Just received email from ISC2 Member support about the acceptance of the endorsement and award the ISSMP Concentration Designation on 13 Jan 2020.
Just share the timeline a bit, just in case any of you are in the queue/middle for endorsement review.
I took the exam on 25th Nov 2019.
Submitted the endorsement on 27th Nov 2019, got the result today.
So it's still within the end of week 6 timeline to get the result of review and mark an end for this "waiting" process (for now until the next certification).
Patience is virtue and this is worth waiting for.
@Kaity Thanks for your prompt reply on my certification enquiry.
What was your study regime for others to think about doing the same?
Basically i am taking CISM and ISSMP at the same time last year, one day apart with the each other, ISSMP first and followed by CISM the next day. There are a lot of overlapping areas/domains between these 2 exams.
I took last couple of days before the exams and performing very intensive exercise over the Official CISM QAE from isaca, going through 800-900 QAE (i did not complete all of them, all is about 1,000+) and also study Official (ISC)² Guide to the ISSMP CBK, Second Edition, focusing on Domain 4 and Domain 5 which is not fully covered in CISM domain or unique to ISSMP.
The key point is not to remember the question and answer, but as a mental exercise to think if you were in that situation, why you should take this approach but not the other choice and understanding what's wrong (or not the best) with the other choices.
Everyone has their unique knowledge and experience, but what work for me, may not work for the others.
Overall, i think ISSMP is not difficult (to me), comparing with the other exams that i had (CISSP, CCSP or ISSAP), where i have spent much time in preparing those.
The ISSMP overlaps the CISSP, but simply goes into more depth and expects that you've read the references at the end of each CBK. Strangely, I found it more of a practitioners exam, as you'll find you've read at lot of those references during your generally IT and InfoSec work over the years.
Yes, I do agree there are overlaps with CISSP, as the title describes, it's a concentration within CISSP and expected more in depth focusing on the security management perspective. (where ISSAP focus more on infrastructure, application, design, SDLC and cloud related)
Rather than going to chapter by chapter and reference by reference, i went through official sample test (eg. CISM) and got around 70% correct without reading any study guide or reference, therefore my approach for ISSMP is focusing on the areas which I am not certain and refresh (or clear out) those.
Honestly work experience in general IT, infoSec and mangerial experience over the last decade definitely help for me.
I'm interested in hearing about your "intensive exercise" with the CISM QAE. I've been treating the book like a huge exam, and marking my failures / progress along the way. The book doesn't really lend itself to study, but I'm doing the best I can with it.
edit: P.S. to say congratulations on ISSMP!
I will agree the book itself does not lend to study.
I think it depends how do you use the material/book. Let me share a bit how I am using QAE in general. (Basically is how I am using practice question in all exam preparation in similar way, not just applicable to the QAE, but QAE give a more detail explanation instead of just right or wrong)
I was using the physical book version of QAE, so not the online database.
Honestly getting the right answer is not important in this process (I got roughly 80% correct, but % does not really matter, because you don't expect the same question appear on the exam even though it may, then it's a bonus provided that you have done it and remember).
I spend 1-2 minutes in answering each question (in each domain), and regardless of right or wrong, I spend another 1-2 (or maybe even 4-5) minutes in understanding the choices (by looking at the explanation given) and also will ask myself
By doing this process, it will cover a much wider range of topic and knowledge which will be helpful for exam prepare perspective (or at least building your own self confidence / or destroying your own self confidence, either way).
if I have really miss some topic and term (you know when you are answering the question), I go back to study the specific section of related domain to dig in more or google a bit to gain more knowledge.
The last mock test is really up to you.
Hope this help.
I took the test twice haven't passed I didnt think the test was hard at all. It was very practical questions. I need to get more professional experience I would assume. If anyone has any resources that you used it would be beneficial.
Glad to see you're persevering with obtaining the ISSMP (I assume you're talking about the ISSMP and not the CISM).
Have you checked the suggested references list for resources?
You should have been given your proficiency level for each domain when you previously took the exam, so I recommend obtaining some references from that list that will help you plug any knowledge gaps.
Many of the references can be downloaded for free from the Internet (and not just the NIST ones), or failing that can be purchased in used condition at little cost from online bookstores.