Skip to main content

Clarke Moyer CISSP-ISSEP Certification Passing Guide

⚠️ Prerequisites: You must already hold an active CISSP before pursuing the ISSEP concentration. This is not a standalone certification — it requires an existing CISSP in good standing.

BLUF: To pass the CISSP-ISSEP, do 4 things

  1. Create a public contest with someone to complete your ISSEP (or another certification) before they complete a similar educational goal. Accountability and competition work — even if you lose the race, you both win.
  2. Audio-first. The ISSEP domains map tightly to the Systems Security Engineering (SSE) process — listen while walking, driving, or doing tasks. Absorb the framework before you start grinding practice questions.
  3. Practice tests are the mechanism. ISSEP-specific test banks are slim, but work what you can find. Run through everything once, then re-run only your wrong answers until zero remain. Then simulate full test conditions until you’re consistently above 90%.
  4. Don’t over-study. When you’re over 80% on official prep, schedule and sit. The CISSP you already hold is strong context for this exam — trust it.

The CISSP-ISSEP concentration is awarded by ISC2 to active CISSP holders who demonstrate mastery of Systems Security Engineering. If you work in defense, government, or any environment where security must be engineered into systems from the ground up — this credential is a natural next step after your CISSP.

I earned my ISSEP on November 6, 2019 (License: 393607). By the time I sat for it, the CISSP framework was already second nature. The ISSEP is narrower in scope but deeper in its focus on systems engineering — the SSE-CMM, the RMF, and integrating security into the full acquisition and development lifecycle.

Timeline & Context

I’ve found the most sustainable way to stay sharp is to set one educational objective per year and make it public — usually as a friendly competition. The ISSEP came out of a year where I needed to validate my Systems Security Engineering depth to align with IASAE III requirements. It was a logical progression from my CISSP and mapped directly to work I was already doing.

The ISSEP doesn’t require a new study regimen from scratch. If you’re already a working CISSP in a security engineering role, you know more than you think. The exam rewards applied knowledge more than memorization.

Books / Materials

ISC2 CISSP-ISSEP Official Study Guide

The official ISC2 study guide for the ISSEP concentration. Covers the ISSEP CBK domains: Systems Security Engineering, Certification and Accreditation (C&A)/RMF, Technical Management, and U.S. Government Information Assurance Regulations. This is your primary reference for the concentration material beyond the CISSP baseline.

ISC2 CISSP-ISSEP Official Study Guide

CISSP-ISSEP Practice Tests ← Must Find

Dedicated ISSEP practice test books are limited compared to CISSP. Search for what’s current — the landscape changes and newer resources appear regularly.

Search: CISSP-ISSEP Practice Tests on Amazon

💡 Use Your CISSP Materials Too

The CISSP All-in-One Exam Guide (and its audiobook) contain significant ISSEP-relevant content. If you’ve already worked through that material for your CISSP, you have a head start. See the CISSP Certification Guide for those resources.

The ISSEP Domains

The ISSEP exam covers four primary domains:

  1. Systems Security Engineering (SSE) — The core. SSE process, SSE-CMM, applying security across the system lifecycle.
  2. Certification & Accreditation / RMF — The Risk Management Framework, C&A processes, NIST SP 800-series integration.
  3. Technical Management — Engineering management, project management for security engineering efforts.
  4. U.S. Government Information Assurance Regulations — FISMA, DIACAP/RMF history, relevant legislation.

If you work in DoD or federal IA, domains 2 and 4 will be very familiar. Domain 1 is where most candidates need to focus their study time.

Test Strategy

The same method that works for the CISSP works here — adapted for the ISSEP’s narrower scope. Practice test banks are smaller, so you’ll exhaust them faster. That’s fine — run through everything, isolate your wrong answers, and re-run until clean. Then simulate full exams until you’re consistently over 90%.

The ISSEP is a concentration exam — it assumes CISSP-level knowledge as a baseline. Don’t re-study CISSP fundamentals. Focus on the delta: the engineering process, RMF depth, and government IA frameworks.

This page contains affiliate links. As an Amazon Associate I earn from qualifying purchases. Product links help support this site at no extra cost to you. See Affiliate Disclosure.

← Back to Certification Guides