Firstly. congrats on the pass. Now on to the rambling

ISSAP and even ISSEP material can be covered almost exclusively by experience with design and architecture experience (building networking, systems, interconnections). Another one of the reasons why I always tell people to learn everything from the ground up not solely web based stuff, not solely pentest stuff, but as much as one can from the barebones level to the higher end. It helps. The only gripe I would have about ISSAP and ISSEP is the range of companies that even look for these, mainly gov.

Anyhow, since ISSAP focuses on the 50k foot view from the architectural scope, I would think the decent studies would come from understanding content from SABSA, TOGAF, OBASHI and the other boring organizations along with some {DIA,DITS}CAP content. I am tempted to sit the exams but 1) I dislike ISC and all their nonsensical politics 2) I dislike some of the board 3) dislike shirt and ties 4) I'd rather play with a Rubiks cube than Excel spreadsheets

What was the exposure of those mentioned frameworks (SABSA, etal)? Are you planning ISSEP?

I should mess with ISC and nominate myself then have all my friends nominate me for their ISLA awards (awards.isc2.org)

 
For someone who is not interested in isc2 you know a lot about them 

If you'll get nominated it won't be a surprise, unless you put the dog face on the nomination picture. We, the eh-neters, will support you  (dog face or not)

Interesting.

Now, that you started the subject, can you tell us you opinion about ISACA and SANS? 

Thank you very much for the input! Much appreciated!

In the same time any security certification (GSEC, CISSP, CEH and even Security+) is better than no certification. I have a deep appreciation for the SANS certifications, but as you said they are expensive, and not everybody can afford them.

Also, as you mentioned, you are "playing" in a different league, and my post was mostly for the regular security pros. 

Why he does not answer for CEH? We NEED his appreciation....

Nah its all good Personally I think the comment will answer any question anyway. I just did an interesting "Partial Pentest" at a financial house's videoconferencing/VoIP infrastructure. Monda/Tues/Wed. Partial because they did an OMFG and called a time out. Requester: Snake Oil "the boogeyman is coming" CRISC, CISSP, CEH *yawn* *yawn* *somecert* guy. Guy was almost screaming at his staff about uber hackers getting in the front door via video and VoIP until I clarified his voodoo BS. Reality, sure you can get owned, not coming from the outside with this set up. Here is how and why.... Total time to figure that out... 10 minutes after being thrown on their network on their own laptop. (zero tools for me to really use) Have to go back up for the full gamut of testing now including their internal.

Moral of the story. BigVoodooScary security manager cried the sky was falling cause he wanted him and his friends to be able to do testing running at the castle with an overly insanely huge tree trunk (noisy, bulky tool testing omg I run Core Impact + Metasploit + Nessus against the perimeter, Look at all these false{neg/pos} and he shot himself in the foot. Cert bodies like the two mentioned by impelse... They won't teach you the ropes. They will show you a whole bunch of spiffy shiny noisy teenybopper tools from the 1970s but they won't go further than that. They won't show you how to be discreet, exact, use intuition, the protocols behind it. That's all they are.

Now for anyone else wondering what I sometimes mean by contained environments, this was one of them. Because the manager responsible for getting me access on the network (network manager, takes care of NAC crap) was unavailable and I had approval the work  around to get it done was to improvise. Solution? Told the director, well we have authorization, if you wanna see what I mean I can show you on your laptop (he made ultimate decisions). Experience + intuition = problem solver. By the way, VoIP/Video = same poop, diff day/ Its all data. You can sniff it, redirect it, etc, etc