Ok, so as I am going through the content - I do not see much of the architectural content that I experienced on the exam.  I did up a graphic some time ago, please disregard the CSE or COB as it represents either a computer science or business track (I was formerly a professor and still teach today), which still holds true today (as near as I can tell):

I will also say the the most recent ISSEP seems to cover much more of what I would expect from the ISSAP track. I am open for anyone else's take on the graphic as well.

Respectfully,

Ervin

Understood, have you tried the training for it?  I am going through the EP training again myself - not sure if it is going to help.  I can understand the need for the specializations, as I am heavily involved in those communities as well.  I haven't done any of the ISACA certs simply because of their annual maintenance fee schedule - but then again, I didn't do more than two from ISC2 because of the same reason.  I didn't have a desire to pay fees every single month between CompTIA, ISC2, Cisco, EC Council, and others.  I had the CISSP and HCISPP for years, then recently as I went to establish a school chapter - I opted to go after the others.  I had backed off of ISC2 certifications for quite some time, only going after the "CC" as I was encouraging my student body to do so (act of solidarity with them).  I can only talk to the ISSAP from pre-August 2025, it was very strategic basic. 

Use the INCOSE SEH to help clarify the two roles and help with the mind shift, it helps as it talks to both.  Otherwise SP 800-160,161r1, and 171 work well.  I also rely heavily upon the ISO frameworks - think TOGAF, Sherwood, etc. for assistance.  Good luck on it, it sounds like Architecture for me was much like Engineering for you.

I've been going through the new self-paced training (purchased August 8th, 2025) - finishing off Domain 4 today.

It seems light compared to all of the other self-paced training material I've purchased from ISC2 for all my other certifications - I only have 3 more to complete then I'll have all ISC2 9.  (Remaining EP, AP and SSCP).

My kids purchased the 2005 book for me for Christmas..."Official (ISC)2® Guide to the CISSP®-ISSEP® CBK® ((ISC)2" last year - I don't think I'll be touching this one... since there's been so many updates since 2005 for NIST, INCOSE and PMBOK.

I plan to focus on using the following support material:

• NIST SP 800-160 Volume 1 (Rev1, 2022) - Engineeing Trustworty Secure Systems
• NIST SP 800-160 Volume 2 (Volume 2 - 2021) - Cyber Resiliency Enigneering
• NIST SP 800-37 (RMF), REV 2 (2018)
• NIST SP 800-161 (C-SCRM) (Rev 1 (2022) with errata (2024).
• INCOSE Systems Engineering Handbook (5th Editon (2023))
• PMI PMBOK (Seventh Edition from 2021)

@mangopudding   Did you receive an eTextbook with your purchase?  I know that there have been some issues with that.  I did read the CBK mentioned before I started actual study.  It gave me a historical context with no stress because knew that most of it was not testable.  I was very familiar with NIST SP 800-37 and 53 but read the other NIST documents.  I did not read anything from PMI or the others.  I really only used NIST documents.  I had a CGRC (CAP at the time earned it (which helped am sure) already.  This is what ISC2 recommends:  https://www.isc2.org/certifications/references#ISSEP   Again I only read the NIST documents that was not familiar with.  Best wishes.  

It's funny that you mentioned that on the eTextbook.  I didn't even know it was included - nor the Study Questions ebook.  I ended up purchasing the two and then finding out I already had it.  🙂  I submitted a request to get a refund or a credit for future stuff.

For the ISSEP, getting into the right mindset - we need to think like a systems security engineer.

Structured, lifecycle mindset: requirements -> design -> build -> verify -> operate -> dispose.

Answers should follow engineering discipline, traceability, and mission assurance.

Like an old school rigid project manager using the waterfall methodology in project management.

Brings back old memories of the Microsoft Operations Framework, Microsoft Solutions Framework (now I feel old).

Mangopudding,

I did my second attempt today - it was even stranger than the first.  It was closer to the original training through - so I may have to unlearn some of what I studied for based upon my first experience.  However, since it is adaptive, no telling how much it will change (depending upon the adaptive).  I've got to wait another 60 days - I've never actually failed a test twice, but like you I set my goal at all certs - so going for it.

Good luck, I'll try reading the ISSEP book again.

Ervin

I normally don't have a problem, thinking like a systems engineer.  I've been doing it for some time, reviewing the CSSLP might help as it seems to cover much of the content and ISO/NIST content to discuss.  Anyway, I have a 60 day cool off period to reengage the content and figure out what I did wrong.  I am also relooking the publications in case I over studied.  Not that I have ever been known to over think something - I did get into about quite a few ISO's and NIST pubs for this one - so I can realistically say it may be my fault.

Ervin

@ervinfrenzel   I would not recommend reading the CBK again.  The ISSEP was kind of specially set up for NSA so has a very different history than the others.  The documents discussed in that CBK are no longer valid or in force.  It is a good historical document but can't think of anything testable in it.  I do not have a CSSLP so am not sure if is helpful.  I am very familiar with most of those NIST documents and do hold a CGRC and know that those helped me.  I think that I told you that I seem to have zero problem thinking like an engineer or manager (in ISC2's view) but am not sure that I am able to adjust to thinking like an architect.  Not sure why.