TrainACE - IT and Cybersecurity Training Blog

There’s a gap between cybersecurity demand and the number of skilled professionals — and with more than 500,000 unfilled jobs in North America alone, it’s no surprise that 80 percent of IT professionals say the gap is getting bigger. Fast.

While frustrating for organizations, there’s an opportunity here for infosec staff: With more jobs available, they can choose the career location and track that best suits their needs and interests. The caveat? Increasing pressure on companies to ensure IT infrastructure meets both local and international compliance requirements means a growing focus on certification — hiring IT professionals that have both the work experience and recognized credentials necessary to improve overall security and reduce the risk of network compromise.

Two of the most popular security certifications include SSCP and CISSP. But which one is right for you? Should you take both? Neither? And what does the job market for trained SSCP and CISSP professionals look like in your area? Let’s dive in.

Your Local Outlook

While cybersecurity professionals are in-demand across the United States, large technology sectors — such as those in established IT communities like Silicon Valley and up-and-coming areas including Austin and the D.C., Maryland, Virginia (DMV) areas — offer the highest concentration of available infosec jobs.

For example, job-seeking firms report almost 2000 open cybersecurity positions across Maryland, while Washington D.C. is now home to a host of well-funded technology enterprises, and Virginia has established itself as a top-tier location for software development companies. While specific needs vary by industry and IT maturity, the growing tech landscape in the DMV area means that certified infosec personnel are critical to both ensure compliance and improve overall network defense.

But this growing market also means growing competition among professionals with infosec experience — top-paying positions require skills and certifications that set IT staff apart from other local applicants.

Who Needs SSCP Certification?

The Systems Security Certified Practitioner (SSCP) certification is designed for IT professionals with hands-on experience in network security and monitoring looking to upgrade their skills and improve their career potential. This course is often compared to CompTIA Security+ as it covers many of the same topics, including that SSCP certification satisfies DOD 8570 Level II requirements.

To qualify for SSCP certification, IT professionals must have at least one year of paid experience in one of seven security domains:

• Access Controls
• Analysis and Monitoring
• Cryptography
• Malicious Code
• Networks and Telecommunications
• Risk, Response and Recovery
• Security Operations and Administration

To earn SSCP certification, candidates must complete a 3-hour, 125-question multiple-choice exam with a score of 700/1000 or better. If you lack the required experience for certification you can still complete the exam and become an Associate, after which you have two years to earn the necessary experience. While SSCP training isn’t a requirement for the exam, it can help focus your study efforts and ensure you’re well-prepared for the challenge.

Understanding the CISSP Certification

Although the Certified Information Systems Security Professional (CISSP) certification is similar to the SSCP certification, it’s designed for IT pros with more in-depth and hands-on industry experience. CISSP satisfies both DOD 8570 IAT Level III and IAM Level III, making it a valuable qualification if you’re interested in a cybersecurity career with the federal government.

To qualify for CISSP certification candidates require five years of full-time paid experience across two of eight domains, which include:

• Security Risk Management
• Asset Security
• Security Architecture and Engineering
• Communication and Network Security
• Identity and Access Management
• Security Assessment and Testing
• Security Operations
• Software Development Security

CISSP training can help you prepare for the 250-question, 6-hour exam. If you don’t have the requisite work history, you can become a CISSP Associate and then upgrade when you’ve earned enough experience.

Different Tracks, Same Foundation

Both SSCP and CISSP share the same foundation: Understanding potential security threats and developing strategies to mitigate their impact across organizations. SSCP is often described as more hands-on, dealing with in-the-moment responses to emerging infosec issues. CISSP is more high-level, with a focus on creating comprehensive security programs for enterprise networks at scale.

This creates different career tracks for each certification — SSCP holders often look for work as network security engineers, systems administrators, and security consultants. Typical salaries range from $70,000 to $120,000 per year.

CISSP holders, meanwhile, often target leadership roles such as cybersecurity engineers, security operations technicians, and information security analysts, which pay anywhere from $100,000 to $150,00 per year.

Bottom line? Both of these certifications are in-demand as the number of trained infosec professionals lags behind the number of open positions. While there is no certification prerequisite for SSCP or CISSP, in-depth experience is required for both, and SSCP is often a great starting point for security-minded IT pros looking to expand their options in the DMV area.