Boot Camp

(ISC)² CISSP-ISSAP® Training Boot Camp

Take your CISSP to the next level by earning your ISSAP concentration. The ISSAP builds on your CISSP knowledge and validates your expertise in developing, designing and analyzing security solutions.

4.3 (233 ratings)

Get certified, guaranteed

About our (ISC)² CISSP-ISSAP® Training Boot Camp

  • 90-day extended access to Boot Camp components, including class recordings
  • 100% Satisfaction Guarantee
  • Exam Pass Guarantee
  • Exam voucher
  • Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
  • Knowledge Transfer Guarantee
  • Pre-study learning path
  • Unlimited practice exam attempts

Award-winning training you can trust

Wistia video thumbnail

What you'll learn

Training overview

This four-day Information Systems Security Architecture Professional (ISSAP) Boot Camp is focused on teaching you the management of security programs and the ins and outs of security architecture. You’ll learn the technical aspects of security architecture, including identity and access management, infrastructure and application security, governance and compliance, security operations and security architecture modeling.

This boot camp not only teaches you the nuts and bolts of the security architecture, it prepares you to successfully pass the challenging (ISC)² ISSAP exam, one of three “concentration areas” for CISSP holders extending the CISSP common body of knowledge.

Before your boot camp


The CISSP-ISSAP requires a candidate to be a CISSP in good standing and demonstrate two years of professional experience in at least one of the six CISSP-ISSAP domains.


Training schedule

Domain 1 – Architect for governance, compliance and risk management
  • Determine legal, regulatory, organizational and industry requirements
  • Manage risk
Domain 2 – Security architecture modeling
  • Identify security architecture approach
  • Verify and validate design (e.g., functional acceptance testing (FAT), regression)
Domain 3 – Infrastructure security architecture
  • Develop infrastructure security requirements
  • Design defense-in-depth architecture
  • Secure shared services (e.g., wireless, e-mail, voice over internet protocol (VoIP), unified communications (UC)
  • Domain name system (DNS), network time protocol NTP))
  • Integrate technical security controls
  • Design and integrate infrastructure monitoring
  • Design infrastructure cryptographic solutions
  • Design secure network and communication infrastructure (e.g., virtual private network (VPN), internet protocol security (IPsec), transport layer security (TLS))
  • Evaluate physical and environmental security requirements
Domain 4 – Identity and access management (IAM) architecture
  • Design identity management and lifecycle
  • Design access control management and lifecycle
  • Design identity and access solutions
Domain 5 – Architect for application security
  • Integrate software development life cycle (SDLC) with application security architecture (e.g., requirements traceability matrix (RTM), security architecture documentation, secure coding)
  • Determine application security capability requirements and strategy (e.g., open source, cloud service providers (CSP), software as a service (SaaS)/infrastructure as a service (IaaS)/platform as a service (PaaS) environments)
  • Identify common proactive controls for applications (e.g., Open Web Application Security Project (OWASP))
Domain 6 – Security operations architecture
  • Gather security operations requirements (e.g., legal, compliance, organizational and business requirements)
  • Design information security monitoring (e.g., security information and event management (SIEM), insider threat, threat intelligence, user behavior analytics, incident response (IR) procedures)
  • Design business continuity (BC) and resiliency solutions
  • Validate business continuity plan (BCP)/disaster recovery plan (DRP) architecture
  • Design incident response (IR) management

Meets 8570.1 requirements

Attention DoD Information Assurance workers! This boot camp helps meet U.S. Department of Defense Directive 8570.1 requirements for department employees or contractors engaged in work related to information security.

Guaranteed results

Our boot camp guarantees

Exam Pass Guarantee

If you don’t pass your exam on the first attempt, get a second attempt for free. Includes the ability to re-sit the course for free for up to one year (does not apply to CMMC-AB boot camps).

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Unlock team training discounts

If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.

Enroll in a boot camp

  • May 30, 2023 - June 2, 2023

    Online only

    Exam Pass Guarantee
  • August 1, 2023 - August 4, 2023

    Online only

    Exam Pass Guarantee
  • October 24, 2023 - October 27, 2023

    Online only

    Exam Pass Guarantee
  • January 23, 2024 - January 26, 2024

    Online only

    Exam Pass Guarantee