Does your role or career track focus on defending against cyber attacks? The SSCP certification might suite you. It is a globally recognised cyber security training and certification that provides a benchmark in your security career. Public and private employers respect accredited certifications, especially when they are entrusting you with their most sensitive data.
Watch and listen as Lumify Work Cybersecurity Lead Jeremy Daly and Technical Instructor Terry Griffin discuss the ISC2 Systems Security Certified Practitioner (SSCP) course.
What's covered in SSCP Training?
The ISC2 Systems Security Certified Practitioner (SSCP) iis a 5-day course that helps you prepare for the SSCP certification exam. It covers seven modules: Security Operations and Administration, Access Controls and Risk identification, Monitoring, and Analysis, Incident Response and Recovery, Cryptography Network and Communications Security and Systems and Application Security. The goal is to help you validate that you have the IT security foundation to defend against cyber attacks and to give you a deeper understanding of how to implement, monitor and administer an organisation’s IT infrastructure in accordance with security policies and procedures that ensure data confidentiality, integrity and availability.
Access Cybersecurity Training Anywhere
We aim to enable you and your teams to thrive in the digital landscape of tomorrow. This means making training and certifications accessible. Enquire about our flexible delivery modalities via Lumify Anywhere. We offer cyber security training across our campuses in Australia in Sydney, Perth, Canberra, Adelaide, Brisbane, Melbourne, in BGC in the Philippines and in Christchurch, Auckland and Wellington in New Zealand.
You can find information on the cybersecurity training that we deliver - including SSCP - in partnership with the ISC2, EC-Council, ISACA and CompTIA when you access our brochure. You can also reach out to our team to discuss your cybersecurity training requirements.
Video Transcipt on SSCP Training Fireside Chat
If you found the discussion between Jeremy and Terry interesting, you can use the transcript below as a reference.
Jeremy: Welcome to another fireside chat where I'll invite our cyber security technical instructors to join me to talk about individual cyber security courses we offer through DDLS [now known as Lumify Work]. Today we're talking about ISC2 Systems Security Certified Practitioner or SSCP and joining me to discuss this course once again is Terry Griffin. Terry, thank you so much for for coming on.
Terry: Thank you Jeremy for inviting me. It's good to be here a pleasure.
Jeremy: So the SSCP, it's a five-day course. We run an exam review course. What's covered off and are those attending this course going to learn over those five days?
Terry: Well in five days we have seven domains. I'll go into each domain to a certain extent without getting too heavily into it.
We look at Security Operations and Administration, this is going into the security of your system. And some of the security operations we look at are logging in. So we're looking at these logs and extracting information out of the logs.
We go then into Access Controls and Identification and Access Management or IAM as we call it. And making sure that two-factor authentication is used for at least administrators and hopefully all users within the organisation so that we can protect against password spraying, which has been unfortunately used a number of times to attack different companies.
We look at Risk Identification, monitoring and analysis and within the risk identification. We go deeper into that with looking at a business impact analysis, an asset register to make sure we know what assets we've got so we know what to protect against as far as these risks are concerned.
And we look at Monitoring and Analysis once again with the logs and analysing those logs.
Moving on then, Incident Response and Recovery. We look at Lockheed Martin and their Cyber Kill Chain that they produced when they were hacked. They came out with the Cyber Kill Chain and published that for the world so that the world could see how Lockheed Martin themselves were at and how they would recommend defending against it. It's
becoming a a very common thread in a lot of security courses, the Lockheed Martin Cyber Kill Chain. And it's a fairly easily understood process but extremely important in understanding how it should occur. We discuss victims of ransomware and other attacks during the course and at one stage how the Cyber Kill Chain could have been used against some of these attacks.
Moving on further we look at Cryptography both asymmetric and symmetric encryption and the differences between the two and why we need both asymmetric and symmetric encryption in order to encrypt our data across the wire.
We roll that into Network and Communication Security. So symmetric encryption is used particularly for encrypting on the fly. So networking communication security such as voice over IP encryption is going to be used there with symmetric encryption.
And then we look at systems and application security particularly with application
security. We go down into the weeds looking at the Application Security with Devsecops
and other application development.
Jeremy: So a lot of content to cover in five days.
Terry: Oh, there is there's a lot of content and we don't have hands-on labs as such during the course. But what we do have in place of it - and I think the students enjoy this just as well as the hands-on labs - is we have a lot of discussions during the course and we put the students using the Zoom breakout room or the equivalent breakout room in MS Teams (I can't recall what that's called) but we put them into groups in the breakout rooms and they discuss these particular targets or opportunities among themselves and come up with responses. And then we discuss these responses back in the class effectively by putting the students in groups in the classroom and then bringing them all back together so that that they discuss uh how they would solve these problems and how it could best be done.
Jeremy: Fantastic! And so looking at the the spread of domains that are covered. The
SSCP is aimed at IT professionals who who are front line, technical professionals.
They're sort of on the tools as I would say each day, you know they, it is expected that you do have some security remit coming into this. You know what kind of professionals, what kind of roles are you seeing? Like is it a wide spread, like is it network administrators, is it security managers? Are they all sort of at that point where they're starting off in their cyber security career and they're they're really wanting to use the SSCP you know as, I guess let's call it a springboard to further their existing knowledge that they already have about security but really set them on that path.
Terry: Yeah the students who under undergo this course would probably have um already
gone through some form of Networking course such as Network+ or a a CISCO networking course course. And from there, they've moved to perhaps Security+ and then to the CCSP. That gives them an excellent grounding in pretty much any security related position within an it organisation. Programmers are covered, Network Administrators, Server Administrators are all covered here as to the best practices they should perform within the corporate system in order to keep it secure.
Jeremy: And I'll just correct you there and I know this is, these aren't scripted. So where Terry did mention the CCSP, this is the SSCP. CCSP is all about cloud and will actually be doing a chat around, you know, the ultimate acronym guide with cyber security courses. Because there's a lot of them but the CCSP uh you know is all around cloud security as well. And we will cover that off in a separate fireside chat.
But yeah, I think that that's that's very relevant, what you're saying. You know coming from that network experience. I think the CCNA actually aligns quite nicely with this as well with people with that networking experience and that sort of foundational security experience. And once someone sat the SSCP you know what what would they look at.
Next, like would they be looking to to go to more of a technical school? They look at something maybe like the Cybersecurity Analyst from CompTIA to then sort of, I guess hone their skills more around that that whole Risk and Analysis and Incident Response
Terry: Well, I've found the SSCP does give you a good launch pad to go into the Certified Cloud Security Professional which is another one I teach, which is why I tend to get the acronyms confused.
Look, it took me, it took me a couple of months to get my head around the ISC2 breakdown from International Information System Security Certification Consortium. (It took me a while to be able to say that!) But yeah, a Cyber Security Analyst would be one to follow. I think the CCSP, the Certified Cloud Security Professional, Cybersecurity Analyst, and then to top it all off the CISSP Certified Information Systems Security Professional, which is more of a management end.
But then these guys who are doing these courses are working their way upwards in the organisation until they get to be management. And if they've got a good grounding in Security then they will make the ideal CISO, which the country and companies within this country certainly need lots of because they're crying out for decent Security people at the top of these organisations to know how to protect the companies that they're working for.
Jeremy: It sounds like the SSCP is where they should start. Terry, thank you so much. We've run out of time for this chat but um really appreciate you having a chat with me today. No doubt I'll be talking to you in the future about some of our other courses including the CCSP.
Terry: Thank you so much.