SSCP Training Course
A complete practitioner-depth training course covering all seven domains of the ISC2 SSCP Common Body of Knowledge (current outline effective October 1, 2025). Designed for the hands-on security administrator sitting between Security+ and CISSP - the person who implements, monitors, and administers the controls a program depends on every day. Fifty-one lessons across seven modules match the official domain weights exactly, so preparation time tracks the shape of the exam. Each lesson walks the material at the depth an SSCP is expected to reason about it on the job, not encyclopedic breadth for its own sake.
Module 1: Security Concepts and Practices 16% of exam
Foundational principles the SSCP practitioner applies every day: the C-I-A triad, non-repudiation, privacy, least privilege, accountability, segregation of duties, the layered control model (administrative, technical, physical), and how policies, standards, procedures, guidelines, and baselines interlock into a governance stack. Also covers professional ethics, compliance drivers, security awareness, change management fundamentals, and the growing operational role of algorithmic integrity and ethical AI use.
- 1.1 What the SSCP Is and Who It Is For 4 min Free preview
- 1.2 Confidentiality, Integrity, Availability and Their Neighbors 5 min π
- 1.3 Least Privilege, Need-to-Know, and Segregation of Duties 4 min π
- 1.4 Accountability, Auditability, and Traceability 4 min π
- 1.5 Control Types and Control Functions 5 min π
- 1.6 Policies, Standards, Procedures, Guidelines, and Baselines 4 min π
- 1.7 Professional Ethics and the ISC2 Code 4 min π
- 1.8 Algorithmic Integrity and Emerging Practitioner Concerns 4 min π
Module 2: Access Controls 15% of exam
The identity lifecycle, authentication factors and their combinations, single sign-on and federation, the four classical access control models (DAC, MAC, RBAC, ABAC), privileged access management, and the operational reality of managing non-human identities like service accounts and AI agents. Emphasis on the day-to-day practitioner work: provisioning, de-provisioning, entitlement review, and troubleshooting failed access decisions.
- 2.1 The Identity Lifecycle: Provisioning to De-provisioning 5 min π
- 2.2 Authentication Factors and Multi-Factor Authentication 5 min π
- 2.3 Passwords, Passphrases, and Credential Hygiene 4 min π
- 2.4 Single Sign-On, Federation, SAML, OIDC, and OAuth 5 min π
- 2.5 Access Control Models: DAC, MAC, RBAC, and ABAC 5 min π
- 2.6 Privileged Access Management (PAM) and Just-in-Time Access 5 min π
- 2.7 Service Accounts, Machine Identities, and AI Agents 4 min π
- 2.8 Troubleshooting Access Decisions and Enforcement Failures 4 min π
Module 3: Risk Identification, Monitoring, and Analysis 15% of exam
The practitioner side of risk management: identifying assets, threats, and vulnerabilities; measuring risk qualitatively and quantitatively; running vulnerability scans and penetration tests; operating a SIEM; setting sensible alert thresholds; and communicating findings to leadership in a way that gets remediation funded.
- 3.1 Risk Fundamentals: Asset, Threat, Vulnerability, Impact 4 min π
- 3.2 Qualitative and Quantitative Risk Analysis 5 min π
- 3.3 Risk Treatment Options and Risk Appetite 4 min π
- 3.4 Vulnerability Scanning and the Remediation Pipeline 5 min π
- 3.5 Penetration Testing and Red Team Exercises 4 min π
- 3.6 SIEM, Log Aggregation, and Analysis 5 min π
- 3.7 Threat Intelligence and Indicators of Compromise 4 min π
- 3.8 Monitoring Metrics and Reporting to Leadership 4 min π
Module 4: Incident Response and Recovery 14% of exam
The lifecycle from event through eradication and lessons learned, forensic evidence handling that will hold up in court, backup strategies with defensible RTO/RPO targets, business continuity and disaster recovery planning, and the specific operational muscles a practitioner needs when things go wrong at 3 a.m.
- 4.1 The Incident Response Lifecycle 5 min π
- 4.2 Event, Alert, Incident, Breach: Getting the Terms Right 3 min π
- 4.3 Forensics, Evidence Handling, and Chain of Custody 5 min π
- 4.4 Backup Strategies, RPO, and RTO 5 min π
- 4.5 Business Continuity and Disaster Recovery Planning 5 min π
- 4.6 Incident Communications, Legal, and Regulatory Coordination 4 min π
- 4.7 Lessons Learned, Plan Maintenance, and Continuous Improvement 4 min π
Module 5: Cryptography 9% of exam
The applied cryptography an SSCP is expected to reason about: symmetric versus asymmetric primitives, hashing and MACs, digital signatures, key lifecycle management, PKI and certificate operations, and the current picture on quantum-resistant algorithms. Emphasis on choosing the right primitive for the job and troubleshooting cryptographic implementations, not implementing the math from scratch.
- 5.1 Symmetric, Asymmetric, and Hybrid Cryptography 5 min π
- 5.2 Hash Functions, MACs, and Digital Signatures 5 min π
- 5.3 Key Management and the Key Lifecycle 5 min π
- 5.4 PKI, Certificates, and Certificate Lifecycle 5 min π
- 5.5 Post-Quantum Cryptography and Emerging Concerns 4 min π
Module 6: Network and Communications Security 16% of exam
The network the SSCP defends day to day: OSI and TCP/IP models mapped to real controls, secure protocols and their weaker predecessors, firewalls and IDS/IPS with their tuning realities, segmentation and micro-segmentation, VPNs, wireless security, and the zero-trust architectural shift. Tied for the largest domain by weight; requires the most breadth of any module.
- 6.1 OSI and TCP/IP Models Mapped to Security Controls 5 min π
- 6.2 Secure Protocols and Their Deprecated Ancestors 5 min π
- 6.3 Firewalls, NGFWs, WAFs, and Network Access Control 5 min π
- 6.4 IDS, IPS, NDR, and Detection Discipline 4 min π
- 6.5 Network Segmentation, VLANs, and Micro-segmentation 4 min π
- 6.6 VPNs, IPsec, and Remote Access Architectures 5 min π
- 6.7 Wireless Security: WPA3, Enterprise Authentication, and Rogue AP Detection 4 min π
- 6.8 Zero Trust and SASE: The Architectural Shift 4 min π
Module 7: Systems and Application Security 15% of exam
Securing the endpoints, servers, applications, and cloud workloads the enterprise runs. Endpoint protection evolution to EDR/XDR, malware taxonomy and defenses, secure configuration and hardening, patch management, container and cloud workload security, application security fundamentals with OWASP as anchor, and the security responsibilities that shift when workloads move to cloud providers.
- 7.1 Endpoint Protection: From Antivirus to EDR and XDR 5 min π
- 7.2 Malware Taxonomy and Modern Threats 4 min π
- 7.3 System Hardening, Baselines, and Configuration Management 5 min π
- 7.4 Patch Management and Vulnerability Remediation 4 min π
- 7.5 Application Security and the OWASP Top 10 5 min π
- 7.6 Cloud, Container, and Serverless Security 5 min π
- 7.7 Data Classification, Data Loss Prevention, and Privacy 5 min π
