topic Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification in Exams

Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

AndreaMoore — Tue, 24 Oct 2023 00:00:00 GMT

ISC2 has introduced an additional path to earning

the ISSAP, ISSEP and ISSMP certifications. This new path removes the CISSP as a requirement, while recognizing seven years of relevant experience as a qualifying factor in earning the ISSAP, ISSEP or ISSMP.

There are now two ways to earn and maintain these specialized, role-based certifications. Learn more at ISC2 Insights: https://www.isc2.org/Insights/2023/10/Additional-Non-CISSP-Path-to-ISSAP-ISSEP-and-ISSMP-Certification

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

Early_Adopter — Tue, 24 Oct 2023 00:13:19 GMT

These were CISSP concentrations, not standalone certifications. I don’t have any particular interest in them however ISC2 seems to be playing fast and loose with its previously winning formula. Interested in what CISSP concentration holders feel about this?

On a side note will ISC2 publish new study materials for its newly minted surprise Certifications?

Thanks.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

gidyn — Tue, 24 Oct 2023 06:31:59 GMT

This concentration holder hopes that it will breathe some life into them.

When will CPE guidance be issued? The handbook and member dashboard still tie them to the corresponding CISSP CPEs.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

Steve-Wilme — Tue, 24 Oct 2023 09:16:16 GMT

The slightly comic thing is that at least in the case of the ISSMP there is an overlap with the CISSP anyway. It's in a little more depth, but not hugely so. I can't see employers insisting on the 'concentrations'. I'd rather more expect them to ask for many more years practical work experience.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

dcontesti — Tue, 24 Oct 2023 17:11:08 GMT

@Steve-Wilme is correct, the ISSMP and the ISSAP are really "subsets" of the CISSP that are more in-depth.

One must note that of the thirteen board members only two of them carry any if these concentrations, the other eleven are CISSPs only. And none of them carry the ISSEP

The concentrations were developed to assist with the ADVANCEMENT of the CISSP.....similar to other certifications, that have a Master level cert.

They never caught on as Management never really "sold" them...

I see the experience level for these certs now being seven years? Why would I then get one of them instead of the CISSP???

my thoughts on a rainy Tuesday.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

gidyn — Tue, 24 Oct 2023 16:33:11 GMT

I found my concentration (ISSAP) to be much more in-depth than what CISSP requires.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

tldutton — Tue, 24 Oct 2023 17:43:36 GMT

Once you have passed the ISSAP, ISSEP, or ISSMP exams and are certified, you need to recertify every three years. To do so, you simply need to:

If you have a CISSP certification:
Once you have passed your ISSAP, ISSEP, or ISSMP exam and are certified, you need to recertify every three years. To do so, you simply need to:

Earn 60 Continuing Professional Education (CPE) credits for each 3-year term as long as these credits are specific to security engineering.
There is no additional AMF for earning and maintaining ISSAP, ISSEP, or ISSMP certification.

If you do not have a CISSP certification:
Once you have passed your ISSAP, ISSEP, or ISSMP exam and are certified, you need to recertify every three years. To do so, you simply need to: 

Earn 140 Continuing Professional Education (CPE) credits for each 3-year term.
If you already hold an ISC2 certification, excluding Certified in Cybersecurity (CC), there is no additional AMF for earning and maintaining the ISSAP, ISSEP, or ISSMP.
- If you hold the CC certification, then there will be an additional $75 AMF each year.
If you don’t already hold an ISC2 certification, then there will be an AMF of $125/year.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

gidyn — Tue, 24 Oct 2023 19:42:55 GMT

Thank you @tldutton for the clarification.

Can I assume, that for someone who holds a CISSP, the ISSxP term will continue to match their CISSP term?

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

njpsu — Tue, 24 Oct 2023 22:36:00 GMT

I have to say, I was really shocked at how this was just dropped on those of us holding concentration certifications with no prior notice. I feel ISC2 is not communicating well with the members. This, and the other recent moves to add more certification programs are fundamental changes in the organization, and it feels, to me at least, that the membership is just along for the ride.

I think ISC2 management needs to do a much better job at vetting these major changes WITH membership not AT membership. How about proposing ideas to open a dialog prior to just announcing major changes? ISC2 needs to engage the membership, not just broadcast.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

vr2xhy — Wed, 25 Oct 2023 05:00:16 GMT

Very shocked when got this email last night regarding to this big changes. The reason I guess why they used to be a concentration is that it expect those holders to have a solid, standardized and benchmarked foundation proven by CISSP qualification as a step to prepare or equip the candidate to be a better security manager/engineer/architect.

Removing such important requirement is not simply a downgrade to those qualification and a demonstration of no respect to those existing holders, it's also like telling others CISSP is just too much for these roles and reverse the whole game to give the industry an impression that CISSP is more prestigious and challenging than ISSMP/ISSEP/ISSAP.

Say if I am a CISO, under the previous flow I have to take CISSP, then ISSMP. Now I can simply take ISSMP exam + experience. What's that mean to CISSP? It means less high income senior management (with nice titles) will be part of the CISSP population, and it entails less valuable to CISSP because now the average income of CISSP holder is decreasing, and also a decrease of CISSP holder size since we all know CISSP covering so many topics comparing ISSxP qualification. From a cost-benefit analysis I will move to other alternate qualifications.

If CISSP is no longer a requirement, there are already lots of other qualifications on the market with better names to attract layman. Not every industry practitioner know what's ISSxP means and entails.

Suggestion: Why not make another qualification like CISxP and adding (NOT CONVERT) the existing holder to that new qualification, this shows respect to existing holder and a recognition of their previous effort.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

gidyn — Wed, 25 Oct 2023 08:57:16 GMT

It means that if you have good all-round skills, you can CISSP. If you have deep management skills, you can ISSMP. If you have both skillsets, you can do both certs.
Existing concentration holders already have both, you lose nothing with this change. If the concentrations gain mindshare (which is currently close to 0), it's all gain.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

JoePete — Wed, 25 Oct 2023 13:17:54 GMT

@njpsu wrote:
I think ISC2 management needs to do a much better job at vetting these major changes WITH membership not AT membership.

I'd be shocked if this was a management decision. Anything that creates or changes certification should be a board decision as it ostensibly impacts the definition of "member." (Really should be a membership one, but that is a different debate/bylaw).

As others have noted, these concentrations never took off. I think part of the problem is that if you had an interest in these concentrations, you were probably already in that specialized role to begin with. I think years ago, the path was you already were an architect, engineer, manager and then earned your CISSP. In that regard, the target audience for these credentials probably had some additional feathers in the cap (PMP, CCMP, CEM, etc.) that could validate their skills.

I suspect the discussion that happened at the board level at some point in the not too distant past was that our membership was too flat; we "needed" more vertical options. We're pulling in a million people at the low end with the CC and now transitioning these CISSP concentrations into distinct upper end credentials. Tthey are now a distinct a higher level of achievement and that creates more vertical options.

To that I say "to what end." We were a financially stable, successful organization. We did not need to expand our menu of membership. Ostensibly, the board has changed the definition of membership, which at one time was centered on the CISSP. And the response from our peers on the board has to been to deem member counts as classified information. So this change, we won't really know if it is working until the board, which essentially elects itself, decides to tell us what they want us to know. Real good example to set for the security industry (yes, I am pursuing my CSP - Certified Sarcastic Professional).

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

Early_Adopter — Wed, 25 Oct 2023 15:05:49 GMT

@JoePete it’s OK as none of the new board nominated board of directors candidates had any concentration or other ISC2 certifications other than CISSP and a solitary HCISSP which is retiring… maybe you should pitch that CSP Idea to the board, might be a dollar or two in it? 😉

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

vr2xhy — Wed, 25 Oct 2023 18:26:14 GMT

@gidyn- that depends..... surely the existing holder will have no change on the qualification perspective but the value of that qualification is not. More supply with same demand level = value decrease.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

tldutton — Mon, 06 Nov 2023 15:43:03 GMT

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

tldutton — Mon, 06 Nov 2023 15:42:53 GMT

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

JoePete — Thu, 26 Oct 2023 19:45:09 GMT

@tldutton Thanks for following up

Since the CISSP has been eliminated as a prerequisite, it strikes that these new standalone designations should now be viewed on a par with something like the CCSP (and should have their acronyms changed to avoid confusion with the concentrations). Instead, they're being presented as superseding the CISSP.

As an analogy, many people who take the bar exam are going be tested on things outside their intended specialty. They still have to pass the breadth and depth of the bar. I would think of the CISSP the same way. I like the idea of having advanced levels past the CISSP (even more than the old concentrations), but I think circumventing the CISSP is an error.

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

tldutton — Mon, 06 Nov 2023 15:42:43 GMT

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

tldutton — Mon, 06 Nov 2023 15:43:30 GMT

Re: Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

njpsu — Sat, 28 Oct 2023 23:28:23 GMT

Hang on there, I respond to those surveys and participate in workshops. I do not recall ANY proposal to change the certification this way being discussed in the those venues. This reinforces my prior comment about poor communication with the members. Implying this change was vetted through surveys and workshops is not accurate in my experience. Are you saying ignorance of this change is because the members are not participating in the surveys and workshop?