Help me figure out my next Cert?

First off, this community is great and thanks for taking the time to read my post and provide some input/guidance.

Current Background: ~4 years experience doing IT audits and security work. Not especially technical and not really interested in digging too deep into that. Currently I've passed the CISA and CISSP exams. Current position involves A&A/NIST/RMF duties.

Where to next?:Not sure. Probably a management/small team lead type role would be next. Eventual goal would be some type of senior security officer involved with managing a security program.

What certs?: I'm considering C|EH, CISM, CISSP-ISSMP, CRISC, ITIL, CCSP.

C|EH - I'm currently going through the material just to become familiar with it, but not planning on pursuing the certification.
CISM - is well recognized, I don't think my experience fulfils the requirements for that yet.
CISSP-ISSMP - isn't very well known and asked for by employers but seems comparable content wise to CISM and I meet the requirements.
CRISC - seems like it would be useful, but not sure how much perceived value to employers if carries and if it fits with my career progression. (nice to have but not required type of thing)
ITIL - seems interesting but really havn't looked into it too much. Don't think it would take a lot of time to pass the foundations exam
CCSP - lots of organizations have moved to the cloud and think this would be a great additional to my skills/knowledge base

Any thoughts/advice on which cert to go for next?

Find more posts tagged with

Comments

bpenn

Curious, have you been endorsed for your CISSP yet? I ask because you have the Associate level listed. On topic of next cert, I would pursue ITIL if you are loooking at managing a small team in the future. ITIL Foundations can at least provide you with some best practices to follow and learn terms associated with them.

Have you considered GIAC certs? I know they are expensive but maybe your employer would consider paying?

Oh, what about the ISO/IEC 27001 ISMS Lead Auditor? I dont know much about that one but it sounds relevant to your career progression.

soccarplayer29

Thanks for the feedback!

I have not been endorsed yet (need another month of experience to be eligible for endorsement).

Yeah, I think ITIL would be a good one to get and have under my belt. I've considered GIAC and SANS training but employer isn't interested in coughing up the money for that unfortunately.

I'm not familiar with the ISO 27001 lead auditor and that's not something I've seen on job postings associated with my path but I just read up a little about it and it seems relevant but just not sure how valuable that is.

Right now I'm thinking ITIL and maybe some one of CRISC/CISM/CCSP down the road....any thoughts?

bpenn

I am in the same boat with you regarding experience for endorsement, except I need 3 more months. I think ITIL should be your next cert but also consider taking a cert not for resume power but for the knowledge and potential growth it may give you. With CISA, CISSP, and experience, you may have all the pull you need. Any extra certs are just icing on the cake.

CISM would be the ideal next goal but I am not sure the experience requirement for it.