-ISSAP, -ISSMP, and -ISSEP Effectiveness

egrizzly · March 2021

For those of you that have studied for any of these certifications (extensions of CISSP), do you feel that the knowledge gained was worth the study time and money spent being that they all cost $2500+ to acquire the study material.

JDMurray · March 2021

Are you talking about buying (and reading) all of the publications listed in each cert's reference list?

egrizzly · March 2021

I'm talking that I don't intend on buying any of them until I kinda get a sense of how enriching the knowledge from those courses are? I guess that's why I posted here you know.

e.g. Are they badass like SANS courses, or are they....myehhhh, so so.

JDMurray · March 2021

I think we cert-holders rarely know when the certs on our resume (LinkedIn page, etc.) do us good. I've been considering the ISSMP only after completing the CISM and also because my employer would pay for it. Whether the ISSMP would ever be a tipping-point for me getting an opportunity I will likely never know unless someone told me directly.

egrizzly · March 2021

nahhh, in this case JD I'm talking specifically about quality of the knowledge gained from the study material whether you certify or not. Meaning after going through the study material can you go back to your workplace and apply it?

JDMurray · March 2021

I suppose it really depends on what you do where you work. The CISM and ISSMP material looks good for managers in strategy, architecture, and governance positions but not so useful day-to-day for us managers down in operations. The material certainly doesn't tell you how to be a manager of people or projects or budgets or things.

egrizzly · March 2021

hmmm, I hear yah there buddy.

HOWW · March 2021

I hold the ISSMP. I am studying for the ISSEP which I'm regretting. There are 150,000 CISSP members. There are only around 1,300 members for each of the concentrations. To put this in perspective there are 900,000 board certified physicians and 3,689 certified neurosurgeons in America alone.

Here are some of the things I have found to be true:

1. No updated information or materials. 15yrs old.

2. No review / practice questions to verify knowledge. (Even neurosurgeons can get test questions for their exams. ref: https://abns.org/course-catalog-2/ , https://www.thieme.com/online-products , http://www.ajnr.org/content/27/10/2228 and https://www.statpearls.com/boardreview/Neurosurgery )

3. Holders are reluctant to provide information or suggestions. I've reached out to 20+ concentration holders. I didn't find any "secrecy" with PMP, Sec+ , CISSP or CISM.

4. ISC2 doesn't care. They are making a killing on CISSP.

5. The certs are good mostly for DOD 8570 IA.

6. Most folks who hold the certs got it 10-15 years ago when the CBK was relevant and there was an interest in them. It's a lot easier to pass with a bootcamp, friends who've recently passed and a recent cbk. (*or grandfathering*).

7. ISSMP = CISM (easier and more well known) in the job market.
8. ISSAP is the hardest because of the oddly worded questions on the test.
9. ISSEP is a mess. NIST 800-160 is unreadable. The INCOSE standard it's based on is copyright and behind a paywall. The SDLC and engineering process went from 5 steps to ~30 processes with ~ 5 activities and 5 subtasks each. The IATF 3.1 (2002) is still on the reading list but was replaced by NIST 800-64 SDLC and replaced again by NIST 800-160.

10. Cost. The tests are 599$ for no reason. Test fees for board specialties for physicians (300k-1M salary) are ~1,500$ with retakes being half price at 800$ https://www.abpsus.org/initial-medical-board-certification-fees/

JDMurray · March 2021

HOWW said:

10. Cost. The tests are 599$ for no reason.

The (ISC)2 expects that employers will pay for the exam rather than individuals, so we're lucky the cost isn't higher!

HOWW · March 2021

11. Going back. The linear tests no longer allow you to flag questions and go back later. per https://www.isc2.org/Frequently-Asked-Questions

12. Trick questions. Everyone who's taken a ISC2 test knows what I mean.

13. Cost-benefit-Analysis. What other certs will provide you with equal or greater returns both educational and financial?

Aharrell · March 2021

I hold an ISSMP and a CISM. If you passed the CISM - you can pass the ISSMP. The All-in-One for the CISM with online practice questions (and management experience) will make it a cake walk.

I agree with JDMurray - neither of them helps me with day-to-day operations in my management position - but they have helped me keep a management perspective. You know, that perspective you need to use to get through the CISSP? ;-)

CISM is more recognized between the two.

egrizzly · March 2021

HOWW said:

I hold the ISSMP. I am studying for the ISSEP which I'm regretting. There are 150,000 CISSP members. There are only around 1,300 members for each of the concentrations. To put this in perspective there are 900,000 board certified physicians and 3,689 certified neurosurgeons in America alone.

Here are some of the things I have found to be true:

1. No updated information or materials. 15yrs old.

2. No review / practice questions to verify knowledge. (Even neurosurgeons can get test questions for their exams. ref: http://www.ajnr.org/content/27/10/2228 and https://www.statpearls.com/boardreview/Neurosurgery )

3. Holders are reluctant to provide information or suggestions. I've reached out to 20+ concentration holders. I didn't find any "secrecy" with PMP, Sec+ , CISSP or CISM.

4. ISC2 doesn't care. They are making a killing on CISSP.

5. The certs are good mostly for DOD 8570 IA.

6. Most folks who hold the certs got it 10-15 years ago when the CBK was relevant and there was an interest in them. It's a lot easier to pass with a bootcamp, friends who've recently passed and a recent cbk. (*or grandfathering*).

7. ISSMP = CISM (easier and more well known) in the job market.
8. ISSAP is the hardest because of the oddly worded questions on the test.
9. ISSEP is a mess. NIST 800-160 is unreadable. The INCOSE standard it's based on is copyright and behind a paywall. The SDLC and engineering process went from 5 steps to ~30 processes with ~ 5 activities and 5 subtasks each. The IATF 3.1 (2002) is still on the reading list but was replaced by NIST 800-64 SDLC and replaced again by NIST 800-160.

10. Cost. The tests are 599$ for no reason. Test fees for board specialties for physicians (300k-1M salary) are 800$ https://www.abpsus.org/initial-medical-board-certification-fees/

Thanks for the insight HOWW. I think considering an equivalent SANS course would make a more compelling impact on getting actual actionable knowledge. Even though it might be outdated, the ISSMP, ISSAP, and ISSEP all provide a good enough breakdown of the curricula

csjohnng · April 2021

Hi there,
I am a holder of ISSAP and ISSMP (I took my ISSMP together with my CISM), recently I have certified in CCISO and provisionally pass CSSLP, awaiting for ISC2's review to complete CSSLP certification.

I did not take any formal ISC2 course but just look at those reference materials or official guide/flash cards...etc ( at least I did not pay 2500+ for study material, but it did cost 2500+ for the exam fee which I have taken in ISC2, where some are sponsored by my company. some are from my own pocket).

Planning to complete ISSEP as well in the next 1-2 months (in my city/country, currently there is no "active" certified ISSEP), CSSLP + CISSP ( and my CRISC) has a lot of overlapping with ISSEP domains. So basically the knowledge is there (eg. NIST 800-160, NIST 800-30, 37 etc) and in theory I should able to just walk into the exam without further study/preparation, however, I won't do that (at least I am not taking this bet).

In my opinion, does these "certifications" itself help your job? I would say No. Certification itself is a journey to recognise your knowledge. And I would say it's another starting point of your career. (And maybe give you more respect or creditability, but you have to earn the respect and creditability by your own course of action rather than showing your certification eventually)

I certified because I think I am qualified for those domains, to me, studying the certification is a "refreshment" process (to refresh my memory) and examination is a process of testing of one's knowledge.

for the exam, I don't think those questions are "outdate" but only the "official" guide maybe outdate, therefore it will make you harder to pass the exam if you only study on the outdated study guide without actual field experience.

John

-ISSAP, -ISSMP, and -ISSEP Effectiveness

Comments