Advanced Certification Guidance
bokos
Member Posts: 14 ■□□□□□□□□□
Hello,
Long time visitor of these forums. Over the years, I've gained some great knowledge from everyone here. This is my absolute go-to place to look for my next opportunity for technology-related certification. Today, I come to you guys (and gals) with an issue that has really been throwing me for a loop. This issue is where I go next with respect to security certification. For the first time, I feel like I've run into a wall and really unsure of what my next certification should be.
I currently hold valid certifications in the following: CISSP, CISA, CISM, CCSK, CIPM (IAPP), and CIPT (IAPP). I'm very interested in the security management and privacy practices of organizations. I've never been a huge fan of vendor certifications (i.e. Microsoft and Cisco) as I like to have a "broad" scope when approaching these certifications and prefer not to be tied to a vendor, even if they have a strong market share. Furthermore, I recognize that EC-Council, specifically CEH, has a strong marketing budget and appear in the DoD certification matrix. However, I'm uncomfortable with how, over the years, they've approached their certification practices.
So, to those who stumble upon my thread, Please help me. Where should I be looking next?
Thank you.
Long time visitor of these forums. Over the years, I've gained some great knowledge from everyone here. This is my absolute go-to place to look for my next opportunity for technology-related certification. Today, I come to you guys (and gals) with an issue that has really been throwing me for a loop. This issue is where I go next with respect to security certification. For the first time, I feel like I've run into a wall and really unsure of what my next certification should be.
I currently hold valid certifications in the following: CISSP, CISA, CISM, CCSK, CIPM (IAPP), and CIPT (IAPP). I'm very interested in the security management and privacy practices of organizations. I've never been a huge fan of vendor certifications (i.e. Microsoft and Cisco) as I like to have a "broad" scope when approaching these certifications and prefer not to be tied to a vendor, even if they have a strong market share. Furthermore, I recognize that EC-Council, specifically CEH, has a strong marketing budget and appear in the DoD certification matrix. However, I'm uncomfortable with how, over the years, they've approached their certification practices.
So, to those who stumble upon my thread, Please help me. Where should I be looking next?
Thank you.
Comments
Microsoft: Didn't see anything of interest. I don't believe it's beneficial to go after their MSCA/MSCE designations.
Cisco: Didn't see anything of interest. They, of course, have their security concentration, but I don't think that would compliment what I have thus far.
ISACA: Only two certifications left in their portfolio (CRISC, CGEIT). These may work. Little frustrating that they still do their exams on paper and only twice a year.
(ISC)2: Don't believe CSSLP will do much for me. Same goes for CAP. There are the CISSP concentration and the CCSP.
SANS: These are off limits for now, unfortunately. Great material, great certifications, however I'm on my own at the moment with respect to paying for exam fees. These are super expensive.
Edit: Nevermind, skipped over the GIAC/SANS part.
Thanks for the responses thus far.
Little bit of a draft list for me --
ISACA - CGEIT, CRISC
(ISC)2 - ISSAP, ISSEP, ISSMP
IAPP - CIPP/E, CIPP/C
I think that fluency in multiple frameworks like these, beyond what you just pick up along the way, could be very useful at the higher, more abstract level you seem to prefer.
The CRISC also seems like an obvious choice, and there are others aimed more at CISO level. There's also the new ISC2 CCSP, which seems like an obvious bandwagon to jump on. It seems to be the first serious Cloud Security certification available.
Thank you for your guidance. I've actually thought about getting the PMP certification, on and off, for many years. At one point I had an approved application in PMI's system and had purchased Rita Mulcahy's book to start preparation. Upon further reflection, I felt it was a very heavy non-technology certification to have for a security guy. Also reading some of the book, the material was extremely boring and dry to me. I actually enjoy reading technology and security materials, but when I got to project management text, it put me to sleep.
OctalDump,
Thank you for your guidance. Do you have some framework certifications in mind? When one looks at job postings, you see the typical "CISSP, CISM, etc. required," but the line below usually talks about COBIT, FISMA, or the NIST 800 series. I agree with CRISC. I think that could be a great one to add to the list. CCSP also looks very interesting but is a new release. Not a lot of training materials out there. Definitely on my radar, though. Do you have any other CISO-level certifications in mind?
Bryanthetechie,
Thank you for your guidance. This is actually a great suggestion. I was reading some materials by Chuck Easttom and ended up on his website looking at his CV. He has a bunch of certifications and work experience. What really stood out, however, was his teaching experience both in a formal university setting but also courses online and bootcamps.
I slept on it a bit and adjusted my draft certification list above slightly. Took off IAPP certifications and tightened up ISACA/(ISC)2. Now I have...
ISACA - CRISC
(ISC)2 - ISSAP, ISSMP
Connect With Me || My Blog Site || Follow Me