Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Viewer III

CISSP Concentrations

Hi All,


This is my first ISC2 community post, so I hope I am doing this right 🙂


I finished the CISSP exam and completed endorsment. In a couple days I have the CCSP exam. Right now I am looking at my options to continue studying. I am looking at CASP+ and ISACA certs but also noticed the CISSP concentrations. Looking online at platforms like Reddit, it looks to me that the concentrations do not have the same golden status as CISSP and there is not a lot of information on them. How does the community look at these concentrations? Are they worth it, Is there solid study material, Does it help you being a better professional?


Hope you guys can help me.



8 Replies
Community Champion

So if you want one and done, then the CASP+ is probably the way to go however depending on your function, you may want to seriously look at the ISSAP or ISSMP.  Keep in mind the experience requirements for each of the options.   


The CISSP concentrations require one to have the CISSP (the gold standard) prior to sitting for them.


Again, go back to what your function is.  Are you a generalist?  or a specialist?  Are you in management? or and architect?  


I always ask my teams what they want to be when they grow up, so that they can decide what if any certifications can be of assistance to them.


BTW: welcome to the community.




Newcomer II

Having CISSP and CCSP knowledge would help me prepare for ISSAP.


CISSP Concentrations are known for DoD, unfortunately not well-known in the private sector.


CISSP is a gold standard and this cert alone is more than enough. Concentrations are just optional it's like a game. If you finish the game then you may have the option to buy the season pass.

I am scheduled to take ISSAP next month. My job doesn't require it but it's a personal challenge for me.  I suggest you aim for ISSAP while you still have fresh CISSP and CCSP knowledge.

ISC2 Team

Thank you for contacting ISC2 via Community. I will send you a private message.

ISC2 Team




So we may assist you, please email . That will allow me to reply and send both information and links to our website.


Thank you.


Viewer III

Thank you for your responses. I'm passionate about learning, which is why I'm considering furthering my certifications.

I see myself as an engineer/architect specialist, but I aim to possess a broader knowledge than anyone else in the room. At my previous company, I focused on both designing and hands-on implementation of significant projects such as network segmentation, DevSecOps, and the Azure Cloud environment. Currently, I am transitioning to a large SOC and aspire to become the lead engineer/architect for the environment within 3-5 years. I believe I'll explore both the engineer and architect concentrations.
Community Champion

Note of caution here, you’re considering yourself to be a specialist but also want to have broader knowledge than anyone else in the room. This might not be achievable given that lot’s of other folk are going to be strong performers and the areas are quite different and in most environments there is a degree of separation required, at the start you’ll tend to be specialised and working on components and more hands on and as you pickup more knowledge and experience you might find yourself producing HLD/LLDs for a whole system though at that stage you won’t be as hands on. How you work with your team and peers will I thin contribute more to your success then trying to cover everything.

Secondly I wouldn’t do lots of certifications covering the same thing with different bodies - costs money and time plus it’s not giving you great ROI, so consider if the concentrations add value and which to prioritise. For example for me maintaining certification with ISC2, IAPP and scrum alliance fit what I need to prove in my type of roles, and I wouldn’t bother with concentrations(or going back to CC/SSCP as neither would be necessary and for the lower lever certification I’d lose an afternoon and spend more money and for the concentration id have to bone up on specific domain knowledge like a frenetic ninja-Jedi with little benefit. Other security certs wouldn’t help me so much, just cover the same ground, and I’m working on certifications on AI Governance as that’s something I think helps with knowledge of new areas plus compliments without redundancy.

Based on your self image You should pick either Security engineering or security architecture and do that super well for three years before switching(sure elements of both are there but focus will get you depth you won’t get otherwise you can then broaden as you go deep into the other).

As you’ll be in a SoC you’ll probably be doing a fair bit of response unless they put you into the build and operate.

With enough time you could do both concentrations, but I’d state with engineering and only move to do architecture later if appropriate.

Viewer II

Hi all, 


Does anyone know anything about the future of the concentrations? 


Last year the comunity was debating about it


anyone has some clarity? 



Newcomer I

I have chosen to take ISSMP concentration after CISSP. Here are the reasons:

  1. Compare to other certs around which many focusing deep to technology, CISSP and ISSMP altogether looks more well-balance between technology and stakeholder management.
  2. There is around < 2000 ISSMP, < 2000 ISSEP and ~ 2000 ISSAP (per last year result), vs 48k+ CISM (per
  3. I am working in Hong Kong, and we have less than 30 people got this qualification and make it looks more prestigious.
  4. Ultimately no matter which business, you need to talk in the same language as the stakeholder, and for me ISSMP match to this objective.


Alvin Chan
CISSP-ISSMP, ISC2 Authorized Instructor, MCIArb
HAM Callsign: VR2XHY, M0HTW