Certification Advice - New to Security

Hi,

Does anyone have a certification suggestion for a certified project manager (PMP) from the telecommunications industry (21+ years technical 6 management) who is now being asked to manage security related projects?

I work for a large telecom company that is moving heavily into managed security services and security outsourcing. As a PM I do not need to be a SME (they will be part of the project team), nor do I have the inclination for highly technical roles.

I am considering

Security+
GSEC
CISA (my manager suggested it)

Any others for someone who is management focused?

Thanks

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

fuz1on

I think Security+ is really beneficial for someone who has the technical know-how to transition into an infosec role by building foundational, security-specific best practices. Of course, I'm just talking about my own personal experience and how the doors were opened for me lately. Also, I'm all for GIAC and ISACA certifications too (especially if your work pays for them). If you do try for the CISA, become an ISACA member so you get discounts.

I pay for most of my certs myself so Security+ ($240) vs. CISA ($600) vs. GSEC ($1099) was a no-brainer in terms of cost and benefit.

CISSP, CISM and CASP are better but you said you don't need to be a SME.

dou2ble

I used to work for one of the Big 4 and managers are required to have CISSP or CISM. These are both non technical. CISM is more on the auditing side so I would say go for CISSP. CISA and S+ are for entry level, IMO. Not familiar enough with GSEC to recommend or not.

As someone who's been in security for a while and had to work my way up. PM's that didn't have an overall understanding of security, know methodologies and frameworks of how to implement security never got very far. And it was very frustrating to work for them. This is why I recommend the CISSP.

bigdogz

The CISA covers more of an auditing perspective whereas CISSP and CISM cover management and Information Security.

I have not taken the GSEC but if your work will buy the training then I would suggest you go for the GSEC.
If not, go for the Security+ then hit the CISSP. Most people who have passed the CISSP and took the CISM and passed with ease.

Good Luck!

docrice

The GSEC is relatively technical and the coverage is rather broad. If you're not very technical, this class might feel overwhelming and I'd be unsure of its applicability to your specific need. However, information security can require understanding scenarios in a contextually-dependent manner and you need to have some insight in regards to operational realities as well as general theory and mindset. I do not believe the CISSP itself goes in detail enough for someone to be aware of potential subtleties that make a difference because it doesn't seem to have exposure of the "in your face" dynamic nature of threats and risks (at least in the way the GSEC does, although not as much as other SANS courses). I've only casually studied for the CISSP, however, so I'm not all that qualified to make that comparison.

Note that the GSEC itself is a semi-starter level certification (beyond Security+ for sure), but it's more broad than deep-focused on specific subsets of security domains. Sometimes you don't need to have that in-the-trenches knowledge, but sometimes not having awareness of some of the smaller details might leave you detatched from reality.

Remedymp

But, the perks of being ISACA is that the community charter is one of best technology organization I ever had the opportunity to join. Attend maybe five average meetings or conferences a year regionally and nationally and the learning experience is refreshing.

Check out their Security Nexus.

dou2ble

Remedymp wrote: »

But, the perks of being ISACA is that the community charter is one of best technology organization I ever had the opportunity to join. Attend maybe five average meetings or conferences a year regionally and nationally and the learning experience is refreshing.

Check out their Security Nexus.

Agreed. And much better than ISC2 community in my area.

seltaeb

GSEC is the best for new for IT Security, because it has all material about security from the basic