Good day everyone. I am proud to announce that I have passed the CISSP ISSEP certification. The exam was very challenging and prepping for this exam taught me a lot. I was mentally exhausted by the time the examination ended. These are the references I used: CISSP Certified Information Systems Security Professional Official Study Guide Edition Information Assurance Technical Framework 3.1 by National Security Agency Information Assurance Solutions Technical Directors. (Sep, 2002). (Chapters 1-7) ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation by ISO/IEC. Publisher: National Information Assurance Partnership. (Dec, 2017). NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012). NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018). NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative. (Mar, 2011). NIST SP 800-40, Rev. 3, Guide to Enterprise Patch Management Technologies Murugiah Souppaya, Karen Scarfone. (Jul, 2013). NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020). NIST SP 800-61, Rev.2 Computer Security Incident Handling Guide NIST SP 800-64, Rev 2. Security Considerations in the System Development Life Cycle NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014). NIST SP 800-100 Information Security Handbook: A Guide for Managers NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh. (Sep, 2008). NIST SP 800-128 Guide for Security-Focused Configuration Management of Information Systems NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018). NIST 800-160, Vol. 1 Rev 1, Engineering Trustworthy Secure Systems NIST 800-160, Vol. 2 Rev 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information System and Organizations by Jon Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol. (Apr, 2015). FIPS 199/200 A Guide to the Project Management Body of Knowledge (PMBOK Guide), 7th Ed. by Project Management Institute. Publisher: Project Management Institute. (Aug, 2021). PMBOK 7th Edition Tutorial (FREE Course! PMBOK Guide 7th Edition Masterclass) by Alvin the PM https://www.youtube.com/watch?v=-KsyLQ4xWtE Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document https://apps.dtic.mil/sti/citations/ADA393329 Good luck to anyone in pursuit of this exam! View More

Hey all -  I was thinking about dipping my toe into the waters on ISSEP.  Has anyone taken the cybrary.it ISSEP course?  Was it beneficial?  I don't suspect it is nearly enough to pass ISSEP.   Thanks! View More

Provisionally passed the ISSEP.   Background: 4xISACA, 2xISC2, 2xGIAC,1xIAPP certs. 35 years in the industry.   I always give myself 3 months to study for an exam, I first did the official ISC2 online training (i.e. watched the videos) to get a feel for the course/certification. After that I did the training exam. Then I spent about 1.5 of the 3 months to read all the material. Stopped reading about one week before the exam.   I spent the bulk (80%) of the time reading NIST 800-160, NIST 800-37 and IATF 3.1. I did not read PMBOK or INCOSE at all (except the incose PDF-document that was linked in the course).   I normally use pocketprep but it was not available for ISSEP, tried cccure and udemy practice exams but it felt like those very made for an older version of the exam and the content did not align with the ISC2 course. So I used the training exam instead.   I found the exam very hard, I was convinced I had failed. View More

What is the value of the ISSEP for anyone outside of the US? I hold both the ISSMP and ISSAP certifications and was planning to take my ISSEP exam at the beginning of December. I started reading and studying from the limited resources I could find. However, I can’t understand the relevance of this exam for me, as it seems very US government-centric.   I appreciate that this is an engineering concentration and needs to be based on some formal material, and the NIST standards fill this gap. But why is it so US government-focused? Why can’t it be more generic, encompassing good engineering security practices and the SDLC processes laid out in the NIST documents? This approach would make it more accessible and relevant to people outside of the US and the US government.   Is anyone else choosing not to take this exam because it's too US-focused? View More

Hi, I have failed the exam 2 times. The 2 times common below proficiency is Domain 4 System Implementation, Verification, and Validation. Does anyone have any suggestions for studying this domain? Thanks!   View More