CISSP Passed : What should be the next Step: Advice Needed

sbilal

Hi All

I passed my CISSP on 12 April. What should be my next certification? I need some advice from you guys. CISM, CISA, ITIL, Cobit?

Please advice. I want to be a security expert by holding the Management's ladder.
Thanks

successrealm

Really depends on your previous exp.

What have you done in the past that could help you in a mgmt role?
Do you like auditing? Have you done any that could warrant getting CISA?
Will ITIL really set you up for MGMT? (In other countries, it seems to benefit better than here in the US in some aspects)
COBIT could be a good step in governance.
Perhaps the CISM is your best bet?

(the future seems to be pointing to governance, compliance, security auditing, policies, et cetera.)


It all depends on what you have done, so a little more background on yourself, and what you like to do (tech or mgmt) would help us.

E Double U

There is no 'should'. Go for the certification that you are interested in.

sbilal

successrealm wrote: »

Really depends on your previous exp.

What have you done in the past that could help you in a mgmt role?
Do you like auditing? Have you done any that could warrant getting CISA?
Will ITIL really set you up for MGMT? (In other countries, it seems to benefit better than here in the US in some aspects)
COBIT could be a good step in governance.
Perhaps the CISM is your best bet?

(the future seems to be pointing to governance, compliance, security auditing, policies, et cetera.)


It all depends on what you have done, so a little more background on yourself, and what you like to do (tech or mgmt) would help us.

I have been in techical implementation and had 5 years exp. in implementing security infrastructure projects. I had CCIE sec in 2010. From last 3 years I am doing ISO 27001 , implementing security programs, VA and PT. I have total 8yrs exp. both in tech and IS.

ccnpninja

Congrats!

Mentality

I don't think I will be taking any more "managerial" exams like CISSP, one is enough.

I know I can't be an engineer my whole life, but management isn't my thing. Instead of ending up a manager I prefer something more like "consultant" or "architect".

I think I'll go all the way with the technical exams, I have cleared CEHv7 years ago, same for CCNA Security, Cisco Cyber Security Specialist and the 3 levels of the CIW Web Security track.

My upcoming roadmap will be: Security+, ECSA, CCNP Security.
GIAC.ORG has got some very interesting certs as well, and I believe they are equally difficult to CISSP, except they are technical. However, their exams cost $1000 each, so I will give it lots of thought before ever attempting one of those.

sbilal

Mentality wrote: »

I don't think I will be taking any more "managerial" exams like CISSP, one is enough.

I know I can't be an engineer my whole life, but management isn't my thing. Instead of ending up a manager I prefer something more like "consultant" or "architect".

I think I'll go all the way with the technical exams, I have cleared CEHv7 years ago, same for CCNA Security, Cisco Cyber Security Specialist and the 3 levels of the CIW Web Security track.

My upcoming roadmap will be: Security+, ECSA, CCNP Security.
GIAC.ORG has got some very interesting certs as well, and I believe they are equally difficult to CISSP, except they are technical. However, their exams cost $1000 each, so I will give it lots of thought before ever attempting one of those.

I have CEHv7, LPT , CCIE Security (in 2010) , ISO 27001LA already.

Cyberscum

Why not get an actual management job? That would be a good step towards management. It seems like you have the skillset and certs to land a role.

MelanieWatson

You can get qualifications in ISO 27001 by learning how to plan, implement and audit an ISO 27001-compliant ISMS:

ISO 27001 Certified ISMS Foundation Online Training
ISO 27001 Certified ISMS Lead Implementer Online
ISO 27001 Certified ISMS Lead Auditor Online Training