CISM Experience requirement - clarification?

jonwinterburnjonwinterburn Member Posts: 161 ■■■■□□□□□□
Hi all,

I've begun studying for the 2015 CISM exam, aiming to take it in September. However, I've hit a potential snag in the experience requirement which I need some clarification on.

On this page: How to Become CISM Certified it says "Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas."

I have 15 years' experience in IT with several of those in InfoSec. My experience was enough for me to become certified as CISSP. In my current role, I perform InfoSec management, but my title is InfoSec Analyst. I am not a manager per se, as in I don't manage a team. But I do manage projects, including projects that are ordinarily managed at management level, like ISMS and policies. My goal is to move into actual InfoSec management of teams of analysts. Achieving CISM is part of this plan. However, I am concerned that the minimum 3 years "information security management" experience is specifically requiring me to be a manager in title. If so, then I am out of luck. I understand I can pass the exam and then become certified later - as long as I achieve the 3 years within 5 years of passing the exam. But what if I don't get an official management role in time? I'd have to take the exam all over again.

So you can see my quandary. Any ideas?




Sign In or Register to comment.