C|CISO : Your views...

EasyPeezy

I am toying with the idea of doing the C|CISO certification... I have been to the EC-Council site and read all that it contains with regards the certification, I am just keen to hear from anyone that has taken the journey or intends to.

What books did you read?
How did you find the course?
Was it worth it?
What was the exam like?

wayne_wonder

Do you need it for work or is it just to scratch a personal itch? I ask because you have all the main Certs especially here in the UK

636-555-3226

It would probably look good on a resume, but having reviewed a few EC-Council materials (esp. the smaller-scale, non-CEH ones), I've ticked the mental checkbox to never take a EC-Council exam (perhaps except for the CEH since it's asked for on about every job posting anymore next to the CISSP). I can't speak at all towards their CISO exam since I've never seen the material, but the other subjects I've reviewed were basically made by someone who spent a month Googling (using Google India) random security topics and copied and pasted random bits of websites and PDFs into their study materials. The "original" material that is actually written by someone is basically a summary of things they didn't want to copy and paste. That "original" material was always full of grammar and spelling errors made by what appears to me at least to be someone who writes English at an elementary school level. I actually got disgusted with some of the material to the point that I told my people they can take an EC-Council cert if they want, but I won't use it as any type of performance review booster.

Again, I've never seen their CISO materials, so I can't tell you what to expect with them. I only know what I've seen firsthand with other materials. Seeing that you have your CISSP, CISA, and CISM, you may be sorely disappointed with the quality of the material you might receive from EC-Council.

That said, it'll probably at least look good on a resume to people who don't know any better. You'll also get varying opinions from people here. Some people are unhappy with the quality of the material (as you can tell I am), others will say there are some diamonds in the rough. The choice is yours!

EasyPeezy

...a personal itch? Maybe...
Having CISSP, CISA and CISM one would have thought that was enough to work as a CISO...!!! However, I do find a lot of milage in Domain 5 of the course. It's a knowledge one might never have unless you have done an MBA or a business degree and its one that is not covered by any other certification.

Domain 5 of the CCISO program is concerned with the area with which many more technically inclined professionals may have the least experience, including:

• Security Strategic Planning
• Alignment with business goals and risk tolerance
• Security emerging trends
• Key Performance Indicators (KPI)
• Financial Planning
• Development of business cases for security
• Analyzing, forecasting, and developing a capital expense budget
• Analyzing, forecasting, and developing an operating expense budget
• Return on Investment (ROI) and cost-benefit analysis
• Vendor management
• Integrating security requirements into the contractual agreement and procurement process
• Taken together, these five Domains of the C|CISO program translate to a thoroughly knowledgeable, competent executive information security practitioner.

colemic

While that may be, the fact that it's EC-Council alone is enough of a deterrent for me. And I'm a CISO.

EasyPeezy

colemic wrote: »

While that may be, the fact that it's EC-Council alone is enough of a deterrent for me. And I'm a CISO.

Interesting...

JazzPilot56

EP, did you ever take the C|CISO course / exam? I was casually considering it myself. Mostly because my consideration that it might be a good summary of my other (ISC)2 and SACA certifications.