CISSP-ISSMP Tips

bubble2005

Yes, I'm resurrecting a similar discussion from a few years ago

.

Can you all provide preparation tips for the ISSMP? I'm not interested in taking the CISM. Yes, I agree it is more widely known, however, I like ISC2 personally and I'm not interested in paying more AMF's, higher exam fees etc. So an employer stating "CISM preferred" doesn't hold that much weight if you have either one.Honestly, at that level, you should be able to communicate effectively to your employer/interviewer the similarities of both exams.

The resources are extremely limited for this concentration though, so what approach should I take other than having the sec mgmt exp (ie books, cbts, etc.)?

Thanks in advance,

Find more posts tagged with

Comments

TankerT

I don't have the ISSMP yet. However, I am currently on a study plan, recommended to me by a few people that have it.

Their recommendation is to use the ISACA CISM test bank, and the ISSMP CBK. They both say the exam topics are extremely similar, and that if you can pass one, you will pass the other.

So, I am hoping that the advice is sound, as that is my plan.

gespenstern

Some domains intersect with regular CISSP. I passed ISSAP last year and I didn't use any specific resources besides experience, exam outline + wikipedia and transcender CISSP questions for domains that are in ISSAP. Passed easily, overprepared.

Going to knock out ISSMP this year with similar approach. And probably ISSEP also.

bubble2005

gespenstern wrote: »

Some domains intersect with regular CISSP. I passed ISSAP last year and I didn't use any specific resources besides experience, exam outline + wikipedia and transcender CISSP questions for domains that are in ISSAP. Passed easily, overprepared.

Going to knock out ISSMP this year with similar approach. And probably ISSEP also.

Is it possible to take the ISSMP exam before having the full required mgmt experience? Does ISC2 provide you with the same length of time to get the necessary experience for the concentrations (6 years) as with the CISSP?

gespenstern

bubble2005 wrote: »

Is it possible to take the ISSMP exam before having the full required mgmt experience?

Yes. Your eligibility regarding experience is checked after you take the exam. You are required to have two years, here's a link:
https://www.isc2.org/issmp/default.aspx

To qualify for the ISSMP, you must have at least 2 years of cumulative paid, full-time professional work experience in the area of management, maintain your CISSP credential in good standing, and pass the ISSMP examination.

bubble2005

gespenstern wrote: »

Yes. Your eligibility regarding experience is checked after you take the exam. You are required to have two years, here's a link:
https://www.isc2.org/issmp/default.aspx

Right, I get that eligibility part, but what if I passed without the required experience? How much time will I be given to obtain the necessary experience for the ISSMP?

Just like how you need five years experience for the CISSP, you are given six years to complete the requirement.

gespenstern

It's pretty hard not to have 2 years of XP in at least one of ISSMP domains, not sure how you manage not to have it while having CISSP. I don't know how much time they give you to obtain this XP if you lack it, but I guess you can call them and just ask. They are usually pretty responsive as they are interested in people taking their exams:

1-866-331-4722 (in US)
1-727-785-0189 (worldwide)

bubble2005

gespenstern wrote: »

It's pretty hard not to have 2 years of XP in at least one of ISSMP domains, not sure how you manage not to have it while having CISSP. I don't know how much time they give you to obtain this XP if you lack it, but I guess you can call them and just ask. They are usually pretty responsive as they are interested in people taking their exams:

1-866-331-4722 (in US)
1-727-785-0189 (worldwide)

Lol, yeah its an awkward question but if you really think about it, an individual may have had their years of experience in Security Engineering and Network and Communications Security domains and qualified as a CISSP. In this case, that question would be important if an individual whose experience didn't cover Security and Risk Mgmt, Sec Operations (Incident Response), SW Dev Sec (SDLC) domains.

Thanks man.

gespenstern

I think you are underestimating your experience. What about contingency management then if you have security engineering experience? Whole idea of security engineering is to build dependable systems in face of malice or error or world apocalypse. Therefore you should have plenty of contingency management XP.

bubble2005

gespenstern wrote: »

I think you are underestimating your experience. What about contingency management then if you have security engineering experience? Whole idea of security engineering is to build dependable systems in face of malice or error or world apocalypse. Therefore you should have plenty of contingency management XP.

That's probably true, i just like to be spot on, but hey just like everything else, security is not simply in black white.

gespenstern

Rework and fine-tune your resume to reflect your contingency management, recall and put in security engineering projects you've done with emphasis on contingency management (design, planning, implementation, operations, etc) and you'll be fine. Simple stuff like clusters or disaster recovery planning will get the job done, I think. This is just a resume after all and I'm not even sure if they ever call or write e-mails to your managers to verify this. If they do -- make sure that your former managers remember you and your projects on this matter and that's it.

bubble2005

gespenstern wrote: »

Rework and fine-tune your resume to reflect your contingency management, recall and put in security engineering projects you've done with emphasis on contingency management (design, planning, implementation, operations, etc) and you'll be fine. Simple stuff like clusters or disaster recovery planning will get the job done, I think. This is just a resume after all and I'm not even sure if they ever call or write e-mails to your managers to verify this. If they do -- make sure that your former managers remember you and your projects on this matter and that's it.

Cool, so I'm just throwing it out there for anyone else having the same thought because others have asked me, that's why. What would happen if I sat and pass the ISSMP exam without having the 2 years of experience? What will be the next step that ISC2 will take? Will they revoke my exam, simply not grant me the credential, or place me in bad standing? I guess I'll just call them tomorrow.