SSCP or CISM

So I'm looking towards opening my InfoSec career, but I'm struggling which exam to take as first. From the beginning my career was like:
1. Wintel admin (with securing the environment) - 3 years
2. Wintel Service Delivery Manager - 1,5 years
3. Wintel Technical PM - 0,5 year as a secondment
4. Quality & Compliance Consultant acting as Change & Risk Manager (working with WAST/OWASP tools). Supporting Network & Security Operations Teams - 1,5 years
5. Standards Manager - 1 year working with various standards (i.e. ISO 27001)

I have a strong process (ITIL) & improvement (Lean) background within a big Pharma company, and now I'll be leading three Customer Support teams which are far from security. But I know that in the new position it could be possible for me to switch to InfoSec, and I hope that official cert will help me with this.

Any advice is highly appreciated.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

wayne_wonder

Do you want to go down the Technical route or the more Governance and Compliance route? SCCP is more technical and leads to Sec Analyst roles and CISM is more managerial and policy driven

636-555-3226

I generally self-promote my thread at

http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html

SSCP & CISM are two totally different worlds. Entry-level vs. experienced. I recommend starting small (such as SSCP) to get your feet wet before moving on to the bigger boys (like CISSP or CISM).

Maszyna

wayne_wonder wrote: »

Do you want to go down the Technical route or the more Governance and Compliance route? SCCP is more technical and leads to Sec Analyst roles and CISM is more managerial and policy driven

As you probably saw I've moved out technical roles and was involved in policies and management stuff for the last 4 years. My question is related more on from which certificate should I start. I'm not interested in technical stuff, but I'm not 100% sure I will be able to fulfil all CISM requirements.

wayne_wonder

You thought about taking the Cissp? if you want to move away from a Technical role you'll have more chance of getting that and if you have a ccna or mcsa for example that takes a year off and you'll only have to have 4 years experience which you have covered and then some

Maszyna

I have few MCSA/MCSE on my plate, and now my role is strictly managerial with security background. I'm not doing any tech activities since 2013...

beads

Look deep into the actual requirements and get back with us. Are you comfortable asking someone to vouch you have 3 years of active IT Security Manager experience?

CISM has that odd requirement.

-b/eads

Tongy

I have SSCP and did the CISM as my next cert. I wouldn't say that it was the normal way of moving higher in Infosec, but it's how I roll

There is virtually no similarity between them and as a strategic path... Which mine was not.... It doesn't follow.

I liked SSCP and think that it's a much underrated certification, however the next leg up after it if you want to get into the upper levels of Infosec would be its bigger, badder bruv the CISSP.