cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AndreaMoore
Community Manager

Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

ISC2 has introduced an additional path to earning Concentrations-Logo-350x350.png

the ISSAPISSEP and ISSMP certifications. This new path removes the CISSP as a requirement, while recognizing seven years of relevant experience as a qualifying factor in earning the ISSAP, ISSEP or ISSMP.

 

There are now two ways to earn and maintain these specialized, role-based certifications. Learn more at ISC2 Insights: https://www.isc2.org/Insights/2023/10/Additional-Non-CISSP-Path-to-ISSAP-ISSEP-and-ISSMP-Certificati...

 




ISC2 Community Manager
43 Replies
Early_Adopter
Community Champion

These were CISSP concentrations, not standalone certifications. I don’t have any particular interest in them however ISC2 seems to be playing fast and loose with its previously winning formula. Interested in what CISSP concentration holders feel about this?

On a side note will ISC2 publish new study materials for its newly minted surprise Certifications?

Thanks.
gidyn
Contributor III

This concentration holder hopes that it will breathe some life into them.

When will CPE guidance be issued? The handbook and member dashboard still tie them to the corresponding CISSP CPEs.
Steve-Wilme
Advocate II

The slightly comic thing is that at least in the case of the ISSMP there is an overlap with the CISSP anyway.  It's in a little more depth, but not hugely so.  I can't see employers insisting on the 'concentrations'.  I'd rather more expect them to ask for many more years practical work experience.  

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
dcontesti
Community Champion

@Steve-Wilme is correct, the ISSMP and the ISSAP are really "subsets" of the CISSP that are more in-depth.  

 

One must note that of the thirteen board members only two of them carry any if these concentrations, the other eleven are CISSPs only.  And none of them carry the ISSEP

 

The concentrations were developed to assist with the ADVANCEMENT of the CISSP.....similar to other certifications, that have a Master level cert.  

 

They never caught on as Management never really "sold" them...

 

I see the experience level for these certs now being seven years? Why would I then get one of them instead of the CISSP???

 

my thoughts on a rainy Tuesday.

 

d

 

 

gidyn
Contributor III

I found my concentration (ISSAP) to be much more in-depth than what CISSP requires.
tldutton
ISC2 Team

Once you have passed the ISSAP, ISSEP, or ISSMP exams and are certified, you need to recertify every three years. To do so, you simply need to:

If you have a CISSP certification:
Once you have passed your ISSAP, ISSEP, or ISSMP exam and are certified, you need to recertify every three years. To do so, you simply need to:

  • Earn 60 Continuing Professional Education (CPE) credits for each 3-year term as long as these credits are specific to security engineering.
  • There is no additional AMF for earning and maintaining ISSAP, ISSEP, or ISSMP certification.

If you do not have a CISSP certification:
Once you have passed your ISSAP, ISSEP, or ISSMP exam and are certified, you need to recertify every three years. To do so, you simply need to: 

  • Earn 140 Continuing Professional Education (CPE) credits for each 3-year term.
  • If you already hold an ISC2 certification, excluding Certified in Cybersecurity (CC), there is no additional AMF for earning and maintaining the ISSAP, ISSEP, or ISSMP.
    • If you hold the CC certification, then there will be an additional $75 AMF each year.
  • If you don’t already hold an ISC2 certification, then there will be an AMF of $125/year.
gidyn
Contributor III

Thank you @tldutton for the clarification.

 

Can I assume, that for someone who holds a CISSP, the ISSxP term will continue to match their CISSP term?

njpsu
Newcomer I

I have to say, I was really shocked at how this was just dropped on those of us holding concentration certifications with no prior notice.  I feel ISC2 is not communicating well with the members.  This, and the other recent moves to add more certification programs are fundamental changes in the organization, and it feels, to me at least, that the membership is just along for the ride.   

I think ISC2 management needs to do a much better job at vetting these major changes WITH membership not AT membership.  How about proposing ideas to open a dialog prior to just announcing major changes?  ISC2 needs to engage the membership, not just broadcast.    

vr2xhy
Newcomer II

Very shocked when got this email last night regarding to this big changes. The reason I guess why they used to be a concentration is that it expect those holders to have a solid, standardized and benchmarked foundation proven by CISSP qualification as a step to prepare or equip the candidate to be a better security manager/engineer/architect.

 

Removing such important requirement is not simply a downgrade to those qualification and a demonstration of no respect to those existing holders, it's also like telling others CISSP is just too much for these roles and reverse the whole game to give the industry an impression that CISSP is more prestigious and challenging than ISSMP/ISSEP/ISSAP.

 

Say if I am a CISO, under the previous flow I have to take CISSP, then ISSMP. Now I can simply take ISSMP exam + experience. What's that mean to CISSP? It means less high income senior management (with nice titles) will be part of the CISSP population, and it entails less valuable to CISSP because now the average income of CISSP holder is decreasing, and also a decrease of CISSP holder size since we all know CISSP covering so many topics comparing ISSxP qualification. From a cost-benefit analysis I will move to other alternate qualifications.

 

If CISSP is no longer a requirement, there are already lots of other qualifications on the market with better names to attract layman. Not every industry practitioner know what's ISSxP means and entails.

 

Suggestion: Why not make another qualification like CISxP and adding (NOT CONVERT) the existing holder to that new qualification, this shows respect to existing holder and a recognition of their previous effort.

----------
Alvin Chan
CISSP-ISSMP, CCSP, ISC2 Authorized Instructor, MCIArb