cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer I

Has anyone recently passed the ISSEP exam?

 

I just purchased the ISSEP CBK. (pub September 29, 2005)

I had considered getting the certification a few years ago, but held up due to the age of the study materials. 

Is this book current enough to support passing the exam?

 

Does anyont that recently passed the exam have additional study reccomendations?

I was already planning on reading Security Engineering by Ross Anderson again as well as the CBK, and will likely use the cccure.org test engine.

 

Other than that I'm at a bit of a loss. 

 

Thanks,

CEC

 

 

 

 

 

Tags (1)
8 Replies
Newcomer I

Re: Has anyone recently passed the ISSEP exam?

I Pass the exam on September 1
Newcomer I

Re: Has anyone recently passed the ISSEP exam?

What did you use for study materials?

Highlighted
Newcomer I

Re: Has anyone recently passed the ISSEP exam?

I used a host of material, but I found the CBK Fourth addition book to be really handy. I coupled the reading with the CyberSecStudy podcast which is dictated directly from the CBK. The last week I used CCCure for practice tests. I would advise waiting to pass the full exam with at least an 85% at least 4 times before attempting the real deal. I passed the exam the first time in 2 hours and 40 minutes. The real test is close to the CCCure material. 

Viewer II

Re: Has anyone recently passed the ISSEP exam?

Hi, it's been about 3 years since I passed the exam.  I found the 2005 ISSEP CBK woefully out of date.  I ended up taking the ISC2 training course (the week long in-person version). While that was ok, additional review of the NIST 800 series pubs (800-53 series) and the ISSEP Candidate Information Bulletin (CIB) are in order.  The CIB, in particular, will fill you in on the current publications that the exam points back to.  That's what you want to review.  Realize some of those pubs may be out of date or no longer active, but you may still find them important to getting through the exam.  

 

Hope that helps and Good Luck!

Newcomer I

Re: Has anyone recently passed the ISSEP exam?

Thanks Njpsu!

Checking out the NIST docs and ISSEP Candidate Information Bulletin (CIB) now.

Contributor II

Re: Has anyone recently passed the ISSEP exam?

I've been looking into it. It's relevant to what I want to focus on in my career. However, the exam outlines and study materials seem a bit out of date. For instance, it is my understanding that DIACAP has been superseded by a new RMF for DoD IT which is NIST RMF aligned.  I don't have direct DOD experience, though I've done a bunch of FIPS, Common Criteria and CSfC stuff. I just don't know if it is worth doing a concentration which is so focused on standards and compliance if the standards are out of date -- anyone know if/when the material might be getting a refresh?

 

-- wdf//CISSP, CSSLP
Viewer II

Re: Has anyone recently passed the ISSEP exam?

While there is some focus on DoD processes (reflects this concentration was established with help from NSA), the processes in the NIST 800 series apply across the US Government.  I believe there was a move to update the concentration area a year or two ago, but it was delayed.  I'm guessing that is because the NIST guidance was still being finalized and revised, so rather than update and have to immediately update again, a pause was in order. 

 

While DoD experience is helpful, I didn't feel like my personal DoD experience was essential to doing well on the exam.  Information System Security Engineering knowledge is not just government specific.  While the current test may need revision, I think the intention is to demonstration you know the ISSE Process, and you understand where supporting government standards and frameworks come from.    

Contributor II

Re: Has anyone recently passed the ISSEP exam?

Thanks, that's a good response. I know it isn't all government -- I've worked for a number of security product vendors in engineering roles, in addition to doing both conformance and efficacy testing.  It's stuff I like much better than the DFIR work that I've done in the past.  A few months ago I left a CC/FIPS lab to move to Texas to take a job testing breach prevention systems for efficacy. It's interesting to say the least, but I suspect that in a few years we'll move back to the DC area and I'd like to go full govt, or do contracting. With a CISSP and CSSLP I'd be elligable for IASAE II. I need the ISSEP for level III positions.

 

It's on my roadmap regardless (will be doing the OSCP here shortly, since I still touch a lot of red team type stuff while doing efficacy testing of security solutions), but I'm just interested in whether there will be a refresh in, say, a year or whether it will be a ways off to determine what my actual timeline is.

 

-- wdf//CISSP, CSSLP