CAP or ISSAP

scascscasc Member Posts: 460 ■■■■■■■□□□
in (ISC)²
Dear all, 

Have reached that stage where I really dont need any more certs, but just to keep my mind sharp was pondering any of the above. You all probably know my work is either working purely in a Cyber Risk capacity (technical risk/controls) or working with solution architects to make sure security design is robust and assurance is being achieved (so assurance architect type of role ensuring security controls are embedded in design). Appreciate CAP is more for DOD, any value outside this? Any recommendations on either? I like the CAP syllabus but not too sure on which one to do based on my background.

As always, thoughts are highly appreciated. 
AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
· Share on FacebookShare on Twitter

Comments

  • JDMurrayJDMurray Admin Posts: 12,963 Admin
    I have always read that CAP and CISSP-ISSAP are specifically aimed at public sector agencies and are good to have together. I suppose private sector companies that work on public sector contracts (i.e., defense contractors) may value those two as well. Anything that can help a private sector company understand how the Fed/DoD works and thinks is a bonus.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • scascscasc Member Posts: 460 ■■■■■■■□□□
    Thanks JD - pretty much rules me out in that case as my work is not really Fed/DOD based. Not even US based :).
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
    · Share on FacebookShare on Twitter
  • H-bombH-bomb Member Posts: 129 ■■■□□□□□□□
    The CAP is essentially a credential demonstrating your knowledge of the Risk Management Framework (NIST SP 800-37). Unless you are working in the public sector/contractor, it may not hold much value. The ISSAP is not geared towards the public sector, however, the ISSEP is. IMO, I would go for ISSAP based on your experience.
    · Share on FacebookShare on Twitter
  • scascscasc Member Posts: 460 ■■■■■■■□□□
    Thanks for the response and letting me know. 
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
    · Share on FacebookShare on Twitter
  • E Double UE Double U Member Posts: 2,213 ■■■■■■■■■■
    I find the ISSAP syllabus to be more interesting than CAP. Since you mentioned this is nothing more than keeping your mind sharp then I guess you can simply flip a coin.  :)
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
    · Share on FacebookShare on Twitter
  • scascscasc Member Posts: 460 ■■■■■■■□□□
    E Double U said:
    I find the ISSAP syllabus to be more interesting than CAP. Since you mentioned this is nothing more than keeping your mind sharp then I guess you can simply flip a coin.  :)
    Haha - true. I honestly like the CAP syllabus but have decided to focus my attention on compliance standards such as ISO 27001, NIST CSF, PCI etc. More relevant to my work to have this understanding. 
    AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
    · Share on FacebookShare on Twitter
Sign In or Register to comment.