Post CISSP plan (CISSP® Concentrations)

Hello Friends

I looking for some advise on regarding CISSP concentration. I currently have CISSP and CISM certifications and currently a mid-level manager in security. Which one of the concentrations do you think would be more marketable/valuable ? I was thinking about ISSAP (Architecture concentration) But not sure which one would add value or worth pursuing. Thank you

CISSP®-ISSAP®: Information Systems Security Architecture Professional
CISSP®-ISSEP®: Information Systems Security Engineering Professional
CISSP®-ISSMP®: Information Systems Security Management Professional

Find more posts tagged with

Comments

TankerT

Frankly, I don't know how marketable any of them really are. There don't seem to be many job ads calling for them.

I took the ISSMP exam, mainly because I was studying for the CISM as well. (They are quite similar.) I think that the reason that there are not a lot of people out there with the concentrations is that there isn't a large market for them.

beads

ISSAP concentrates on the five domains the ISSEP does not and is civilian orientated where as the ISSEP concentrates on US Government standards and is questionable outside of that. The ISSMP is considered to be of less value than the CISM if your actively managing a security department. I look at certs as they relate to my career. If I were actively doing security audits I would renew my CISA. If I were actively in a security management roles I would qualify and pursue the CISM.

It just looks wrong, in my opinion, to often see people with management certs with no experience in a field. Same with other specialty certs like the CISA or MCSE with no hands on experience. Its like 'wha..?' How'd you get certified without the required time or experience in the field. Common as it is I still see these resume's every week.

- b/eads

bubble2005

Its the same way how you can get a job out of school without work experience. You have to start somewhere or you will forever try to decide if the chicken came before the egg (or vice versa).

beads wrote: »

ISSAP concentrates on the five domains the ISSEP does not and is civilian orientated where as the ISSEP concentrates on US Government standards and is questionable outside of that. The ISSMP is considered to be of less value than the CISM if your actively managing a security department. I look at certs as they relate to my career. If I were actively doing security audits I would renew my CISA. If I were actively in a security management roles I would qualify and pursue the CISM.

It just looks wrong, in my opinion, to often see people with management certs with no experience in a field. Same with other specialty certs like the CISA or MCSE with no hands on experience. Its like 'wha..?' How'd you get certified without the required time or experience in the field. Common as it is I still see these resume's every week.

- b/eads

jcundiff

bubble2005 wrote: »

Its the same way how you can get a job out of school without work experience. You have to start somewhere or you will forever try to decide if the chicken came before the egg (or vice versa).

No, actually it is not! When certifications such as the CISSP have specific work/time requirements to be met before you can earn the cert, it is not the same thing as getting a job straight out of school... you went to school to learn enough to get the job. Obtaining the certification without the required time in grade is actually fraud, since you represented your self as having experience you in fact did not ...

bubble2005

jcundiff wrote: »

No, actually it is not! When certifications such as the CISSP have specific work/time requirements to be met before you can earn the cert, it is not the same thing as getting a job straight out of school... you went to school to learn enough to get the job. Obtaining the certification without the required time in grade is actually fraud, since you represented your self as having experience you in fact did not ...

You have 9 months after you pass the ISSMP exam to have the required experience or the results will be void. You also have 5 years to obtain the Cissp exam in which 2 or more domains must be met in total. One year can also be waived for obtaining credential from certain vendors. On top of that the CISSP is business and risk focused not management focused. You have several technical domains.

You can past most of these exams first then obtain the experience within the given timeframe. If you couldn't, then take it up with the vendor whose policies state otherwise. Also investigative checks are done when you attempt to get endorsed. So yes just like a job, you pass the exam first, get the XP then go for endorsement. It's done in other realms like the CPA and Law.

You jumped to the conclusion of thinking I meant to go for endorsement without the experience so that is your misunderstanding not mine.

jcundiff

Sorry I read what your reply to beads' comment "How'd you get certified without the required time or experience in the field." so based upon that part of the equation, maybe you are the one who needs to go back and re-read and get the "full manager's overview" :O

I didn't jump to conclusions, apparently you missed that statement when replying to him

You really didn't specify but made a comparison to finding a job with no experience which is not the same

bubble2005

Nabsh07 wrote: »

Hello Friends

I looking for some advise on regarding CISSP concentration. I currently have CISSP and CISM certifications and currently a mid-level manager in security. Which one of the concentrations do you think would be more marketable/valuable ? I was thinking about ISSAP (Architecture concentration) But not sure which one would add value or worth pursuing. Thank you

CISSP®-ISSAP®: Information Systems Security Architecture Professional
CISSP®-ISSEP®: Information Systems Security Engineering Professional
CISSP®-ISSMP®: Information Systems Security Management Professional

Nabsh07 the CISM is good for the role you're currently in. Since you have the Cissp and Cism, it's likely that you can meet the requirements of both AP or MP in a relatively short period. But don't let a cert define your value or worth. Only you can determine what that means. Some look at value as just money. If that's the case i would focus on mgmt entirely and increase my executive soft skills