SSCP, CISM or CISSP

PeterHands

Hi all,

I have completed the Sec+, CEH and a couple others. Im about to start a new post is Information Security Manager. Im just looking at the next stage and deciding which cert to take.

Any suggestions on either of SSCP, CISM or CISSP??

Thoughts much appreciated

CryptoPunk

It depends on years of your real world experiences I would say. If you have only 1 year (lets say) of experiences it is useless to take CISM and go for SSCP intead. (just my opinion). Anyway, if you don't have 5 years (or 4 after waiver) of work experiences within 2 domains you can only be ISC2 associate. I think that it is similar with CISM with the need of 5years of managerial experiences.

Cyberscum

CISSP hands down for ROI.

Mike7

CISSP. If you do not have the required years of experience, you can still be Associate of CISSP and have up to 5 years to convert.

And CISSP gives 2 years waiver off CISM's 5 years experience requirement, which you will be ready to take after a few years of working.

PeterHands

I have 7 years experience in InfoSec, but this is my first managerial role

danny069

CISSP then CISM, no SSCP, in that order lol

Tongy

I have followed/am following:

Security+ ---> SSCP ---> CISM ---> CISSP

It's probably not the best way, but the CISSP is the "daddy" of Infosec certs (still) - after that who knows!

636-555-3226

CISSP first, then CISM after you've got some more manager experience under your belt. Skip the SSCP.

jt2929

Mike7 wrote: »

CISSP. If you do not have the required years of experience, you can still be Associate of CISSP and have up to 5 years to convert.

And CISSP gives 2 years waiver off CISM's 5 years experience requirement, which you will be ready to take after a few years of working.

*Associate of (ISC)2

Mike7

jt2929 wrote: »

*Associate of (ISC)2

My bad.
Anyway, link at https://www.isc2.org/how-to-become-an-associate.aspx

Just curious, how does someone who is an Associate use the title, something like this?

CISSP (Associate)

jt2929

Mike7 wrote: »

My bad.
Anyway, link at https://www.isc2.org/how-to-become-an-associate.aspx

Just curious, how does someone who is an Associate use the title, something like this?

CISSP (Associate)

Nope. Someone who is an Associate should only state that they are an Associate of (ISC)2. They are not allowed to mention CISSP, or any other certification until the endorsement has been received.

bpenn

The official title you can use is "Associate of (ISC)² working towards CISSP" if you want to mention the CISSP. At least, that's what it says on my ISC profile

TechGuru80

danny069 wrote: »

CISSP then CISM, no SSCP, in that order lol

Agreed...if you are already in management, I do not think you will get much value from SSCP.

For CISM you have to have 5 years of InfoSec plus 3 years InfoSec Management (within the last 10 years or acquire within 5 years from passing). However, CISSP seems to be more in demand and you could get endorsed right away since you have the experience.

Mike7

Suggested study timeline.

Take CISSP exam by H1 2016.
Apply for endorsement (from 2 to 6 weeks).
Join ISACA.
Register for June CISM exam in April (early bird and member discount)
Take CISM exam in June.
Apply for CISM endorsement using CISSP cert for 2 year experience waiver.
Celebrate!

Others: read TE forum threads for great exam study material and tips. Contribute to the community.

At least that is what I did this year .

danny069

Mike7 wrote: »

Others: read TE forum threads for great exam study material and tips. Contribute to the community.
At least that is what I did this year .

So that's what some of your censored C's are

Mike7

danny069 wrote: »

So that's what some of your censored C's are

Oops!

jt2929

bpenn wrote: »

The official title you can use is "Associate of (ISC)² working towards CISSP" if you want to mention the CISSP. At least, that's what it says on my ISC profile

I'm pretty sure you can't even mention that you are working towards CISSP. I'll have to dig up where I read that. Maybe (ISC)2 changed their policy too.

bpenn

This what it says for me when I passed the CISSP but havent been endorsed.

TechGuru80

bpenn wrote: »

This what it says for me when I passed the CISSP but havent been endorsed.

Yep from my understanding the big issue is claiming you have a "CISSP" instead of saying Associate.

Mike7

TechGuru80 wrote: »

Yep from my understanding the big issue is claiming you have a "CISSP" instead of saying Associate.

So in order to get through HR filter, put "Associate of (ISC)2" followed by "leading to CISSP" in smaller fonts.

Totally legit. And better than "attend CISSP course" or "purchase CISSP book". 😃

camerono808

LOL at Mike7s post. Go hard on the CISSP, then just take your sweet @$$ time with everything else. Just my 2-cents.

jt2929

Here is the official guidance for those who become Associates of (ISC)2: https://www.isc2.org/uploadedfiles/(isc)2_public_content/legal_and_policies/logoguidelines.pdf


"Associates of (ISC)² are NOT certified and may not use any Logo or description other than
“Associate of (ISC)²”. Under no circumstances may they identify which exam they have
successfully passed or use any Logo, other than “Associate of (ISC)²”, in any manner. Failure to
abide by this rule may result in the candidate being prohibited from ever attaining any (ISC)²
certification."

Mike7

Hmm...
So to be totally legit and still get through HR filters, put Associate of (ISC)2 under Certifications followed by footnote.

(ISC)2 is a non-profit organization which specializes in information security education and certifications such as the CISSP, CSSLP, CCSP.




This forum thread has really gone off on a tangent.:) Back to the original question

PeterHands wrote: »

Any suggestions on either of SSCP, CISM or CISSP??
I have 7 years experience in InfoSec, but this is my first managerial role

PeterHands have sufficient experience for CISSP endorsement.
He should do CISSP first followed by CISM.

Robertf969

Whats funny is that if you are in the military and in an IAT/IAM 3 position and aren't a CISSP but are a Associate of (ISC)2 it states: Associate of (ISC)2 - CISSP in your profile.