Going after the CISSP-ISSAP

cshkurucshkuru Member Posts: 246 ■■■■□□□□□□
I just finished my GDSA (Defensible Security Architecture) exam and have an abundance of time on my hands at the moment so I have decided to pursue the CISSP-ISSAP.  Is anyone else going after that certification?  Any study tips? First thing I did was find the CBK again, I moved it into spreadsheet form and started gathering materials.  CBK here:  https://docs.google.com/spreadsheets/d/14rKBNxhUQfdtXwdN4Tfm5xU3ZkjL96Zh_Bu9r55JRNM/edit#gid=205339085.  My goal is to be ready to take the exam by 12/31/2020 probably schedule early 2021.

Comments

  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    edited July 2020
    I will be right behind you, plan on taking it in 2021. 

    I think when I start, I am just going to fork over the 2.5k for the official ISC2 online course and study materials. ISC2 also gives you the CISSP course study materials as well. As of right now, I haven't looked into any further study material, books, 3rd party CBT.

    Good Luck!
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • nevermorenevermore Member Posts: 39 ■■■□□□□□□□
    I am currently studying for the ISSAP.  I am utilizing the ISC2 online self-paced training as one of my resources which was on sale a couple months back.  I am targeting to sit for the exam in September.
    Obtained:
    • CISSP/ISSAP/ISSMP, CISM, GISP, CEH
    • M.S. Information Security and Assurance Norwich University
    • B.S. Cybersecurity UMUC
    In Queue: PMP, CCSP, CRISC



  • cshkurucshkuru Member Posts: 246 ■■■■□□□□□□
    I am going to have to accelerate my time table given that they announced an exam update.  Now aiming for October 10, 2020.  
  • Mike7Mike7 Member Posts: 1,107 ■■■■□□□□□□
    I am thinking of taking it end of the year. The exam update covers more current technologies. 

    By the way, someone recommended Security Engineering book as a study guide. The third edition is being written and PDF chapters can be downloaded from https://www.cl.cam.ac.uk/~rja14/book.html


  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Thanks for the resource! I have heard people supplement their studies with the SABSA book "Enterprise Security Architecture: A Business-Driven Approach"  , but I could see the book you recommended helping a lot as well. 
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • E Double UE Double U Member Posts: 2,228 ■■■■■■■■■■
    I might join you guys in 2021. Good luck!
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • ecuisonecuison Member Posts: 131 ■■■■□□□□□□
    Just an FYI for anyone looking to take it this year.  The exam format will change as of Oct 14th 2020.  So if you bought books and additional materials, schedule your exam now before the new exam format date.  Good luck to everyone taking this beast!  I'm scheduled for Oct 10th 2020.

    Before Oct 14, 2020 Exam format
    https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSAP-Exam-Outline.ashx

    After Oct 14, 2020 Exam format
    https://www.isc2.org//-/media/ISC2/Certifications/Exam-Outlines/CISSP-ISSAP-Exam-Outline-v0120.ashx
    Accomplishments: B.S. - Business (Information Management) | CISSP | CCSP | TOGAF v9.2 Certified | Security + | Network +
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Thanks for the advice. Good luck on your upcoming test!
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • nevermorenevermore Member Posts: 39 ■■■□□□□□□□
    edited September 2020
    Update:  I provisionally passed the ISSAP exam earlier today.  I utilized the (ISC)2 self-paced online training to prepare supplemented it with the Enterprise Security Architecture: A Business-Driven Approach A Business-Driven Approach book as recommended by others.

    While I felt decent walking into test center, around half-way through the exam my confidence started to drain. In my opinion, it was a very challenging exam (significantly harder than the ISSMP).  Utilized just over half of the allotted 3 hour block to complete it.

    Nice to get this one knocked out a couple of weeks prior to the format changing over!
    Obtained:
    • CISSP/ISSAP/ISSMP, CISM, GISP, CEH
    • M.S. Information Security and Assurance Norwich University
    • B.S. Cybersecurity UMUC
    In Queue: PMP, CCSP, CRISC



  • c5rookiec5rookie Member Posts: 53 ■■■□□□□□□□
    edited September 2020
    @nevermore  Congrats on the pass!   I actually took the exam yesterday myself and am glad it's over.  I went through a number of questions from the quiz engine on the cccure website along with the list of study aids I posted in the thread below.

    https://community.infosecinstitute.com/discussion/comment/1178628#Comment_1178628

    While I have not taken the ISSMP, I felt it was easier than the CISSP exam I took several years ago.  Now it's time to get back to studying for yet another GIAC exam...
  • nevermorenevermore Member Posts: 39 ■■■□□□□□□□
    @c5rookie congrats to you as well.  Good luck with your preparation on your next GIAC exam!
    Obtained:
    • CISSP/ISSAP/ISSMP, CISM, GISP, CEH
    • M.S. Information Security and Assurance Norwich University
    • B.S. Cybersecurity UMUC
    In Queue: PMP, CCSP, CRISC



  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    edited September 2020
    Congrats on the pass! @nevermore

    Awesome work! Congrats! @c5rookie

    Question for the both of you. How long did you study for?
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • nevermorenevermore Member Posts: 39 ■■■□□□□□□□
    @chrisone  For the last few months it was pretty casual, maybe getting in a few hours per week.  I really started to focus in about 2-3 weeks ago and was studying 2-3 hours each day.  As a final prep, I put in a couple of 6 hours days over the weekend.  IMO, definitely less prep than I used for the CISSP.  I feel with the concentrations there is some degree of traditional study and prep, but there is definitely some reliance on your experience. Your mileage may vary...
    Obtained:
    • CISSP/ISSAP/ISSMP, CISM, GISP, CEH
    • M.S. Information Security and Assurance Norwich University
    • B.S. Cybersecurity UMUC
    In Queue: PMP, CCSP, CRISC



  • c5rookiec5rookie Member Posts: 53 ■■■□□□□□□□
    edited October 2020
    I studied for about 6 weeks for the ISSAP.  I went through the CISSP questions on the ccccure website and read through the ISSAP ISC2 book a couple times.  Each week I was putting in about 15 hours of study time in.  Looking at the exam outline for the upcoming change later this month, it looks like they just shuffled the domains around and will use the phrase "Infrastructure Security Architecture" instead of "Infrastructure Security".  The weights of the domains shows some change but that just means a few more questions in this area and fewer in others.
  • scascscasc Member Posts: 461 ■■■■■■■□□□
    c5rookie said:
    I studied for about 6 weeks for the ISSAP.  I went through the CISSP questions on the ccccure website and read through the ISSAP ISC2 book a couple times.  Each week I was putting in about 15 hours of study time in.  Looking at the exam outline for the upcoming change later this month, it looks like they just shuffled the domains around and will use the phrase "Infrastructure Security Architecture" instead of "Infrastructure Security".  The weights of the domains shows some change but that just means a few more questions in this area and fewer in others.
    Thanks for sharing your approach. Which domains did you focus on as part of the CCCure test engine? Only the ones specific?
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • c5rookiec5rookie Member Posts: 53 ■■■□□□□□□□
    @scasc   I went through all the domains and selected 50 questions from each of the CISSP domains as a refresher.  Then I focused on the ones which matched with the ISSAP domains.

  • scascscasc Member Posts: 461 ■■■■■■■□□□
    Thanks for the feedback. I’m tempted to go for this but just not sure as you have to attend the testing centre with covid around etc. How did you find the exam in general? 
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • c5rookiec5rookie Member Posts: 53 ■■■□□□□□□□
    edited October 2020
    I felt the exam was decent when it comes to testing route (aka basic) knowledge) of terminology, acronyms and topics.  None of the questions were outside of the ISC2 exam objectives.  So the only surprise questions were the areas that I didn't touch on during my studying.  My only other experience with ISC2 exams is from the CISSP exam, and both seemed to require a solid understanding of breaking down the question and understanding the English words/grammar being used to determine what is being asked.  My test center did a very good job of following COVID procedures.  Seating in the lobby was spaced out more than 6 feet and they placed people at every third cube.  But I'm sure each testing facility will be different.
  • scascscasc Member Posts: 461 ■■■■■■■□□□
    Well done again and thanks for the info, if I decide to do I will focus on the book + ccccure website questions. Will probably try knocking out AWS Security first and then decide on this one. 
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • fitzlopezfitzlopez Member Posts: 103 ■■■□□□□□□□
    Passed the test Thursday, still waiting for official ISC2 notification. Apart from the sources mentioned, I also used the trial period and watched the infosec institute videos some at 1.5X/2X. A bit more questions on networking and cloud than I expected. Had to go to the test center, another couple of people taking tests about 3 places from where I was. They disinfected everything before I touched it and starting cleaning the PC after I left. Maybe bring something to clean to the locker before you put your stuff inside. Had my mask on during the test. I had forgotten about the endorsement, will have to call my old bosses letting them know they may be contacted once I get the confirmation email.

  • scascscasc Member Posts: 461 ■■■■■■■□□□
    Well done, great work. I know someone who did the course with InfoSec institute but was told wasn’t great. The teacher mentioned himself he knows The powers that may be at ISC2 and even they are pushing their cloud cert more because no demand for ISSAP. As a result of not obtaining this they haven’t and won’t update book etc. Really heavily pushing CCSP. I’m interested because I am doing a lot of architecture work.
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • c5rookiec5rookie Member Posts: 53 ■■■□□□□□□□
    fitzlopez said: I had forgotten about the endorsement, will have to call my old bosses letting them know they may be contacted once I get the confirmation email. 

    When I went online to complete the endorsement application, I actually never had anyone from my current or previous job get contacted.  ISC2 just reviewed my application along with my resume and processed the ISSAP.  Apparently they can act as the endorser for you according to the first section listed on the endorsement page.  https://www.isc2.org/Endorsement


  • nevermorenevermore Member Posts: 39 ■■■□□□□□□□

    scasc said:
    Thanks for the feedback. I’m tempted to go for this but just not sure as you have to attend the testing centre with covid around etc. How did you find the exam in general? 
    The testing center I went to made me feel very comfortable with their safety precaution measures they had in place.  They were meticulously wiping down everything and keeping physical distancing in place.  Everyone had to wear masks the entire time inside the facility except for the short period of time while your picture was taken.  Taking the exam with a mask on was a bit of a pain but I got through it.

    Besides that I felt the exam fell inline with what any other ISC2 exam would be.




    Obtained:
    • CISSP/ISSAP/ISSMP, CISM, GISP, CEH
    • M.S. Information Security and Assurance Norwich University
    • B.S. Cybersecurity UMUC
    In Queue: PMP, CCSP, CRISC



  • nevermorenevermore Member Posts: 39 ■■■□□□□□□□
    c5rookie said:
    fitzlopez said: I had forgotten about the endorsement, will have to call my old bosses letting them know they may be contacted once I get the confirmation email. 

    When I went online to complete the endorsement application, I actually never had anyone from my current or previous job get contacted.  ISC2 just reviewed my application along with my resume and processed the ISSAP.  Apparently they can act as the endorser for you according to the first section listed on the endorsement page.  https://www.isc2.org/Endorsement



    The endorsement process was really quick.  Within 6 days of provisionally passing the exam, I was officially certified. 


    Obtained:
    • CISSP/ISSAP/ISSMP, CISM, GISP, CEH
    • M.S. Information Security and Assurance Norwich University
    • B.S. Cybersecurity UMUC
    In Queue: PMP, CCSP, CRISC



  • scascscasc Member Posts: 461 ■■■■■■■□□□
    nevermore said:

    scasc said:
    Thanks for the feedback. I’m tempted to go for this but just not sure as you have to attend the testing centre with covid around etc. How did you find the exam in general? 
    The testing center I went to made me feel very comfortable with their safety precaution measures they had in place.  They were meticulously wiping down everything and keeping physical distancing in place.  Everyone had to wear masks the entire time inside the facility except for the short period of time while your picture was taken.  Taking the exam with a mask on was a bit of a pain but I got through it.

    Besides that I felt the exam fell inline with what any other ISC2 exam would be.

    Thanks for letting me know. I guess I’m more concerned owing to the fact I have a young family and I fall under the vulnerable category with the asthma I have. Let’s see what happens. I can look to start preparing soon with a view to perhaps going for exam end of year.



    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    edited January 2021
    I need this cert to maintain my GIAC GREM qualification, which was a tough certification to obtain the first time. Forgive my ignorance, but whats the difference between the CISSP CAT Exam and the CISSP Linear EXAMS? other than length of time and number of question involved? I guess I answered my own question, if you can't read and write English, you get the longer test.

    Still searching for the corner in a round room.
Sign In or Register to comment.