CAP or ISSAP

scascscasc Member Posts: 450 ■■■■■■■□□□
Dear all, 

Have reached that stage where I really dont need any more certs, but just to keep my mind sharp was pondering any of the above. You all probably know my work is either working purely in a Cyber Risk capacity (technical risk/controls) or working with solution architects to make sure security design is robust and assurance is being achieved (so assurance architect type of role ensuring security controls are embedded in design). Appreciate CAP is more for DOD, any value outside this? Any recommendations on either? I like the CAP syllabus but not too sure on which one to do based on my background.

As always, thoughts are highly appreciated. 
MSc, BSc (Hons), C-CISO, CISSP, CCSP, CASP, CCSK, CISM, CISA, CRISC, GSTRT, GSLC, GSNA, GDSA, GCSA, GCCC, GCLD, GPCS, CEH, ECSA, CHFI, TOGAF, SABSA-SCF, CISMP

Comments

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ Linux+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,769 Admin
    I have always read that CAP and CISSP-ISSAP are specifically aimed at public sector agencies and are good to have together. I suppose private sector companies that work on public sector contracts (i.e., defense contractors) may value those two as well. Anything that can help a private sector company understand how the Fed/DoD works and thinks is a bonus.
  • scascscasc Member Posts: 450 ■■■■■■■□□□
    Thanks JD - pretty much rules me out in that case as my work is not really Fed/DOD based. Not even US based :).
    MSc, BSc (Hons), C-CISO, CISSP, CCSP, CASP, CCSK, CISM, CISA, CRISC, GSTRT, GSLC, GSNA, GDSA, GCSA, GCCC, GCLD, GPCS, CEH, ECSA, CHFI, TOGAF, SABSA-SCF, CISMP
  • H-bombH-bomb Member Posts: 129 ■■■□□□□□□□
    The CAP is essentially a credential demonstrating your knowledge of the Risk Management Framework (NIST SP 800-37). Unless you are working in the public sector/contractor, it may not hold much value. The ISSAP is not geared towards the public sector, however, the ISSEP is. IMO, I would go for ISSAP based on your experience.
  • scascscasc Member Posts: 450 ■■■■■■■□□□
    Thanks for the response and letting me know. 
    MSc, BSc (Hons), C-CISO, CISSP, CCSP, CASP, CCSK, CISM, CISA, CRISC, GSTRT, GSLC, GSNA, GDSA, GCSA, GCCC, GCLD, GPCS, CEH, ECSA, CHFI, TOGAF, SABSA-SCF, CISMP
  • E Double UE Double U Member Posts: 2,140 ■■■■■■■■■■
    I find the ISSAP syllabus to be more interesting than CAP. Since you mentioned this is nothing more than keeping your mind sharp then I guess you can simply flip a coin.  :)
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, etc.

    2022 goal(s): CRISC, land a new job

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • scascscasc Member Posts: 450 ■■■■■■■□□□
    I find the ISSAP syllabus to be more interesting than CAP. Since you mentioned this is nothing more than keeping your mind sharp then I guess you can simply flip a coin.  :)
    Haha - true. I honestly like the CAP syllabus but have decided to focus my attention on compliance standards such as ISO 27001, NIST CSF, PCI etc. More relevant to my work to have this understanding. 
    MSc, BSc (Hons), C-CISO, CISSP, CCSP, CASP, CCSK, CISM, CISA, CRISC, GSTRT, GSLC, GSNA, GDSA, GCSA, GCCC, GCLD, GPCS, CEH, ECSA, CHFI, TOGAF, SABSA-SCF, CISMP
Sign In or Register to comment.