CISSP-ISSAP or CISM to fit with Cybersecurity Architecture job

I passed CISSP since last year and have a plan to next cert. In my list have CISM and CISSP-ISSAP are candidate to take an exam but I've limit of budget, If I wanna be Cybersecurity Architecture what cert I should take? how difficult level of ISSAP compare with CISSP?

and I wanna know pre-requirement of ISSAP and process after pass as well.

PS. I've never seen ISSAP in job's requirement before, mostly is CISSP,CISM,CISA bla bla bla

Find more posts tagged with

Comments

mattster79

I’d go down the CISM route.

E Double U

eazy502 wrote: »

If I wanna be Cybersecurity Architecture what cert I should take?

I don't think you need to take any certification to become a security architect (at least that's what the architect in my group says).

eazy502 wrote: »

and I wanna know pre-requirement of ISSAP and process after pass as well.

https://www.isc2.org/Certifications/CISSP-Concentrations. I assume the process would be similar to CISSP.

eazy502 wrote: »

PS. I've never seen ISSAP in job's requirement before, mostly is CISSP,CISM,CISA

This is exactly why I passed on the CISSP concentrations and moved on to ISACA.

gespenstern

ISSAP isn't very popular, thus, you don't see it in job descriptions often (however, there are still some).

I say it's easier than CISSP judging by the amount of knowledge required to pass, but it's harder because this knowledge is much harder to obtain. CISSP prep process was refined by the industry down to ~500 pages of info you need to cross the threshold. For ISSAP there are no good and refined prep materials.

the1picard

If I wanted a security architecture job I would probably look into a SABSA or TOGAF certification. To me the ISSAP was a more in-depth version of the CISSP but still covered much of the same materials. The domains were updated last year. I don't know if updated materials have been released yet.

The materials for the ISSAP and ISSEP are in-flux right now. The CISM was one of the easier exams for me b/c the ISACA study materials/test questions matched up closely to the exam.

fitzlopez

eazy502 wrote: »

I passed CISSP since last year and have a plan to next cert. In my list have CISM and CISSP-ISSAP are candidate to take an exam but I've limit of budget, If I wanna be Cybersecurity Architecture what cert I should take? how difficult level of ISSAP compare with CISSP?

and I wanna know pre-requirement of ISSAP and process after pass as well.

PS. I've never seen ISSAP in job's requirement before, mostly is CISSP,CISM,CISA bla bla bla

I have the ISSAP lined up for this year, so I'll get back to you in a couple of months. I did do the CISSP-ISSMP and it's easier than the CISSP.

The CISM is like a harder CISSP-ISSMP. It's a great exam but it's more for security management than architecture.

I agree with the other guys that if you have to nitpick certs it's better to go with TOGAF or SABSA. You probably won't ever find the concentrations in job postings.

moyondizvo

the1picard wrote: »

If I wanted a security architecture job I would probably look into a SABSA or TOGAF certification. To me the ISSAP was a more in-depth version of the CISSP but still covered much of the same materials. The domains were updated last year. I don't know if updated materials have been released yet.

The materials for the ISSAP and ISSEP are in-flux right now. The CISM was one of the easier exams for me b/c the ISACA study materials/test questions matched up closely to the exam.

+1 on SABSA and TOGAF.

matt18e

If you are looking for a Security Architecture certification for the Department of Defense, the ISSAP or ISSEP are the only two that will fulfill the DoD 8570 IA certification requirements for IASAE level 3. Otherwise, go for SABSA or TOGAF. I'm working in the DoD, so I'm pursuing the ISSAP.

TankerT

In the end, the question should be what aligns with what your career goals are. I hold a few certifications, to include the CISM. (And the CISSP-ISSMP.) The CISM is pretty much the same as the ISSMP. And, as such, really doesn't have much to do with Architecture. That being said, the ISSEP and ISSAP are not well recognized outside of certain industries. (Mostly DoD jobs call for those.)

I would disagree on the CISM being a harder CISSP-ISSMP. I found them to be very similar. But, that is of course opinion which will vary from person to person.

As a CIO, if you have a solid base certification (i.e CISSP), I'm going to look more at experience or training/educational courses than a certification. So, I do question if a certification is the right path to prepare you for a job. While some certs like the CISSP seem to be almost a requirement to make it past the HR filter, the others are more window dressing overall.

I don't diminish the challenge they might provide. But, in the end, what is the ROI you get?

If you are looking at the CISM, it is a well recognized certification. But it has little if anything to do with architecture so won't really prepare you for that route.

I don't disagree on the possible avenue being either SASBA and TOGAF. But, these are also not as widely recognized and are framework specific.

luisbee

@matt18e..

Congrats on the ISSAP pass. Please can you share your study journey and which texts you used for your preps.

I have started going for the cert and using the Official Study Guide / Sec Engineering by Anderson / CISSP AIO 7th Edition. However, having read many reviews of the Blue Book (Enterprise Security Architecture: A Business Driven Approach), is there anyone who has used this text and how helpful was it. If its a MUST, please can you share the text if you have it.

Thanks.

Biniks