Re: Passed the ISSEP -Two Weeks Ago

kyle942 · ‎01-31-2025

If you are reading this, you are starting the journey to get your ISSEP, and I earned my CISSP-ISSAP back in 2018, a requirement for work as a DoD Civilian.

I used the ISC2 self-study course, which was expensive, but the E-Learning Book has content similar to the exam and a practice exam that provides the reason the answer was wrong or correct after you do the practice exam.

The learning course is based on the theme of a security/system engineer in a company, so you get a 360-degree concept of best security and engineering practices.

Kyle

nkeaton · ‎01-31-2025

Congratulations, twice. I believe the main reason that I passed my ISSEP in 2023 was my familiarity with NIST documents. I read the ones that I was not familiar with as well. Having a CGRC is really good preparation. I passed my ISSMP last July. I am considering the ISSAP but is definitely my weakest discipline of the 3. If I remember correctly, the ISSAP and ISSEP training were updated, but the ISSMP was not. I know that there is a BrightTalk webinar about it which is good for a CPE.

XavierD · ‎04-03-2025

Which NIST documents did you use to prepare?

nkeaton · ‎04-03-2025

@XavierD I don't know about them, but I used the ISC2 recommended NIST references. I did not read the ones that I knew very well.

ervinfrenzel · ‎08-09-2025

I have already taken and passed both the ISSMP and ISSAP, I self studied for both. I used the ISC2 "adaptive" study material to prep for the ISSEP, I found the material was not even close. I failed my first attempt yesterday, how long has it been since the study materials were updated to how many updates of the exam?. Are there better recommendations for prepping for this one. I have served/worked in the industry since 1989 so I am fairly familiar with most RFC's, NIST SP, etc.

As this one is such a rarity, not sure if anyone is even monitoring these questions or responses. Thank you.

nkeaton · ‎08-09-2025

@ervingrenzel I am sorry to hear that. Timing may be your biggest issue. The exam objectives changed August 1 on all 3 exams. So the training probably didn’t match the exam. I only know for sure on the ISSAP that it went from 6 domains to 4. The only “good” thing is that believe that ISC2 opens the training back up if fail. An ISC2 announcement here said new training was available if remembering right. Heck of a practice exam though. Best wishes on your next attempt.

illegalcereal

I have taken the exam before (under the pre-2025 format) and am scheduled to take it again soon. I have been using the new adaptive self-paced course, like you. My question to you: Is Common Criteria still being asked about? I am hearing that Common Criteria is on the exam, yet it hasn't been on the outline for years.

desireebrandsma

I remember I had one question about the common criteria in my (failed) attempt.

ervinfrenzel

I wouldn't count common criteria out, I saw a little of it as well. I also would check out the SEBOK (Systems Engineering Body of Knowledge) specifically understand the Security Design Principles and LDSE (Loss-Driven Specialty Areas). As far as common criteria goes, it might be there is an expectation of understanding as it has been around for so long.....