cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
112NextLevelPro
Newcomer III

TOGAF Pro's and Con's for complimenting the CISSP?

I'm looking to expand my skillset to encompass Enterprise Architecture.  I am currently a CISSP and CCSP in good standing.  The TOGAF certification has peaked my interest, but wanted to see what other members thoughts are on this certification and how it compliments what you currently have?

Thank you,

 

-Ed

12 Replies
Early_Adopter
Community Champion

Hi Ed, my probably pretty subjective take.

 

In this neck of the woods(Sotheast Asia) these guys https://iasaglobal.org are seemingly quite active, and I go to a seminar  every now and then. I’ve toyed with the idea of studying TOGAF before as well as SABSA which is more security aligned(and  complimentary to TOGAF), but I could never justify the time for either as I’ve been working on the software vendor side of the house. 

 

I come across TOGAF in a lot of our customers, i’d say that TOGAF make a lot of sense if your role was dealing with enterprise architecture and it’s methods and frameworks lend it well to the task - also the fact it’s produced by the Open Group means it won’t be going out of fashion anytime soon. It provides potential relief from some of the slapdashery of agile and the lack of proper documentation that it seems to encourage(disclosure I’m a certified scrumaster and product owner, and yes the user stories should be there).

 

From a hiring/career standpoint for security roles it’s nice to have, but I’d say it’s more it’s own thing/separate requirement. You’d need a reason to build to it unless it was just for fun. Part of me wonders if CISSP-ISSAP as a concentration wouldn’t be more ‘complementary’ to CISSP - I’m going to attend the two day training course prior to congress this year so I’ll report back after October.

 

 

112NextLevelPro
Newcomer III

Thank you for your take on this.  My whole thing about it is to expand my knowledge but also bring to the table this knowledge to my current organization as from what I have seen here, people were promoted to "Architects" just because, with no real backing against a certifed governing body of being "certified" as an Architect. 

Having say that, I felt at least right now, that the CISSP-ISSAP wouldn't be a good step for me as I want to expand my knowledge of "Enterprise Architecture" and have it confirmed against that of industry standards for Enterprise Architecture such as SABSA, TOGAF, ZACHMAN, etc... as you have already stated.  Once I am more comfortable with that, I may venture into doing the ISSAP concentration.  

As for building this for my career, I feel that adding Architecture to my repertoire would be beneficial as I already am in Information Security dealing with on Prem and Cloud hosted envrionments and having to work with how this is Architectured for the organization. I currently have my  CISSP, CCSP, and hoping to add TOGAF v9.2 to that list.

Early_Adopter
Community Champion

I think that’s very reasonable, a good plan and best of luck with it. 

 

As an aside, I’m always slightly sorry but mildly amused when speaking to architects(the ones that design buildings) on their frustration that the software industry seemingly appropriated their professional title and gave it to people with Visio. If they are good sports I’ll sometime tell them my unofficial title has ‘Architect’ in it. 😉

 

 

Caute_cautim
Community Champion


@112NextLevelPro wrote:

I'm looking to expand my skillset to encompass Enterprise Architecture.  I am currently a CISSP and CCSP in good standing.  The TOGAF certification has peaked my interest, but wanted to see what other members thoughts are on this certification and how it compliments what you currently have?

Thank you,

 

-Ed

 

Interesting, TOGAF belongs to the Open Group http://www.opengroup.org/

 

I went to an IT Architecture conference in August, originally it was called IT Enterprise Architecture conference, but they deliberately dropped the Enterprise bit, as apparently the Industry has had so many problems with people calling themselves "Enterprise Architect" but in fact they are plainly and simply are not.  What I mean is the Open Group offer the ability to become a certified architect at different levels, but having achieved Master Architect level, I cannot then call myself an "Enterprise Architect", simply by having completed my employers own certification program internally, which is recognised by the Open Group i.e. recognised by industry at having reached their standard.   And what I mean is there is a whole heap of Professional Giveback, over a three year period, additional evidence for Intellectual Property development, and other means of giving back.   So every three years, I have to go through a formal re-certification program, to maintain the level of "Master".  

 

So, I think it is good to obtain the TOGAF certification for awareness purposes, but just be aware, there is a whole heap of additional work to do, to formally be recognised by Industry as a certified Architect or even a "Enterprise Architect". 

 

Previous colleagues, have studied SABSA, and applied the Zachman models appropriately.

 

I do know my own organisation is formally going through the process for the role of "Security Architect" to being formally recognised, but in doing so, this means obtaining industry recognition via the Open Group. 

 

I suggest you also look at the https://www.scaledagileframework.com/

 

Scaled Agile Framework, which involves Agile methodology, not only as a culture within many organisations, but also within the context of "digital transformation" but ensure you really do have real Enterprise Architects, who really do understand the business guiding it.

 

My organisation, regularly develops, architecture methodologies including "Enterprise" approaches, and are aligned to the Open Group certification and career pathway.    Being an Architect, is becoming also a career in itself.  

 


Regards

 

Caute_cautim

112NextLevelPro
Newcomer III

I just want to say that I am officially TOGAF v9 (9.2) Certified as of today.  I have to say that I have enjoyed my journey in gaining the knowledge to get this certification.  It is helping me focus my direction in security where I think Security Architecture is in my future.

The exam was tough to say the least, but if you are dilligent and read, comprehend, and absorb the material, you will have everything it takes to pass it.

Caute_cautim
Community Champion

Let me be one of the first to give you a hearty congratulations on your achievement.

 

Well done.

 

I and many others would also be interested in how you tackled it and any barriers to obtaining it, you encountered.

 

Regards

 

Caute_cautim

112NextLevelPro
Newcomer III

Thank you very much @Caute_cautim.  I am greatly honored to have been awarded the TOGAF v9 Certified designation.  

To answer your question, I would first have to thank my journey when I received my CISSP a few years ago.  In that study period, I was drawn towards "Architecture" where the TOGAF EA was mentioned several times in Shon Harris CISSP All - In - One.  After a few years, I decided to go for it and got the materials to start my journey to the TOGAF v9 Certification

The Barriers that I personally came across was my own knowledge of Information Security and how I assmued it would integrate itself into Enterprise Architecture.  I also had to drop my foreknown knowledge of certain terms and definitions and had to understand and comprehend what certain terms and definitions are in accrodance to the TOGAF standard.

The material for the exam (purchased from the Open Group) was sufficient enough to pass both parts of the exam.  I however supplemented any gaps with video courses from Udemy which helped clarify anything that I couldn't grasp.

From the further research I have done, people who have taken both exams, have stated they have studied on average about 2-4 weeks.  This was not the case for me as I have studied about 4-6 hours everyday (10+ on weekends) for almost 2 months, where I really tried to understand the concepts as deeply as possible and have used a lot of the resources available from the Open Group.

Going with the TOGAF over the CISSP-ISSAP was a decision based on visibility in the industry.  I haven't seen a lot of job opportunites requesting the CISSP-ISSAP here in the United States unless it is DoD 8570 which I don't and don't perceive to be working for DoD in the near or long term futute.  

I know SABSA would have probably better align with Information Security, but felt with the visibility in the industry that the TOGAF has, plus the reasonable pricing for the study material and exam costs made it more appealing for me.


112NextLevelPro
Newcomer III


@Caute_cautim wrote:

@112NextLevelPro wrote:

I'm looking to expand my skillset to encompass Enterprise Architecture.  I am currently a CISSP and CCSP in good standing.  The TOGAF certification has peaked my interest, but wanted to see what other members thoughts are on this certification and how it compliments what you currently have?

Thank you,

 

-Ed

 

Interesting, TOGAF belongs to the Open Group http://www.opengroup.org/

 

I went to an IT Architecture conference in August, originally it was called IT Enterprise Architecture conference, but they deliberately dropped the Enterprise bit, as apparently the Industry has had so many problems with people calling themselves "Enterprise Architect" but in fact they are plainly and simply are not.  What I mean is the Open Group offer the ability to become a certified architect at different levels, but having achieved Master Architect level, I cannot then call myself an "Enterprise Architect", simply by having completed my employers own certification program internally, which is recognised by the Open Group i.e. recognised by industry at having reached their standard.   And what I mean is there is a whole heap of Professional Giveback, over a three year period, additional evidence for Intellectual Property development, and other means of giving back.   So every three years, I have to go through a formal re-certification program, to maintain the level of "Master".  

 

So, I think it is good to obtain the TOGAF certification for awareness purposes, but just be aware, there is a whole heap of additional work to do, to formally be recognised by Industry as a certified Architect or even a "Enterprise Architect". 

 

Previous colleagues, have studied SABSA, and applied the Zachman models appropriately.

 

I do know my own organisation is formally going through the process for the role of "Security Architect" to being formally recognised, but in doing so, this means obtaining industry recognition via the Open Group. 

 

I suggest you also look at the https://www.scaledagileframework.com/

 

Scaled Agile Framework, which involves Agile methodology, not only as a culture within many organisations, but also within the context of "digital transformation" but ensure you really do have real Enterprise Architects, who really do understand the business guiding it.

 

My organisation, regularly develops, architecture methodologies including "Enterprise" approaches, and are aligned to the Open Group certification and career pathway.    Being an Architect, is becoming also a career in itself.  

 


Regards

 

Caute_cautim


In my studies and jouney to getting the TOGAF Certification, I have learned, that where EA and Agile are, are at 2 different levels of the organization.  Enterprise Architecture is at the Business Level, Agile is at the Business Unit Level.  Also, The TOGAF is actually Agile in it's Architecture Development Method (ADM) where the approach may be iterative as well as responsive enough to have deliverables and component roadmap items to show Stakeholders their needs and concerns are met with Incrimental transition states.

Early_Adopter
Community Champion

Congratulations!