ISC2 has introduced an additional path to earning
the ISSAP, ISSEP and ISSMP certifications. This new path removes the CISSP as a requirement, while recognizing seven years of relevant experience as a qualifying factor in earning the ISSAP, ISSEP or ISSMP.
There are now two ways to earn and maintain these specialized, role-based certifications. Learn more at ISC2 Insights: https://www.isc2.org/Insights/2023/10/Additional-Non-CISSP-Path-to-ISSAP-ISSEP-and-ISSMP-Certificati...
The slightly comic thing is that at least in the case of the ISSMP there is an overlap with the CISSP anyway. It's in a little more depth, but not hugely so. I can't see employers insisting on the 'concentrations'. I'd rather more expect them to ask for many more years practical work experience.
@Steve-Wilme is correct, the ISSMP and the ISSAP are really "subsets" of the CISSP that are more in-depth.
One must note that of the thirteen board members only two of them carry any if these concentrations, the other eleven are CISSPs only. And none of them carry the ISSEP
The concentrations were developed to assist with the ADVANCEMENT of the CISSP.....similar to other certifications, that have a Master level cert.
They never caught on as Management never really "sold" them...
I see the experience level for these certs now being seven years? Why would I then get one of them instead of the CISSP???
my thoughts on a rainy Tuesday.
d
Once you have passed the ISSAP, ISSEP, or ISSMP exams and are certified, you need to recertify every three years. To do so, you simply need to:
If you have a CISSP certification:
Once you have passed your ISSAP, ISSEP, or ISSMP exam and are certified, you need to recertify every three years. To do so, you simply need to:
If you do not have a CISSP certification:
Once you have passed your ISSAP, ISSEP, or ISSMP exam and are certified, you need to recertify every three years. To do so, you simply need to:
Thank you @tldutton for the clarification.
Can I assume, that for someone who holds a CISSP, the ISSxP term will continue to match their CISSP term?
I have to say, I was really shocked at how this was just dropped on those of us holding concentration certifications with no prior notice. I feel ISC2 is not communicating well with the members. This, and the other recent moves to add more certification programs are fundamental changes in the organization, and it feels, to me at least, that the membership is just along for the ride.
I think ISC2 management needs to do a much better job at vetting these major changes WITH membership not AT membership. How about proposing ideas to open a dialog prior to just announcing major changes? ISC2 needs to engage the membership, not just broadcast.
Very shocked when got this email last night regarding to this big changes. The reason I guess why they used to be a concentration is that it expect those holders to have a solid, standardized and benchmarked foundation proven by CISSP qualification as a step to prepare or equip the candidate to be a better security manager/engineer/architect.
Removing such important requirement is not simply a downgrade to those qualification and a demonstration of no respect to those existing holders, it's also like telling others CISSP is just too much for these roles and reverse the whole game to give the industry an impression that CISSP is more prestigious and challenging than ISSMP/ISSEP/ISSAP.
Say if I am a CISO, under the previous flow I have to take CISSP, then ISSMP. Now I can simply take ISSMP exam + experience. What's that mean to CISSP? It means less high income senior management (with nice titles) will be part of the CISSP population, and it entails less valuable to CISSP because now the average income of CISSP holder is decreasing, and also a decrease of CISSP holder size since we all know CISSP covering so many topics comparing ISSxP qualification. From a cost-benefit analysis I will move to other alternate qualifications.
If CISSP is no longer a requirement, there are already lots of other qualifications on the market with better names to attract layman. Not every industry practitioner know what's ISSxP means and entails.
Suggestion: Why not make another qualification like CISxP and adding (NOT CONVERT) the existing holder to that new qualification, this shows respect to existing holder and a recognition of their previous effort.