cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AndreaMoore
Community Manager

Additional Non-CISSP Path to ISSAP, ISSEP and ISSMP Certification

ISC2 has introduced an additional path to earning Concentrations-Logo-350x350.png

the ISSAPISSEP and ISSMP certifications. This new path removes the CISSP as a requirement, while recognizing seven years of relevant experience as a qualifying factor in earning the ISSAP, ISSEP or ISSMP.

 

There are now two ways to earn and maintain these specialized, role-based certifications. Learn more at ISC2 Insights: https://www.isc2.org/Insights/2023/10/Additional-Non-CISSP-Path-to-ISSAP-ISSEP-and-ISSMP-Certificati...

 




ISC2 Community Manager
43 Replies
gidyn
Contributor III

It means that if you have good all-round skills, you can CISSP. If you have deep management skills, you can ISSMP. If you have both skillsets, you can do both certs.
Existing concentration holders already have both, you lose nothing with this change. If the concentrations gain mindshare (which is currently close to 0), it's all gain.
JoePete
Advocate I


@njpsu wrote:

I think ISC2 management needs to do a much better job at vetting these major changes WITH membership not AT membership. 


I'd be shocked if this was a management decision. Anything that creates or changes certification should be a board decision as it ostensibly impacts the definition of "member." (Really should be a membership one, but that is a different debate/bylaw).

 

As others have noted, these concentrations never took off. I think part of the problem is that if you had an interest in these concentrations, you were probably already in that specialized role to begin with. I think years ago, the path was you already were an architect, engineer, manager and then earned your CISSP. In that regard, the target audience for these credentials probably had some additional feathers in the cap (PMP, CCMP, CEM, etc.) that could validate their skills.

 

I suspect the discussion that happened at the board level at some point in the not too distant past was that our membership was too flat; we "needed" more vertical options. We're pulling in a million people at the low end with the CC and now transitioning these CISSP concentrations into distinct upper end credentials. Tthey are now a distinct a higher level of achievement and that creates more vertical options.

 

To that I say "to what end." We were a financially stable, successful organization. We did not need to expand our menu of membership. Ostensibly, the board has changed the definition of membership, which at one time was centered on the CISSP. And the response from our peers on the board has to been to deem member counts as classified information. So this change, we won't really know if it is working until the board, which essentially elects itself, decides to tell us what they want us to know. Real good example to set for the security industry (yes, I am pursuing my CSP - Certified Sarcastic Professional).

Early_Adopter
Community Champion

@JoePete it’s OK as none of the new board nominated board of directors candidates had any concentration or other ISC2 certifications other than CISSP and a solitary HCISSP which is retiring… maybe you should pitch that CSP Idea to the board, might be a dollar or two in it? 😉
vr2xhy
Newcomer II

@gidyn- that depends..... surely the existing holder will have no change on the qualification perspective but the value of that qualification is not. More supply with same demand level = value decrease.

 

 

----------
Alvin Chan
CISSP-ISSMP, CCSP, ISC2 Authorized Instructor, MCIArb
tldutton
ISC2 Team

.

tldutton
ISC2 Team

.

JoePete
Advocate I

@tldutton Thanks for following up

 

Since the CISSP has been eliminated as a prerequisite, it strikes that these new standalone designations should now be viewed on a par with something like the CCSP (and should have their acronyms changed to avoid confusion with the concentrations). Instead, they're being presented as superseding the CISSP.

 

As an analogy, many people who take the bar exam are going be tested on things outside their intended specialty. They still have to pass the breadth and depth of the bar. I would think of the CISSP the same way. I like the idea of having advanced levels past the CISSP (even more than the old concentrations), but I think circumventing the CISSP is an error.

tldutton
ISC2 Team

.

tldutton
ISC2 Team

.

njpsu
Newcomer I

Hang on there, I respond to those surveys and participate in workshops. I do not recall ANY proposal to change the certification this way being discussed in the those venues. This reinforces my prior comment about poor communication with the members. Implying this change was vetted through surveys and workshops is not accurate in my experience. Are you saying ignorance of this change is because the members are not participating in the surveys and workshop?