cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DWayland
Newcomer II

ISSAP Passed - Study Sharing

I passed the exam (July 2018) and received my endorsement!

 

This was one of the tougher exams I've taken.  The toughness of the test was primarily due to the lack of official study material for the updated test, and the small group of people currently preparing for the certification.

 

The exam definitely follows the ISC2 approach of ensuring you have full understanding of the underlying topics. The questions test your ability to apply your core understanding and I do not believe there is a way to study for the questions. Rather, you must truly understand the material at a core level.

 

You need to ensure that you completely understand the core CISSP as well as the extended ISSAP depth of questions.

 

Where the CISSP is "a mile wide and an inch deep", the ISSAP is 1/2 a mile wide and a few feet deep.

 

Study Plan:

The following is how I approached studying for the test:

  • Read the Official (ISC)2 Guide to the ISSAP CBK - 2nd Edition (I read it once cover to cover with a mind to detail. I read it once focusing on any areas where I could not immediately remember the details. I read it a final time to brush up and verify my understanding of each area)
  • Read all online documents identified in the ISC2 CBK chapter bibliographies
  • Read all online documents identified in the ISC2 CBK Suggested References for the ISSAP (I did not purchase any books other than the ISSAP CBK)
  • Downloaded the ISC2 Exam Outline for the ISSAP, searched for, and read, references to each section (focusing on NIST documents, Whitepapers, and RFPs)
  • Downloaded and read the Jake Eliasz CISSP-ISSAP Loose Notes, thanks Jake!
  • I also revisited the CISSP study material (Sunflower Study Guide & the Shon Harris CISSP All-in-One book, specifically the end of chapter Quick Tips)
    Test Question Preparation

I utilized both the ISC2 CISSP & CISSP-ISSAP phone apps to run test questions.

 

Taking the Test:

 

You must be focused and relaxed.

 

I started by doing some deep breathing exercises and repeated those about every 25 questions. This helped me relax, focus, and take my mind off the previous set of questions.

  • Read the question. Read the question again. Read the question a third time.
  • Read the possible answers.
  • Read the question again.
  • Select your answer.

Good Luck!

21 Replies
Rayz
Newcomer I

I have multiple colleagues that have this cert, saying that this cert is not worth it, not up to date and archaic.

How do you feel about it?
DWayland
Newcomer II

Rayz -

 

I can only speak from my perspective, however I learned things and gained a deeper understanding of Security Architecture because of my study for this test.

 

There was nothing I found out of date, since threat vectors are threat vectors, regardless of when they were found.

 

My overall feeling is that, through the ISSAP studying, I became a more effective Security Architect with a deeper understanding of the threats and how to address them.

 

I hope this helps and answered your question.

 

Thanks,

Dave

AlecTrevelyan
Community Champion

I provisionally passed the ISSAP earlier today thanks to the advice in this thread from @DWayland.

 

I largely followed the same study method with the main difference being I did purchase some of the suggested references that I felt would help plug any gaps in my knowledge (especially if they were also listed as suggested references for the ISSMP which is a possible future target for me), or that I felt would just be good reference books to have around.

 

In total I spent over 100 hours studying for the exam, so I'm happy to have passed so I can take a break now!

 

DWayland
Newcomer II

Congratulations on the pass!
samermiq
Newcomer I

Congrats for the pass.

I'm still in doubt to do ISSAP or not. I already have CISSP and CCSP and TOGAF. Those would cover most requirements in relevant job posting for a security architect. However, for some reason I have a feeling that I should read it and sit for the exam. Not sure why and I don't feel that my feeling is logical .
AlecTrevelyan
Community Champion


@samermiq wrote:
Congrats for the pass.

Thanks!

 

I'm still in doubt to do ISSAP or not. I already have CISSP and CCSP and TOGAF. Those would cover most requirements in relevant job posting for a security architect. However, for some reason I have a feeling that I should read it and sit for the exam. Not sure why and I don't feel that my feeling is logical .

I guess it depends on your motivation. You already have the certs needed to cover most Security Architect job description requirements.

 

I went for the ISSAP as it's more security focused than TOGAF. While SABSA, which is also security focused, requires you to take the official classes to take the exams and I wanted to self-study - as part of my ISSAP study I did read the SABSA manual as it's one of the ISSAP suggested references.

 

The ISSAP has more of a technical perspective than SABSA. While SABSA is more conceptual. I assume the same is true for TOGAF, so I would see the ISSAP as being very much complimentary to both of these.


Although I would say, if you're just going to read the ISSAP CBK and take the exam, the only benefit would be having the ISSAP initials as you're unlikely to learn much you don't already know given your current certifications.

 

However, if you take studying for the ISSAP as an opportunity to raise your knowledge of security architecture to authoritative levels and read as many of the suggested references as you can then it's a very worthwhile exercise.

 

samermiq
Newcomer I


However, if you take studying for the ISSAP as an opportunity to raise your knowledge of security architecture to authoritative levels and read as many of the suggested references as you can then it's a very worthwhile exercise.

 



Thanks for you valuable insight. I really appreciate it. I feel in the last paragraph that you've just validated what I wanted to hear. Yes, I want to be a better security architect and to be honest SABSA is expensive and current company won't support me. However, part of me also would to have some kind of RoE (return on effort) and get the certificate as kind of motivational goal. 

 

Thanks again 🙂 

itmind
Reader I

Thank you all for sharing your experience, I really thinking about taking time and archive the ISSAP certification to gain some more knowledge about security architecture which Iam more and more interested in. .

 

 I have a question maybe a bit outside this to topic but I hope any of you know the answer. I currently have a CISSP certification and to maintain that I need to collect CPE points, how does it work if you have more that one ISC2 certification, for example CISSP, ISSAP and CCSP. Do I need to individually collect CPE points for each individual certification to maintain the certifications?

DWayland
Newcomer II

Regarding the CPEs.

 

As you submit your CPEs, you identify what category.

 

For me, most of my CISSP CPEs have also fulfilled my ISSAP CPEs, so I only needed 120 total and 20 of those also worked for ISSAP.

 

I hope this helps!

itmind
Reader I

Thank you for quick anwser.