ISC2 has introduced an additional path to earning
the ISSAP, ISSEP and ISSMP certifications. This new path removes the CISSP as a requirement, while recognizing seven years of relevant experience as a qualifying factor in earning the ISSAP, ISSEP or ISSMP.
There are now two ways to earn and maintain these specialized, role-based certifications. Learn more at ISC2 Insights: https://www.isc2.org/Insights/2023/10/Additional-Non-CISSP-Path-to-ISSAP-ISSEP-and-ISSMP-Certificati...
@njpsu wrote:I think ISC2 management needs to do a much better job at vetting these major changes WITH membership not AT membership.
I'd be shocked if this was a management decision. Anything that creates or changes certification should be a board decision as it ostensibly impacts the definition of "member." (Really should be a membership one, but that is a different debate/bylaw).
As others have noted, these concentrations never took off. I think part of the problem is that if you had an interest in these concentrations, you were probably already in that specialized role to begin with. I think years ago, the path was you already were an architect, engineer, manager and then earned your CISSP. In that regard, the target audience for these credentials probably had some additional feathers in the cap (PMP, CCMP, CEM, etc.) that could validate their skills.
I suspect the discussion that happened at the board level at some point in the not too distant past was that our membership was too flat; we "needed" more vertical options. We're pulling in a million people at the low end with the CC and now transitioning these CISSP concentrations into distinct upper end credentials. Tthey are now a distinct a higher level of achievement and that creates more vertical options.
To that I say "to what end." We were a financially stable, successful organization. We did not need to expand our menu of membership. Ostensibly, the board has changed the definition of membership, which at one time was centered on the CISSP. And the response from our peers on the board has to been to deem member counts as classified information. So this change, we won't really know if it is working until the board, which essentially elects itself, decides to tell us what they want us to know. Real good example to set for the security industry (yes, I am pursuing my CSP - Certified Sarcastic Professional).
@gidyn- that depends..... surely the existing holder will have no change on the qualification perspective but the value of that qualification is not. More supply with same demand level = value decrease.
.
.
@tldutton Thanks for following up
Since the CISSP has been eliminated as a prerequisite, it strikes that these new standalone designations should now be viewed on a par with something like the CCSP (and should have their acronyms changed to avoid confusion with the concentrations). Instead, they're being presented as superseding the CISSP.
As an analogy, many people who take the bar exam are going be tested on things outside their intended specialty. They still have to pass the breadth and depth of the bar. I would think of the CISSP the same way. I like the idea of having advanced levels past the CISSP (even more than the old concentrations), but I think circumventing the CISSP is an error.
.
.