back

Systems Security Certified Practitioner (2019)

SSCP46 H 56 M

Episodes
Episodes
  • Watch This First
    • Overview
    • Just the Basics
  • Access Controls
    • Control Access to Assets
    • Manage Identification and Authentication
    • Manage Identification and Authentication Pt.2
    • Manage Identification and Authentication Pt.3
    • Integrate Identity as a Third Party Service
    • Authorization Mechanisms
    • Authorization Mechanisms Part 2
    • Authorization Mechanisms Part 3
    • Authorization Mechanisms Part 4
    • The Identity and Access Provisioning Lifecycle
    • Access Control Attacks
    • Access Controls - Key Points
  • Security Operations & Administration
    • The ISC2 Code of Professional Ethics
    • Identify and Classify Assets
    • Asset Ownership and Privacy Protection
    • Establish Asset Handling Requirements
    • Secure Provisioning and Resource Protection
    • Databases and Data Warehouses
    • Databases and Data Warehouses Part 2
    • Foundational Security Operations Concepts
    • Determine Data Security Controls
    • Assessment, Test and Audit Strategies
    • Control Selection and System Requirments
    • Control Selection and System Requirements Part 2
    • Participate in Change Management
    • Implement Recovery Strategies
    • Implement Recovery Strategies Part 2
    • Implement Recovery Strategies Part 3
    • Implement Physical Security
    • Implement Physical Security Part 2
    • Personnel Safety and Security Concerns
    • Patch and Vulnerability Management
    • Security in the SDLC
    • Security in the SDLC Part 2
    • Security Controls in Development Environments
    • Security Operations, Administration - Key Points
  • Risk Identification, Monitoring and Analysis
    • Review of Confidentiality, Integrity, Availability
    • Evaluate and Apply Security Governance Principles
    • Determine Compliance Requirements
    • Information Security in a Global Context
    • Risk Management Concepts
    • Risk Management Concepts Part 2
    • Risk Management Concepts Part 3
    • Threat Modeling Concepts
    • Risk in the Supply Chain
    • Assessment and Testing
    • Assessment and Testing Part 2
    • Assessment and Testing Part 3
    • Logging and Monitoring
    • Logging and Monitoring Part 2
    • Risk Identification, Monitoring, Analysis Key Pnts
  • Incident Response and Recovery
    • Supporting Forensic Investigations
    • Supporting Forensic Investigations Part 2
    • Conduct Incident Management
    • Business Continuity and Disaster Recovery
    • Business Continuity and Disaster Recovery Pt.2
    • Incident Response and Recovery - Key Points
  • Cryptography
    • Cryptography... Just What Is It Anyway
    • Applied Cryptography
    • Applied Cryptography Part 2
    • Applied Cryptography Part 3
    • Applied Cryptography Part 4
    • Applied Cryptography Part 5
    • Applied Cryptography Part 6
    • Applied Cryptography Part 7
    • Applied Cryptography Part 8
    • Applied Cryptography Part 9
    • Cryptography - Key Points
  • Network and Communications Security
    • Design Principles in Network Architecture
    • Design Principles in Network Architecture Part 2
    • Design Principles in Network Architecture Part 3
    • Design Principles in Network Architecture Part 4
    • Design Principles in Network Architecture Part 5
    • Design Principles in Network Architecture Part 6
    • Design Principles in Network Architecture Part 7
    • Design Principles in Network Architecture Part 8
    • Design Principles in Network Architecture Part 9
    • Secure Network Components
    • Secure Network Components Part 2
    • Secure Network Components Part 3
    • Implement Secure Communication Channels
    • Implement Secure Communication Channels Pt.2
    • Implement Secure Communication Channels Pt.3
    • Implement Secure Communication Channels Pt.4
    • Implement Secure Communication Channels Pt.5
    • Network and Communication Security - Key Points
  • Systems and Application Security
    • Identify and Analyze Malicious Code
    • Identify and Analyze Malicious Code Part 2
    • Identify and Analyze Malicious Code Part 3
    • Endpoint Device Security
    • Endpoint Device Security Part 2
    • Cloud Computing
    • Operate and Secure Virtual Environments
    • Systems and Application Security - Key Points

Overview

8 M

  • Episode Description
  • Transcript

The Systems Security Certified Practitioner (SSCP) certification is one of the leading certifications from (ISC)2. This is a certification for hands on practitioners with the responsibility of making sure IT security concerns are addressed in an enterprise environment and is designed for IT security professionals with one or more years of field experience who are seeking to advance their career by validating their knowledge and experience. If IT security is your preferred career path, then the SSCP is a great starting point for you.

[MUSIC] Hello and welcome. So you wanna be in SSCP. Well, boy I got a show for you. You're gonna join us and go through the certification journey with our SSCP material. You're gonna wanna know a little bit about what you're going to encounter, what we're gonna do, how we're gonna do it. So I thought it would be good if we spent just a couple of minutes as we get started giving you the answers to those questions. Join me here if you will. The path to certification begins, as all good journeys do with the first of several steps. So we're on the ISC-squared website, I thought it would be good to really launch our discussion here because who better to get the information from than the people who are actually behind the certification. So if you are thinking about being and SCCP and you're not familiar with the fact that ISC-squared is a certification body behind certification. Good to know, good to be aware of the path to certification you can find at the ISC squared website and actually let me just highlight this real quick. And let me just do the following for you. Paste that in there. Let me do this that you can see, Just how big we'll make that's you can see it remains to be seen. But I'm gonna do that right now, because, there you go. That way you could see it. But if you go to that URL, you'll be able to find the information I'm looking at on the web page as we go through the highlights. What is the certification? How many years of knowledge does it encompass? How many years of experience do you need? All the stuff you wanna know. So check out that URL if you wanna follow along because that's where we are and that's what we are doing. We're talking about who really should earn the SSCP. And as you can see, there's a number of different either occupations or past times, depending on how serious you take IT, that you may wanna be involved with. Being a network security engineer, being a systems administrator or systems or security analyst, all sorts of people have the background to achieve this certification. The question is whether you do or not, and if you don't, rest assured going through our show looking at all the episode, spending time with me and my co-hosts as we talk about the topics, we'll certainly position you to be successful. But there is an experiential component I'm gonna point that out to you in just a moment and make sure that you are aware of the requirement there. So you are in IT currently, you spend time dealing with any of, or multiples of, the seven domains that the knowledge base is gonna encompass. Definitely a good opportunity for you. What are those seven domains you ask? And what to you need to know to pass the exam? Well, we could see right here, in no particular order, we'll simply go through them as listed on the website. Domain 1, we focus on access controls, how do we deal with and understand the use of access controls, both in the implementation, as well as in the theoretical, the logical design, the management, the architecture elements, and all things related to that. How do we deal within Domain 2, security operations and administration. This is the day to day moment to moment minutiae of IT administration, of IT monitoring, of IT oversight. And really all the activities that is IT professionals interested in, focus on security, we have to engage in day today. How do we deal with risk? Identifying risk, monitoring and analyzing, applying controls and countermeasures, and trying to minimize the impact of risk in the organization is the subject of Domain 3. In Domain 4 incident response and recovery. When bad things do happen because despite the best efforts they do on occasion occur. How are we going to gather ourselves up, and respond to those incidents, and ensure we understand the who, what, when, where, why, and how of exactly what went on? We're gonna deal with all that in Domain 4. Domain 5 tends to send shutters down the spines of most IT professionals. But fear not, we will make your journey through cryptography as relatively pain free and as interesting as we can. Believe it or not we do have to know about cryptography, and that can scare some people looking to certify. What am I gonna have to know? Is there a lot of math? Do I have to look at all these crazy algorithms and things that I may not have any background with? Cuz I just don't deal with cryptography on a regular basis. None of that's gonna be a problem, very little to any math at all. Yes, there are a bunch of algorithms but we're gonna break it down for you, make them relatively straightforward and easy to remember. We're gonna have some fun along the way. Networking and communication security in Domain 6. That is an area most of you probably have a background with already. Most IT professionals go through this kind of a knowledge base for this kind of an exam. Bringing to the table, knowledge from first-hand experience day-to-day in their jobs of things associated with networking and with communication security. So that's usually a comfort area for most of us, and it will certainly be treated as such here. But we're still gonna have to talk about the OSR model among other things. So obviously a little bit of theory combined with practical real world discussions about how we do things, and a little bit of older technology we just have to know about because somebody wrote a question and said you gotta know. We’ll talk about all that and hopefully, with all that you’ll certainly be able to get through that domain window trouble. And then finally, Domain 7 systems and applications security. Sounds on the surface maybe we're dealing with writing applications and things like that. Not really, although we do talk about the DSTLC, the system or software development life cycle and how we can apply that to development activities to try to formalize them and ultimately make them more secure. But we talk about things like malware and malicious code. We talk about virtualized networking and software defined networking and cloud systems and services in this domain. So a lot of stuff that may not appear on the surface based on the domain name to be there actually be important for us to consider. A lot of really interesting stuff and stuff that certainly you do wanna make sure you are familiar with. All right, with regards to how we actually get certified, I mentioned that there is an experiential component. And I'm by the way, just clicking on the numbered tiles as we go so you can easily keep up with me and see what is going on here. I'm gonna highlight the fact that we need to have, and I'm gonna bring this out and make this a little bit bigger for you. Actually, I'll just do it here, we'll just bump that up and make that just a little bit bigger, by going in right there. Let me just go down to that, and oops, sorry, go up, I should say. One more time, there we go, that's what I wanted, to change the page on me. So let's just highlight that right here, and look at that while I'm talking. To qualify for this certification, you must have, not only the ability to pass the exam, so clearly study, take the exam, be successful and pass it. But you must have at least one year of cumulative paid work experience in one or more seven domains. Now, what does that really mean? Well, that means you have to demonstrate through some sort of process of vetting and checking your references and your credentials and things like that. So you submit either a letter of reference from an employer, or you submit a CV or a document that dictates and shows your work experience. And then we can prove that through references and things like that. You'll submit that as part of the application process for taking the exam, and then afterwards what's called the vetting process actually go through and be granted the credential by ISC Squared. You have to show that you work in an area where you do things like this on a regular and consistent basis. But don't let that really scare you. Most IT professionals can easily prove that they have one or more years experience in one or more the domains that make up the SSCP, CBK. You just have to make sure that you're able to show that in document that in your resume or in your CV when you submit it. And if you're not sure about that by the way, talk to a peer or colleague that perhaps is gone through the certification process. I can show you what they did to submit and show their experience and as long as you're roughly aligned with the domain names and the kind of detail that the domain covers you should be fine a little hint for you there. If on your resume or on your list of qualifications you use the same key words that are in the domain and in the sub topics. It's really easy for someone to pick those out and see that you've done not simply IT administration, but you've actually dealt with perhaps network and communication security for the last two years. Which is a great way to show your experience, but to be more specific and use the keywords that ISC Squared may be looking for. In our show, we will go through all of the seven domains in detail. We will break them down and talk about all the subtopics that make them up. It will be very interesting and a great experience for you. And we're looking forward to spending time with you myself and my co-hosts who will be with us throughout the journey. But you gotta do one very important thing before we get started. You gotta stop watching me here and start watching me over there in the show. So get to it, I'll be waiting for you. I'll see you soon. [MUSIC]

Just you? Training a whole team? There's an ITProTV plan that fits.

With more than 4,000 hours of engaging video training for IT professionals, you'll find the courses you and your team need to stay current and get the latest certifications.