Showing results for 
Search instead for 
Did you mean: 

Inside (ISC)² with The (ISC)² Education Team

Showing results for 
Search instead for 
Did you mean: 

Inside (ISC)² with The (ISC)² Education Team

Inside (ISC)² with The (ISC)² Education Team

Community Manager

This is your chance to get Inside (ISC)² as leaders from our organization will be swinging by this Community to answer your questions. Joining us this month are five members of our Education team!  Please welcome…


  • Mirtha Collin – Senior Education & Training Manager
  • Stacy Mantzaris – Continuing Professional Education Lead
  • Chuck Gaughf – Professional Development Technical Content Lead
  • Kaitlyn Lagenbacher – Education & Training Professional
  • Tara Zeiler – Education & TrainingProfessional

The wonderful folks on our Education team are involved in many different areas at (ISC)2.  To name a few things that they work on and to give you some topic ideas for this session of Inside (ISC)2, this is the team that has been releasing the new Professional Development courses (like the GDPR course); they update the content in books, and study guides after any and all updates to exams/domains, and they keep on top of all updates to courses, including the new self-paced online courses. This is the team to talk to if you are looking to ask questions about professional development, find out how members are involved in course development or if are thinking about taking an exam and have questions on what educational offerings we have/are in the works. 

The Education team will be live, here on the Community, on Wednesday, October 31st, from 1:00pm to 2:00pm ET to answer any of your questions. 

Feel free to leave your questions or comments now, and the team will answer them when they are live on the Community. 


I have 2 questions.

1.  Are statistics collected for 1st attempt failures on certification tests and if so does the education group analyze what may be the cause?  I took the online CCSP course earlier this year.  I studied for my test in Aug and failed.  I used the text from the course as well as an ISC text purchased separately.  I was scoring in the mid 80% range on several practice tests.  I found that the type of questions on the actual test were not represented well in either the study material or the practice exam.  I'm not advocating for teaching the test but rather that the style of questions be aligned between practice and actual.


2. I submitted an application to be placed as an online CISSP instructor.  I have yet to hear back as to my status. Would you be able to explain the submission process with more granularity on your web site?

Newcomer I

Two quick questions,

1. Do you feel with the change to the CISSP going to CAT, even if the content is the same difficulty have you noticed a change in pass rate from test takers not having to deal with so much "brain drain?" Talking to many others with their CISSP it seems like they talk about doing the 6 hour test as a war story, compared to people doing that CAT it was no big deal.

2. Is there any plan to update the CISSP concentration books?

Community Manager

Thanks for posting your questions @gjohnson & @RobertWohllaib. Our Education team will be on the Community to answer them on October 31st at 1pm ET. We'll make sure to at mention you, so you get the answers to your questions right in your inbox!

I work for a large financial instutition in PCI and PKI.  I am recently CISSP certified.  I very much enjoy the validation of my skills that this certification provides.  Encryption is only becoming more and more important, is there any thought for PKI certification? 

Reader II

I am interested in obtaining the CISSP-ISSMP concentration. If the concentration will remain an option in the future (statements made at the Security Congress make me question this) would you consider hosting an ISSMP in-person training at Security Congress or perhaps even at the RSA Security? I might recommend that you send out a survey or communication to gauge the level of possible interest. You might be surprised.


I think one of the barriers to obtaining the concentrations is the lack of readily available training opportunities and study materials. I prefer in-person learning events - its my learning style. Also, its easier for me to block off two or three days specifically dedicated to training than to self-study over weeks or months. Offering an ISSMP training at Congress or RSA would help me reach my goal of obtaining the ISSMP sooner. Also, a training before a conference is easier to justify to my boss than two separate events.

Viewer II

CISSP-ISSAP online training comment/feedback:


I took the CCSP training course over a year ago and it was constructed well so, I expected the same level or better from a concentration course. I was extremely disappointed. I discourage others from purchasing this training.


I expected great detail in the domains and insight to architecture professionals experience. I was expecting to fill gaps in my experience in preparation for the certification test. There's barely any video instruction (maybe 20 minutes worth). It is basically text based information. It should have just been a digital book and sold for $100 not $1995.


The flash cards and end of domain questions were not challenging like the ones presented in the CCSP course. I don’t expect the same questions as the test. I expect just as challenging questions that could be on the test.


Companies like Microsoft have partnered with to deliver classes and entire programs at low to no cost. Given how “behind the eight ball” we are having enough trained security people, do you plan to do the same? While I appreciated the fine (and often expense) learning options, many cannot afford them.  Can you help bring more low cost training alternatives, that have substantial CPE value? 

Viewer II

Hi ISC2 Education Team, 


Could I know if ISC2 is looking into replacing the CCFP or equivalent?

Given the numerous incidents happening this year.

In my own personal opinion, it should either been reinstated or replaced with something equivalent.


Would like to hear ISC2 thoughts.


Thank you.

Community Champion
> DanTechMan (Viewer) posted a new comment in (ISC)² Updates on 10-30-2018 09:26 AM in the (ISC)² Community :

> Companies like Microsoft have partnered with to deliver classes and
> entire programs at low to no cost. Given how “behind the eight ball” we
> are having enough trained security people, do you plan to do the same? While
> I appreciated the fine (and often expense) learning options, many cannot
> afford them.  Can you help bring more low cost training lternatives, that
> have substantial CPE value? 

There is, of course, no reason that we, the *actual* community, cannot create a
training resource here on the "community" which is available to all members (and
even non-member aspirants). A number of us have been attempting to provide
our advice and assistance on a piece-meal basis. All it would need is a bit of
structure and promotion ...

(Remember, almost all posts and topics here are readable by the general public, and
even searchable on Google ...)

====================== (quote inserted randomly by Pegasus Mailer)
If one ever wishes to retain one's fantasies about the good sense
of the people in the realm of literary taste, one does best never
to consult the bestseller lists. - Joseph Epstein
Viewer II

Hello,   We have been told all year the 5th edition of the official CISSP CBK would be released this year. Its now 4th quarter 2018 and the book still has yet to be released. I wanted to know the precise release date for this book, cost and how many pages will it be.

(ISC)² Team
(ISC)² Team



Hello and thank you for your questions and feedback, we really appreciate you taking the time to reach out.


With regard to your first question.


The Education Department does not receive data on exam pass rates.  In fact, ANSI regulations require that we keep a rigid separation between education and exams.  Education uses the exam outline to create course content and we don't have access to exam question content or information regarding format.  We are, however, developing new ways to help our members prepare for exams by creating and deploying different types of practice question/quizzes.  We have some new tools and moving forward we will be exploring the use of drag and drop, scenario based, and sequencing questions, among others.


With regard to your second question.


I am so sorry that you did not receive a response regarding your interest in becoming an instructor.  


I will have our delivery team reach out to your directly and share information regarding the process. 


Please let me know if you have additional questions.



@StephenChandler There are no current plans for a certification on PKI as PKI really is embedded in many of the domains of our current certifications.  Having said that, I can see a focus on PCI or general PKI ,from a professional development standpoint, being very beneficial to our membership. PKI, especially for those that are not involved in it on a daily basis can seem daunting even though it is embedded into so much that we do. I think this could be an excellent candidate for our series of courses "for members, by members". We are constantly looking at our membership to see what types of education and professional development will be valuable to our members, and PKI is truly fundamental to so much that our members do on a day to day basis.  

(ISC)² Team
(ISC)² Team



Hello.  Thank you for your questions.


With regard to your first item. 


Unfortunately, the education team cannot comment on exams.  ANSI requires a separation between the education and exam groups.  We can certainly pass your query along.


With regard to your second item.


We recently launched self-paced courses for AP and EP, with MP coming soon.  I encourage to take a look at one of those offerings. 




(ISC)² Team
(ISC)² Team



Dan we have partnered with Coursera to deliver our SSCP training through their platform and are now making Professional Development courses free to members.  I would like to invite colleagues to provide information on upcoming Professional Development opportunities. 

@rslade We are constantly evaluating ways to deliver education to our members that is low-cost and easy to consume. You may have already seen materials about new free courses and resources we are starting to provide our membership at no cost. This new initiative which just recently received funding is starting to take shape and we have a course on GDPR, with courses on DevSecOps and Security Culture on the way. You are absolutely correct that this should be a community driven effort. One of the things I’m working on going into 2019 is using our education efforts to spotlight our membership and help drive some of our education efforts. Personally, I think the community is great place to offer assistance but I’m hoping to leverage this platform to promote and find members interested in sharing what they know and to actually develop courses that will be shared with the membership.
(ISC)² Team



Hello and thank you for your question and feedback regarding ISSMP. 


We are currently in the process of creating an ISSMP Self-Paced course which should be ready by Q1 2019. In regards to an in-person training at Security Congress, we are exploring options for a 2-day course. 

Viewer III

I would like to take the sscp exam but since I do not have the 1 year experience, I need to take the Associate exam. Where can I find the study materials for the associates exam? 

(ISC)² Team



Thank you for your question. We are in the process of updating the CISSP CBK and hope to have it available shortly. In the meantime, the fourth edition of the CISSP CBK has great content and is still relevant. Thank you for your continuous support! 

(ISC)² Team


Hi Dan - we are very excited to inform you and the membership that we have begun developing new professional development course for members that provide rich CPE opportunities at no cost for members.  The courses are and will be self-paced and delivered online via our LMS.  Last month we launched GDPR for Security Professionals: A Framework for Success (8 CPEs) and will be launching within the next 60 days Building a Strong Culture (4 CPEs) of Security and DevSecOps: Integrating Security (5 CPEs) into DevOps. GDPR is already loaded into your My Courses on the LMS.  Simply log into with your member credentials and click My Courses in the upper right-hand corner. You will see the GDPR course. This course is worth 8 CPEs and again is free to all members.  As we develop courses we will notify members and automatically load them in your my courses.  This is a great opportunity to earn your CPEs at your own pace.  Also we want to hear what topics you would be interested in learning more about.  


(ISC)² Team
(ISC)² Team



Freddy there is not a separate Associate exam.   You would prepare to take the SSCP exam and then have time to earn the requisite work experience. 


More information regarding the Associate program can be found here:


Information regarding SSCP training materials can found here:

@133r I agree that forensics is an extremely important discipline in our field. Keep in mind there exists a separation from certification and education. Speaking from a purely educational standpoint there are huge opportunities to train our membership on forensics and how forensics is important to their role in an organization. We want to hear from our members about what type of learning they want from us. We produce surveys and focus groups to determine what topics are of the most importance to our members. Forensics in particular is not something that is necessarily easy to learn from a book but instead through hands-on interactive learning and labs. If you are a subject matter expert in the particular discipline, please reach out to us and learn how you can help influence the type of education and training we can provide in this domain.
(ISC)² Team
(ISC)² Team




It looks like we might have communicated with you about this before, but we appreciate you providing us with additional feedback. Hearing comments about our training can only help us to improve.



Community Manager

That's it for this month's Inside (ISC)² with the Education Team. We want to give a BIG Thank you to all of our participants and the folks on the Education team who helped answer all of these awesome questions. 


If you have any further questions, please feel free to post a comment here or in one of the other boards in the Community. We are also looking for feedback from all of you on what courses you want to see from (ISC)² and also what topics you want to be covered in them. You can comment below with any suggestions! 


Happy Halloween everyone!

Newcomer III

How do I find out about/find currently available free training like the Active Shooter and GDPR courses recently provided?


So far, I have found them very valuable and with to continue - not loosing out on anything that may be available.

(ISC)² Team

@Daniel-Nash1 Thank you for your question around our new CPE offerings and wanting to learn more on how to know when they are available.   We notify members when the courses become available via email.  Please make sure you update your contact preferences to receive the email communications with information on how to access the courses.  To update your preferences simply login into our website with your member credentials, go into My Profile, select Contact Preferences and check (ISC)2 continuing education and professional development and (ISC)2 member offers and discounts.  This will ensure that you receive notifications via your email address associated with your membership.  Thank you again for your question.  We look forward to rolling out more CPE opportunities.


Newcomer I

It seems nobody here has raised any comments on the ISC2 GDPR course yet. I enrolled in the course and have enjoyed it so far, finished like a quarter but still have quite some way to go. This is certainly a nice course and in my opinion is more detailed and insightful compared with some GDPR video course I paid elsewhere. I think it is rather engaging and I like the way the immersive exercise takes a role play approach to applying the concepts in a life-like setting. The most important part - it's a nice thing that ISC2 members get to enroll for free. A great way to incentivize management on ISC2 membership!


I have a few comments and questions though.


  1. I saw a blog mention that for non-ISC2 members the course is available at a cost. I just looked and is it USD720? It would be nice to have someone else at the company (especially those in charge of GDPR) to review it, and they are not ISC2 members.
  2. After I finish the course, for how long can I access the course? It makes a lot of sense to review it periodically to refresh understanding by reviewing it, and I would certainly miss if I could no longer access the course materials when it is over. And does the "retained access" arrangement here differ between ISC2 members vs paid, non-ISC2 members who enroll in the course?
  3. The embedded video clips are hardly playable for me. The MP4 files are large, download is unbearably slow (I am in Asia by the way) and it keeps buffering every like 10 seconds.The only way I could really watch those videos is to trigger the play, then download the MP4 for watching offline at the browser. But still, for like an 8 minute video it took more than 30 minutes to download the MP4s in its entirety. No wonder it keeps buffering endlessly! Hope ISC2 (or the underlying vendor) considers serving these on CDN (even though that likely comes at additional cost). On the other hand, I don't really have issues with BrightTalk-served videos. It only happens to MP4 directly embedded in the training course.
(ISC)² Team


Thank you for your message and the positive feedback on the GDPR course.  To answer your questions: 


1. Availability of the course - the course will remain in your My Courses for as long as the course remains relevant.  We fully expect to update this courses best on changes in the regulation and/or best practices we are hearing about that would be relevant to the course.  Members will always have the latest version of the course available to them. 


2. Non-members - The course is for sale for non-members at a price of US $720.  Those interested in purchasing the course should visit - the course is listed under professional development.  The course is a member benefit and only free for members and associate members in good standing. 


3. MP4 Files - Thank you for bringing this to our attention.  I will work with our production team to explore other solutions. 


So you know we are launching 2 new courses before the end of the years.  DevSecOps: Integrating Security into DevOps (expected release date November 30) and Building a Strong Culture of Security (expected release date December 21).  Both courses will be free for members and available in your My Courses as soon as they developed.  


Again thank you for the positive feedback on the course. 

Newcomer I

I previously reported difficulty accessing your videos in your GDPR training. Afterwards, I apparently sighted improvements as well as with a few later free ISC2 courses as well. But the issue came back today on the new "Building a Strong Culture of Security" course for me. When I was done waiting endlessly for the buffering, I went back to the old method of saving video offline and confirmed it took me more than 10 minutes to download a 58 second video! In case your team hasn't really made any enhancements yet, that's fine. Otherwise, just would like to let you know the problem apparently returned. Also, the videos delivered in that course no longer come with captions (the option of turning it on). Was that intentional?

(ISC)² Team

@cbkihong Thank you for your message referencing the videos on the new Building a Strong Culture of Security course.  Yes, we are working on a solution to correct the issue and hope to get that resolved quickly.  Also please be advised that we will have captions for the videos available shortly.  We apologize for the inconvenience.  Hopefully you are finding the course to be a valuable professional development opportunity.  Thank you again for your candid feedback.