cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gidyn
Newcomer III

Future of CISSP Concentrations?

Anybody haven an inkling what ISC2's plans are for the CISSP Concentrations? The exams are still being updated, but the CBK books haven't been updated for many years, and there doesn't seem to be much interest in the market.

5 Replies
rslade
Influencer I

Re: Future of CISSP Concentrations?

> gidyn (Newcomer II) posted a new topic in Exams on 12-01-2020 11:10 AM in the (ISC)² Community :

> Anybody have an inkling what ISC2's plans are

Nope ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Being honest may not get you many friends but it'll always get
you the right ones. - John Lennon
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
gidyn
Newcomer III

Re: Future of CISSP Concentrations?

Follow-up question: When are ISC2 going to become more transparent, so we don't have to ask for rumours to answer such basic questions?
AlecTrevelyan
Community Champion

Re: Future of CISSP Concentrations?

What do you mean by their plans?

 

Both the ISSAP and ISSEP exams have been updated very recently (Oct 2020 and Nov 2020 respectively) so they're certainly not going anywhere. Based on the typical 3-year exam update cycle a new ISSMP exam should be due next year.

 

While it's true to say the respective CBKs have not been updated for a long time, ISC2 do offer online training courses for the Concentrations: https://www.isc2.org/Training/Online-Self-Paced (NB - currently the ISSEP course is not running presumably due to it being updated to reflect last month's exam changes.)

 

Also, the suggested reference list is kept up to date for all ISC2 exams and would be my recommendation for study material: https://www.isc2.org/certifications/References

 

You say they're not being transparent - I say you're not looking in the right places for the information!

 

I do think ISC2 don't do enough to promote the Concentrations, but I suspect that's due to them holding rather cushy mandatory status for certain US federal roles - where the ISSAP and ISSEP are concerned they are the only certifications that qualify you for IASAE level 3 roles.

 

Outside of the US federal job market, even where I live in the UK, more and more jobs are listing Concentrations in their requirements, but you're right they're not as widely recognised as they should be especially when you consider there's not that much competition out there.

 

TOGAF is generic Enterprise Architecture and not security specific. SABSA is great and is pure Enterprise Security Architecture but you have to take their courses to be eligible for the exams, and they're largely unknown outside of the UK and Australia.

 

For specialist Security Engineering there's basically nothing else out there. I know some people will point to INCOSE and their certifications, but again they are not security specific, and again have next to no recognition in the general job market.

 

Of course on the Security Management side you do have CISM as a viable alternative to ISSMP.

 

gidyn
Newcomer III

Re: Future of CISSP Concentrations?

Nice to hear about more jobs are listing Concentrations in their requirements - I didn't know that.
My concern was triggered by CCFP getting cancelled for not meeting some unspecified guidelines, which ISC2 refused to elaborate on. How many people have to take the concentrations, for them to continue meeting the secret guidelines?
Renewing the exam is a good sign, but may be a false positive. If they have a rule that exams must be renewed every 3 years, that's an automatic process which doesn't stop them announcing EOL the next day.

The lack of study materials is a real problem, with ISC2's training materials being exorbitantly priced. The reference list is great, for someone with time to read dozens of books ... a good CBK or equivalent combined with some self-study is what I need.
AlecTrevelyan
Community Champion

Re: Future of CISSP Concentrations?

The wording around the CCFP being made inactive mentioned "adoption rates compared to similar credentials in the market":

 

https://community.isc2.org/t5/Exams/Is-the-ISC-2-CCFP-Certifcation-totally-dead-or-will-it-be/m-p/56...

 

As I mentioned there really isn't much out there in terms of comparison to the Concentrations.

 

More importantly, the US federal requirements I mentioned before will ensure they remain as part of ISC2's certification line up for the foreseeable future.

 

In terms of being able to read a single book and then considering yourself to be a specialist that really isn't how I believe it should work.

 

Even when the CBKs were current people used to complain they didn't cover everything they needed to know for the exam, so you were always encouraged to supplement your knowledge and experience by studying additional references - this is true of all ISC2 exams. 

 

If you really want to study for a Concentration, read the exam outline, identify any gaps in your knowledge and experience, choose books from the suggested reference list that will help you plug the gaps.

 

I spent an average of 70 hours' study on each of the Concentrations, and I think that's about right - not so much to be too onerous, but not so little that it would effectively make earning them trivial.