First congratulations on passing the test. I am looking at doing a Risk certification and wondered why you chose the CAP over some of the other risk certs out there? I am CISSP and CCSP certified so I obviously believe in the ISC2 eco-system, but to be honest when you look at risk positions these days, CAP certification is not usually listed. Now I am not looking to change jobs but when ever I decide to under take a certification, I do consider how marketable the certification would be.
Thank for the kind words. The CAP is a highly targeted certification for those working with the NIST Risk Management Framework (RMF). The RMF is mandated for Federal information systems under the Federal Information Systems Management Act (FISMA). Unless you work with a Federal agency, or a contractor supporting the Federal government, the CAP may have limited appeal for you.
I have been looking into the CRISC from ISACA as well as the OpenFAIR certification. RiskLens has a discount available for training in the FAIR (Factor Analysis for Information Risk) including the exam fees. Although the CRSC is better known across the industry, the FAIR taxonomy is an excellent methodology for quantitative risk analysis.
I would be interested to know what other Risk certs you have been considering!
I was specifically looking at the CRISC which is why I posed the question after I saw your post about the CAP certification. Since I am not a federal employee and don't work under the NIST RMF I will probably do the CRISC, but will decide when I get a chance to actually concentrate on it.