Options
CAP or ISSAP
Dear all,
Have reached that stage where I really dont need any more certs, but just to keep my mind sharp was pondering any of the above. You all probably know my work is either working purely in a Cyber Risk capacity (technical risk/controls) or working with solution architects to make sure security design is robust and assurance is being achieved (so assurance architect type of role ensuring security controls are embedded in design). Appreciate CAP is more for DOD, any value outside this? Any recommendations on either? I like the CAP syllabus but not too sure on which one to do based on my background.
As always, thoughts are highly appreciated.
Have reached that stage where I really dont need any more certs, but just to keep my mind sharp was pondering any of the above. You all probably know my work is either working purely in a Cyber Risk capacity (technical risk/controls) or working with solution architects to make sure security design is robust and assurance is being achieved (so assurance architect type of role ensuring security controls are embedded in design). Appreciate CAP is more for DOD, any value outside this? Any recommendations on either? I like the CAP syllabus but not too sure on which one to do based on my background.
As always, thoughts are highly appreciated.
AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
Comments
-
Options
JDMurray
Admin Posts: 13,026 Admin
I have always read that CAP and CISSP-ISSAP are specifically aimed at public sector agencies and are good to have together. I suppose private sector companies that work on public sector contracts (i.e., defense contractors) may value those two as well. Anything that can help a private sector company understand how the Fed/DoD works and thinks is a bonus.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
Options
scasc
Member Posts: 461 ■■■■■■■□□□
Thanks JD - pretty much rules me out in that case as my work is not really Fed/DOD based. Not even US based
. AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia... -
Options
H-bomb
Member Posts: 129 ■■■□□□□□□□
The CAP is essentially a credential demonstrating your knowledge of the Risk Management Framework (NIST SP 800-37). Unless you are working in the public sector/contractor, it may not hold much value. The ISSAP is not geared towards the public sector, however, the ISSEP is. IMO, I would go for ISSAP based on your experience. -
Optionsscasc
Member Posts: 461 ■■■■■■■□□□
Thanks for the response and letting me know.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
-
Options
E Double U
Member Posts: 2,229 ■■■■■■■■■■
I find the ISSAP syllabus to be more interesting than CAP. Since you mentioned this is nothing more than keeping your mind sharp then I guess you can simply flip a coin. Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
Optionsscasc
Member Posts: 461 ■■■■■■■□□□
Haha - true. I honestly like the CAP syllabus but have decided to focus my attention on compliance standards such as ISO 27001, NIST CSF, PCI etc. More relevant to my work to have this understanding.E Double U said:I find the ISSAP syllabus to be more interesting than CAP. Since you mentioned this is nothing more than keeping your mind sharp then I guess you can simply flip a coin.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...
