst: $78,974
Threat intelligence analyst: $81,155
Systems engineer: $101,628
DevOps engineer: $100,631
Security engineer: $105,363
*Salary data represents the average Canadian salary according to Glassdoor (October 2023)
Becoming an SSCP comes with several potential benefits for the right candidate, including the possibility of a high-paying, in-demand position. By achieving SSCP status, you could also:
Learn new skills that you can use on the job
Validate your skills and commitment to cybersecurity to recruiters and hiring managers
Enhance your resume to make you more marketable
Fulfill requirements for security clearance
Gain access to a community of fellow cybersecurity professionals
Becoming an SSCP requires passing a certification exam designed to test your knowledge of seven security topics. Here’s a quick look at the SSCP exam details [1].
|Certification
|SSCP
|Cost
|US$249
|Number of questions
|125
|Types of questions
|Multiple choice
|Time to complete
|180 minutes
|Passing score
|700 out of 1000 points
|Prerequisites
|1 year cumulative work experience
|Testing locations
|Pearson VUE Testing Centers
Taking and passing the SSCP exam is an accomplishment you should feel proud of, however, it’s only the first step in the certification process. Let’s look at the four steps you must take to get fully certified.
1. Pass the certification exam: At the time of writing, you’ll need to score 700 of the available 1,000 points to pass the exam. You can take the exam up to four times in 12 months, but you must wait 30, 60, and 90 days between respective attempts.
2. Complete the endorsement process: Getting endorsed requires submitting an online application endorsed and digitally signed by another ISC2 certified professional, like a coworker or manager. If you don’t know anyone personally, ISC2 can act as an endorser. You have nine months from your exam date to complete this step.
3. Agree to the Code of Ethics: Before becoming a certified SSCP, you must commit to four canons of ethical practice. These are:
Protect society, the common good, necessary public trust and confidence, and the infrastructure
Act honourably, honestly, justly, responsibly, and legally
Provide diligent and competent service to principals
Advance and protect the profession
4. Pay the annual maintenance fee: You’ll need to pay a US$125 fee upon certification and each year on your certification anniversary [2]. If you earn additional certifications from ISC2, you only need to pay the fee once annually.
To qualify for the SSCP exam, you need at least a year of paid work experience in one more of the exam domains. This could include full or part-time work and paid or unpaid internships.
Earning a degree in cybersecurity, computer science, computer engineering, computer systems engineering, or in a related subject also satisfies the work experience requirement.
The SSCP exam covers seven topics, called domains, in cybersecurity. Each domain accounts for 10 to 16 per cent of the exam score. The domains are as follows:
Access controls
Security operations and administration
Risk identification, monitoring, and analysis
Incident response and recovery
Cryptography
Network and communications security
Systems and application security
The SSCP transitioned to a new exam outline on November 1, 2021. While the seven domains will remain the same, the domain weights will change to reflect the most important issues in cybersecurity. Incident response and recovery and security operations and administration will be weighted more heavily, while access controls and cryptography will have their weights reduced.
The best way to set yourself up for success on the SSCP exam will depend on previous experience, current knowledge, and learning style. Here are some resources that you may find helpful as you prepare.
Several companies offer training courses specifically for the SSCP exam. While you can study independently, a structured course may help ensure you cover the required exam content. Before enrolling in a course, ensure it covers the latest version of the exam outline.
Prepare for the exam at your own pace with the ISC2Systems Security Certified Practitioner (SSCP) Specialization, offered by ISC2 on Coursera. You get 120-day access to courses covering the latest exam domains and save when you bundle them together.
Taking a practice exam can help prepare you for what to expect on exam day and highlight any areas where you may need additional studying. ISC2 has a book of some 700 practice questions with explanations for purchase, but you can also find a variety of practice exams online [3].
Here are some additional tips for preparing for and taking the exam:
Give yourself adequate preparation time. Depending on what you already know, this might mean a few weeks or months.
Make flashcards to learn acronyms and port numbers.
Read each exam question more than once. You’ll have a minute and a half to answer each question within the allotted time.
Use the “Flag for review” option to flag questions you’re unsure of. You can return to them later.
Answer all the questions. There’s no penalty for incorrect answers.
The SSCP from ISC2 and the Security+ from CompTIA are common certification options for those beginning their cybersecurity career. Depending on your goals and experience, one may be a better fit than the other.
Generally speaking, if you’re working toward your first cybersecurity job and don’t have a degree or have one in an unrelated subject, the Security+ might be a better option. If you already have some experience or a cybersecurity or computer science degree, you might consider the slightly more advanced SSCP.
If you’ve already gained some experience working in cybersecurity, you might be deciding between the SSCP and the Certified Information Systems Security Professional (CISSP), both from ISC2.
In this case, which certification you choose to pursue could likely come down to your amount of experience. If you’ve already worked in cybersecurity for five or more years, it might be worthwhile to go for the CISSP, ranked among the most popular and respected credentials. Otherwise, earning SSCP status could open opportunities to build the experience needed to earn the CISSP in the future.
|Security+
|SSCP
|CISSP
|Provider
|CompTIA
|ISC2
|ISC2
|Cost
|US$392 4
|US$249 1
|US$749 5
|Number of questions
|90
|125
|100 to 150
|Types of questions
|Multiple choice and performance-based
|Multiple choice
|Multiple-choice and advanced innovative
|Test length
|90 minutes
|180 minutes
|180 minutes
|Required years of experience
|None
|1 year
|5 years
|Best for
|Entry level
|Early career
|Advanced
While not as rigorous as the more advanced CISSP exam, the SSCP exam still requires preparation for success. Training site CBT Nuggets included it as the only entry-level certification on their list of most difficult IT security certifications.
While the SSCP is an entry-level cybersecurity certification, you will need either a year of cumulative work experience or a degree in cybersecurity to qualify for certification.
Whether becoming an SSCP is worth the certification cost and preparation time will depend on your career trajectory and goals. It could be a good investment if you’re looking to advance into a technical security role in your organization or if it’s required or requested for a job you’re interested in applying for.
