Going after the CISSP-ISSAP

I will be right behind you, plan on taking it in 2021.

I think when I start, I am just going to fork over the 2.5k for the official ISC2 online course and study materials. ISC2 also gives you the CISSP course study materials as well. As of right now, I haven't looked into any further study material, books, 3rd party CBT.

Good Luck!

I am currently studying for the ISSAP. I am utilizing the ISC2 online self-paced training as one of my resources which was on sale a couple months back. I am targeting to sit for the exam in September.

unknown

This content has been removed.

cshkuru

I am going to have to accelerate my time table given that they announced an exam update. Now aiming for October 10, 2020.

Mike7

I am thinking of taking it end of the year. The exam update covers more current technologies.

By the way, someone recommended Security Engineering book as a study guide. The third edition is being written and PDF chapters can be downloaded from https://www.cl.cam.ac.uk/~rja14/book.html

Thanks for the resource! I have heard people supplement their studies with the SABSA book "Enterprise Security Architecture: A Business-Driven Approach" , but I could see the book you recommended helping a lot as well.

E Double U

I might join you guys in 2021. Good luck!

ecuison

Just an FYI for anyone looking to take it this year. The exam format will change as of Oct 14th 2020. So if you bought books and additional materials, schedule your exam now before the new exam format date. Good luck to everyone taking this beast! I'm scheduled for Oct 10th 2020.

Before Oct 14, 2020 Exam format
https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSAP-Exam-Outline.ashx

After Oct 14, 2020 Exam format
https://www.isc2.org//-/media/ISC2/Certifications/Exam-Outlines/CISSP-ISSAP-Exam-Outline-v0120.ashx

Thanks for the advice. Good luck on your upcoming test!

Update: I provisionally passed the ISSAP exam earlier today. I utilized the (ISC)2 self-paced online training to prepare supplemented it with the Enterprise Security Architecture: A Business-Driven Approach A Business-Driven Approach book as recommended by others.

While I felt decent walking into test center, around half-way through the exam my confidence started to drain. In my opinion, it was a very challenging exam (significantly harder than the ISSMP). Utilized just over half of the allotted 3 hour block to complete it.

Nice to get this one knocked out a couple of weeks prior to the format changing over!

@nevermore Congrats on the pass! I actually took the exam yesterday myself and am glad it's over. I went through a number of questions from the quiz engine on the cccure website along with the list of study aids I posted in the thread below.

https://community.infosecinstitute.com/discussion/comment/1178628#Comment_1178628

While I have not taken the ISSMP, I felt it was easier than the CISSP exam I took several years ago. Now it's time to get back to studying for yet another GIAC exam...

@c5rookie congrats to you as well. Good luck with your preparation on your next GIAC exam!

Congrats on the pass! @nevermore

Awesome work! Congrats! @c5rookie

Question for the both of you. How long did you study for?

@chrisone For the last few months it was pretty casual, maybe getting in a few hours per week. I really started to focus in about 2-3 weeks ago and was studying 2-3 hours each day. As a final prep, I put in a couple of 6 hours days over the weekend. IMO, definitely less prep than I used for the CISSP. I feel with the concentrations there is some degree of traditional study and prep, but there is definitely some reliance on your experience. Your mileage may vary...

I studied for about 6 weeks for the ISSAP. I went through the CISSP questions on the ccccure website and read through the ISSAP ISC2 book a couple times. Each week I was putting in about 15 hours of study time in. Looking at the exam outline for the upcoming change later this month, it looks like they just shuffled the domains around and will use the phrase "Infrastructure Security Architecture" instead of "Infrastructure Security". The weights of the domains shows some change but that just means a few more questions in this area and fewer in others.

c5rookie said:

I studied for about 6 weeks for the ISSAP. I went through the CISSP questions on the ccccure website and read through the ISSAP ISC2 book a couple times. Each week I was putting in about 15 hours of study time in. Looking at the exam outline for the upcoming change later this month, it looks like they just shuffled the domains around and will use the phrase "Infrastructure Security Architecture" instead of "Infrastructure Security". The weights of the domains shows some change but that just means a few more questions in this area and fewer in others.

Thanks for sharing your approach. Which domains did you focus on as part of the CCCure test engine? Only the ones specific?

@scasc I went through all the domains and selected 50 questions from each of the CISSP domains as a refresher. Then I focused on the ones which matched with the ISSAP domains.

Thanks for the feedback. I’m tempted to go for this but just not sure as you have to attend the testing centre with covid around etc. How did you find the exam in general?

I felt the exam was decent when it comes to testing route (aka basic) knowledge) of terminology, acronyms and topics. None of the questions were outside of the ISC2 exam objectives. So the only surprise questions were the areas that I didn't touch on during my studying. My only other experience with ISC2 exams is from the CISSP exam, and both seemed to require a solid understanding of breaking down the question and understanding the English words/grammar being used to determine what is being asked. My test center did a very good job of following COVID procedures. Seating in the lobby was spaced out more than 6 feet and they placed people at every third cube. But I'm sure each testing facility will be different.

Well done again and thanks for the info, if I decide to do I will focus on the book + ccccure website questions. Will probably try knocking out AWS Security first and then decide on this one.

fitzlopez

Passed the test Thursday, still waiting for official ISC2 notification. Apart from the sources mentioned, I also used the trial period and watched the infosec institute videos some at 1.5X/2X. A bit more questions on networking and cloud than I expected. Had to go to the test center, another couple of people taking tests about 3 places from where I was. They disinfected everything before I touched it and starting cleaning the PC after I left. Maybe bring something to clean to the locker before you put your stuff inside. Had my mask on during the test. I had forgotten about the endorsement, will have to call my old bosses letting them know they may be contacted once I get the confirmation email.

Well done, great work. I know someone who did the course with InfoSec institute but was told wasn’t great. The teacher mentioned himself he knows The powers that may be at ISC2 and even they are pushing their cloud cert more because no demand for ISSAP. As a result of not obtaining this they haven’t and won’t update book etc. Really heavily pushing CCSP. I’m interested because I am doing a lot of architecture work.

fitzlopez said: I had forgotten about the endorsement, will have to call my old bosses letting them know they may be contacted once I get the confirmation email.

When I went online to complete the endorsement application, I actually never had anyone from my current or previous job get contacted. ISC2 just reviewed my application along with my resume and processed the ISSAP. Apparently they can act as the endorser for you according to the first section listed on the endorsement page. https://www.isc2.org/Endorsement

scasc said:

Thanks for the feedback. I’m tempted to go for this but just not sure as you have to attend the testing centre with covid around etc. How did you find the exam in general?

The testing center I went to made me feel very comfortable with their safety precaution measures they had in place. They were meticulously wiping down everything and keeping physical distancing in place. Everyone had to wear masks the entire time inside the facility except for the short period of time while your picture was taken. Taking the exam with a mask on was a bit of a pain but I got through it.

Besides that I felt the exam fell inline with what any other ISC2 exam would be.

c5rookie said:

fitzlopez said: I had forgotten about the endorsement, will have to call my old bosses letting them know they may be contacted once I get the confirmation email.

When I went online to complete the endorsement application, I actually never had anyone from my current or previous job get contacted. ISC2 just reviewed my application along with my resume and processed the ISSAP. Apparently they can act as the endorser for you according to the first section listed on the endorsement page. https://www.isc2.org/Endorsement

The endorsement process was really quick. Within 6 days of provisionally passing the exam, I was officially certified.