Hi, I have a team member who has a masters in Info Security obtained a few years back, and they have been studying for the CISSP.
However, they are wondering whether they can go straight to IASSP, which is mostly relevant to their current role.
Any info would be much appreciated.
Nope, you need to be an existing CISSP:
To qualify for the CISSP-ISSAP, you must be a CISSP in good standing and:
Have two years cumulative, paid work experience in one or more of the six domains of the CISSP-ISSAP Common Body of Knowledge (CBK).
Nope. The CISSP is a baseline infosec management certification, based on high-view general knowledge about the eight domains plus extended experience in two of those domains. To show deep expertise and experience in particular areas of infosec, CISSPs can pursue the three CISSP Concentrations in engineering (CISSP-ISSEP), Architecture (CISSP-ISSAP) and management (CISSP-ISSMP). Note that these are CISSP CONCENTRATIONS, not separate certifications. Further, while common usage is to use only the concentration acronym to refer to them, the proper formal designation is to use the hyphenated form above.
See https://www.isc2.org/Certifications/CISSP-Concentrations for more information.
If your team member has been preparing for the CISSP, why not complete the process?
If your team member thinks the CISSP-ISSAP is more appropriate based on degree and experience than the CISSP, how could the team member reach that conclusion without studying what the CISSP-ISSAP is and how to prepare for it, noting that the first criteria to take the test is to be a CISSP in good standing?
Thank you very much, especially helpful the clarification re concentrations. I'll encourage them through and then onwards to the concentration afterwards.