BundimanBundiman Member Posts: 201
Why would I need to go further and get a ISSAP or ISSEP cert? I studied for a two weeks to prepare for the CISSP but now I am back on track for my CCIE Security. Should I take the time to get either of the ISC2 certs first?
​Bachelor of Science, IT - Security Emphasis (Start Date: Apr 1st, 2013)
​Bachelor of Science, IT - Security Emphasis (Completed: Apr 25t, 2014)


  • JDMurrayJDMurray Admin Posts: 12,868 Admin
    The CISSP-ISSEP is mostly for Federal and DoD workers that do systems security engineering and certification. The CISSP-ISSAP is for system security architects and is more industry-neutral (i.e., not for just DoD work). And just to be complete, the CISSP-ISSMP is for certifying InfoSec management skills and is similar in concept to the CISM cert. These certs are more to certify what you have already done and not where you would like to point your career in the future.
  • beadsbeads Member Posts: 1,525 ■■■■■■■■■□
    ISSAP is geared more toward the civilian side of the industry while the ISSEP is geared facing the government. So, it depends. Do you really need to prove something after the CISSP? Probably not. There are so few with either concentrations that hardly anyone recognizes them in the first place. As in most folks think its a separate unrelated exam. Currently there are 745 ISSAPs after a couple of decades? Yeah, that's a hot exam or cert, right there.

    On the other hand if your simply wanting to separate yourself from other CISSPs it may be worth the effort to do so. Overall I would put the lab hours in for the CCIE which is more more in demand overall.

    - beads
  • dijital1dijital1 Member Posts: 64 ■■□□□□□□□□
    It is true that the ISSEP is geared more towards DoD and the US government. Having said that, most of what you learn in the material is applicable to the civilian space. You learn about the process of security engineering from inception to actually certifying and accrediting the system you just built. You learn a ton about the great documentation put out by NIST which applies to the civilian space just as much as it does federal.

    The ISSAP goes deeper into the CISSP technical domains. You'll learn a bunch about the crypto, physical security how PKIs work in detail, the different types of fire suppression systems to use in data centers and why. There's lots of good information that you learn as a byproduct of preparing for those exams.

    I feel that it does also help to separate you from the large number of CISSPs. There are less than 1000 ISSEP and ISSAPs worldwide compared to what? 80k+ CISSPs? Having both certifications has helped me in my career. I plan on doing the last specialization (ISSMP) soon because the first 2 were so valuable.

    Regardless of whether you work in the defense space or not, what you learn from the specializations will make you a better consultant, security architect, penetration tester, etc...
Sign In or Register to comment.