CCISO vs CISM

Hello,

I've been working in InfoSec projects mostly on the side of managing them and in some cases, designing InfoSec solutions - but I believe this experience is not sufficient to get a CISSP

So I'm thinking of getting either CCISO (EC Council) or CISM.

CCISO seems to be a good option, since the waivers are more aligned with my education and certification (PMP), but I really haven't heard of CCISO. Besides, the certification is valid only for 1 year and you need to pay a yearly fee - $200 last time I checked it.

Thoughts? It seems that EC Council is a new player in the InfoSec certification market, while CISM has been there for years.

Thanks!!

Find more posts tagged with

Comments

paul78

Hello - and welcome to TE.

EC Council isn't really a new player but personally do not see much value in CCISO. It's a bit obscure. And it it targeted at CISOs. I think it's an interesting certification conceptually but that's about it.

Ultimately, it depends on why you want to hold a particular certification.

colemic

IMO you will get MUCH more mileage out of CISM than CCISO. Name recognition alone makes this a no-brainer to me, even aside from it being from EC-Council. (That's a while other discussion.)

megablue

Thanks everyone, I'm under the same impression re: CCISO.

My goal is to hold a certification to focus my career in InfoSec projects. I may doublecheck the eligibility requirements for CISSP, but the first time I read them, there are too many technical details I haven't worked directly with in my projects, that's why I decided to pursue a CISM or CCISO (no longer in question).

Re: CISSP, I may still take the exam and if I pass but can't list enough experience, I would still be happy with being an Associate of CISSP (don't recall if that's the correct name).

GoodBishop

The one person I know who had a CCISO got it because he could grandfather in. He didn't see much value in it, actually.

EasyPeezy

The C|CISO is gaining in popularity... and as a matter of fact, I am looking to take the plunge myself.
I do have other InfoSec certifications however no other certification prepares you for the role of a CISO. While there is an overlap with CISSP and CISM etc. in certain areas, no other certification covers STRATEGIC PLANNING AND FINANCE, which is essential knowledge if you were ever to be or plan to be a CISO.

I would give a definite thumbs-up to C|CISO.

TechGuru80

If you don't have the experience to get the CISSP, how are you going to get the CISM?

CISSP requires 5 years experience, while CISM requires 5 years experience including at least 3 years infosec management experience.