The concentrations (ISSAP, ISSEP, ISSMP) require a valid CISSP, which itself requires 5 years of experience, and 2 years of experience in one of the covered domains.
Do the 2 years of experience have to be AS a CISSP? In other words, could someone with 5 years of experience in security engineering become a CISSP and as soon as their membership is confirmed, then take the ISSEP exam and receive that certification as well?
@Cyberfreak That is a great question! To hold any of the three CISSP Concentrations, one must first hold the CISSP certification. Once you have obtained the CISSP, you may sit for any of the concentration exams. The work experience is not required to have been earned during your CISSP cycle dates. This can be work experience earned prior to obtaining your CISSP certification.