Cisco Certified Network Associate - Security vs. ISC2 Systems Security Certified Practitioner
The Cyber security industry is hot right now, and whether you want to go into network security, auditing, hacking, or governance etc. there are plenty of choices when it comes to degrees and certifications. Back in 2015 I earned by CCNA Security which has helped me when I was starting out in networking, although I mainly work with Palo Altos now, it still provided a great practical foundation. As you may know there are a lot of different certifications out there, I chose the SSCP because it seemed like a step above Security+ but not as deep as CISSP. In this article I will compare two of the cyber security certifications I hold and will hold to help you better weigh the pros and cons.
Now I say 'will hold' because I am not officially a SSCP yet. Although I have provisionally passed the exam as of 9/22/18, I still need to go through the endorsement process in order to prove my 1 year of experience in one of the 7 certification domains (they do wave this requirement with certain 4 year degrees). This is where ISC2 certifications differ slightly in the certification requirements from Cisco or other certs in that you also need experience, if you don't have the experience for the ISC2 cert then you can apply for an associate status until you gain the experience.
Cost
Exam pricing is about the same, however with the CCNAS requires that you first take the entry level exam of CCENT prior, therefore the Cisco exam is slightly more expensive.
For re-certification the CCNA requires you take another test of equal or higher level, where ISC2 uses a continued education credit (CPE) model. So with Cisco you could gain another CCNA level cert in say wireless to re-certify. The ISC CPE method I could see being cheap or expensive depending on how you earn the credits. In addition, the SSCP also requires a once a year membership fee so it could be considered to have an additional caveat, however the ISC membership does have a few perks from what I've read. Nevertheless, keep in mind that most classroom training for all certifications, including these two can cost in the thousands of dollars, but learning can be made drastically cheaper using self study methods.
Objectives
To me it appears that the SSCP is more focused on the theory and not on the practicality. For example the CCNAS covers actual configuration and setup of the ASA firewall series and security technologies on routers and switches. I would consider that more practical to be used on the job. Whereas the SSCP will cover a wider range of topics to create a foundation of knowledge like types of malware, incident response, and security policy. The SSCP prepares you for more of a security mindset while the CCNAS prepares you more for projects and network security roles.
Looking over the exam outlines, there is a lot more depth in the Cisco security cert vs the ISC2 cert, although the Cisco cert's depth is mainly focused on protecting the network side. After completing both certifications I would say a person who is an SSCP would be more knowledgeable in regards to the Cyber security arena, while the CCNAS will have more knowledge of knowing how a network works and how to setup certain technologies like firewall rules or site-to-site VPNs.
Syllabuses
Domain 1. Access Controls
Domain 2. Security Operations and Administration
Domain 3. Risk identification, Monitoring, and Analysis
Domain 4. Incident Response and Recovery
Domain 5. Cryptography
Domain 6. Network and Communications Security
Domain 7. Systems and Application Security
1.0 Security Concepts
2.0 Secure Access
3.0 VPN
4.0 Secure Routing and Switching
5.0 Cisco Firewall Technologies
6.0 IPS
7.0 Content and Endpoint Security
So Comparing these outlines, you can see there is a lot more depth in the Cisco exam but it's mainly network focused with 5 sections devoted to specific technologies and 2 of which are concept focused. Moving to the SSCP you can see just about every section is more concept focused with a more wide range vs. depth.
Studying/Testing
I used the official certification books for both certifications. Moreover, with the SSCP I used pluralsight for video training and on the CCNA I used free videos from youtube. All the books were pretty even, but in the CCNAS it has more network diagrams and screenshots of how to configure things in devices. The content is pretty easy to absorb as long as you apply the knowledge as you learn and stay focused.
The Cisco test I remember to be harder due to it having labs vs. only multiple choice on the ISC exam, but the SSCP's multiple choices were harder in my opinion and there's 125 of them over a 3 hour period (CCNA had about 50-60 questions with labs, multiple choice and drag/drop with like 90 minutes of time). I haven't taken the newer 210-260 of the CCNA security, but I do however have the new book so I'm able to review the new syllabus content, I'm guessing the exam is still on the more complex side like most Cisco tests.
I also found that some of the Comptia Security+ content overlapped with the SSCP objectives. I did find benefit from the Security+ video courses on pluralsight, so I feel you could possibly take Security+ and SSCP around the same time. Although I'm not too familiar with security+.
Here are the books I used:
One last thing is that the SSCP will be updating on November 1, 2018, so I don't know how relevant the current book content will be.
Pros
SSCP
Covers wide range of cyber security topics
Pushes a more security driven mindset
Requires 1 year of experience in a security role
ISC2 is prestigious organization and there's membership perks
Vendor neutral
CCNA Security
More In-depth on networking and network security
Better prepares you for actual job tasks
Can re-certify with other higher level exams (e.g. CCNP Security)
Cisco holds a large market share and is widely recognized
Covers specific hardware and use cases
Cons
The weaknesses are similar in both, either too much emphasis on a certain area (I'm looking at you Cisco) or not enough depth to really offer enough tangible practicality (SSCP). Cost is another, at $250 a pop these exams can get expensive if you don't pass the first time or if you use bootcamp training at like $2,000 each class .
In addition, SSCP isn't as recognized as it's big brother CISSP and likely not as much as CCNA either.
Overlap
Both certifications covered some of the same security topics like the CIA triad, AAA, types of firewalls and where to use them etc.
Both also covered types of network attacks, basic network topics like OSI model, and lots of cryptography (symmetric vs asymmetric, algorithms, alice & bob etc.).
Federal Jobs
Each certification meets the requirements for some Dept. of Defense cyber security jobs as well. Both meet the requirements for IAT 1 & 2, but SSCP also meets the criteria for CCSP support. so if you think you would be interested in a government cyber defense job then these would be two certs to examine.
Conclusion
Due to the availability of information, costs, and speed at which certifications can be obtained, I feel they are the best solution to mine and other peoples' needs. Therefore, I would recommend both the Systems Security Certified Practitioner and the Cisco Certified Network Associate - Security for anyone either wanting to learn more about firewalls and network security specifically (CCNAS) or someone wanting to expand their knowledge and become more well-rounded in cyber security (SSCP).
If I went back I think I would probably choose to take the SSCP first if I had the 1 year of required experience already and then the CCNAS. Cost is another factor and both of these certifications can be easily achieved with $500-1000 assuming you already have a computer and internet. Both have their strengths and weaknesses but I'm sure most people in the IT industry can find value from either one.
Good luck if you decide to roll down the certification highway and I hope this helped you in making a decision!
EDIT: As of 12/10/18 I'm officially an SSCP! Feel free to ask any questions.
Sorry I wouldn't be able to endorse you as I can't attest to your abilities. I would check within your company or with coworkers to see if they know someone. Also you can have ISC2 endorse you, but from what I've heard it will take a little longer. Lastly if you pass the test but don't have the 1 yr experience you can apply for associate of ISC2, and then get endorsed later after you gain the exp. Hope this helps. Thanks
Thanks for the info, I intend to go sscp but my issue is I need someone to endorse me. Any asssassist you can render?