Considering pursuing the ISSAP and looking for advice
Hey all,
I have 7 years of IT experience, 5 of it being directly related to Security/IA. I passed my CISSP November 2013 and then the CISM June 2014 and I was planning to take the CISA in December. However after some thought, I don't do much auditing work and since I am in the process of moving to accept a new job I need an exam that will offer some more flexibility as far as scheduling the exam goes.
I looked into the CISSP concentrations and the ISSAP seems to interest me the most (although I might pursue the ISSEP eventually since I work for DoD and the ISSEP would have a lot of relevance but I am waiting for updated materials to come out).
As far as the ISSAP goes I am looking for advice on how to approach the exam and any tips that might help, specifically from those who have taken it recently since the updated materials have come out. I have purchased the new edition of the ISSAP CBK and am excited to start reading it and I am also watching the ISSAP 2013 course on FedVTE for those familiar with that. I was planning to also re-read Conrad's 11th hour in an attempt to refresh on CISSP concepts as well. Any other recommendations or useful advice would be greatly appreciated, I would really like to be successful in this pursuit and to expand my knowledge as well!
As always, thanks to everyone on TE for all the help, this community has been critical in my success with the CISSP, CISM, and CCNA due to the wealth of knowledge here.
I have 7 years of IT experience, 5 of it being directly related to Security/IA. I passed my CISSP November 2013 and then the CISM June 2014 and I was planning to take the CISA in December. However after some thought, I don't do much auditing work and since I am in the process of moving to accept a new job I need an exam that will offer some more flexibility as far as scheduling the exam goes.
I looked into the CISSP concentrations and the ISSAP seems to interest me the most (although I might pursue the ISSEP eventually since I work for DoD and the ISSEP would have a lot of relevance but I am waiting for updated materials to come out).
As far as the ISSAP goes I am looking for advice on how to approach the exam and any tips that might help, specifically from those who have taken it recently since the updated materials have come out. I have purchased the new edition of the ISSAP CBK and am excited to start reading it and I am also watching the ISSAP 2013 course on FedVTE for those familiar with that. I was planning to also re-read Conrad's 11th hour in an attempt to refresh on CISSP concepts as well. Any other recommendations or useful advice would be greatly appreciated, I would really like to be successful in this pursuit and to expand my knowledge as well!
As always, thanks to everyone on TE for all the help, this community has been critical in my success with the CISSP, CISM, and CCNA due to the wealth of knowledge here.
Comments
-
GarudaMin Member Posts: 204I passed it back in May, not sure if they have released updated materials since then. I only used the official 2nd edition book. I was worried and read the book 3 times to make sure I get all contents since I read it everywhere that the book did not cover the exam materials (CIB). It's the first time I read a text book more than once too. In my opinion, the book did not cover much of the CIB. But as long as you understand the concepts and think logically, it will be fine. As you have mentioned, you have 7 years of IT experience so I am sure you will be fine with the book and course video. All I will stress is make sure to read and re-read the exam questions. The questions are in the same line as CISSP, not too deep but they are more straight forward.
-
zxbane Member Posts: 740 ■■■■□□□□□□Thanks for the feedback! I am reading the Official ISC2 Guide to the ISSAP CBK and like you I plan to re-read the book 2-3 times. As well as watching the ISSAP review videos I mentioned. I know some people have mentioned using supplemental study references such as Security Engineering books as well.\
I've seen a few people recommend reading this book when pursuing the ISSAP.
http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523 -
GarudaMin Member Posts: 204Why pay for it when you can get it for free?
Security Engineering - A Guide to Building Dependable Distributed Systems -
zxbane Member Posts: 740 ■■■■□□□□□□Thanks for the link! Did you find yourself actually using the Security Engineering book in your ISSAP pursuit?
-
GarudaMin Member Posts: 204I read it long before I decided to do ISSAP. I didn't use it for ISSAP. The book itself is excellent, it increased my understanding and knowledge in general. I recommend reading it whether it's for ISSAP or not.
-
zxbane Member Posts: 740 ■■■■□□□□□□I am almost through the first two domains. Access Control and Communications and Network Security. I am feeling pretty comfortable with the material so far but definitely plan to re-read it a second time and take notes the second time around. I am apprehensive with the next domain being Cryptography and hearing how critical that domain is to being successful, plus remembering how much of a pain it was for the CISSP.
I wish the certification had more recognition, I don't see many threads on it or much discussion regarding it on other sites either.