SSCP or CISM

MaszynaMaszyna Registered Users Posts: 3 ■□□□□□□□□□
So I'm looking towards opening my InfoSec career, but I'm struggling which exam to take as first. From the beginning my career was like:
1. Wintel admin (with securing the environment) - 3 years
2. Wintel Service Delivery Manager - 1,5 years
3. Wintel Technical PM - 0,5 year as a secondment
4. Quality & Compliance Consultant acting as Change & Risk Manager (working with WAST/OWASP tools). Supporting Network & Security Operations Teams - 1,5 years
5. Standards Manager - 1 year working with various standards (i.e. ISO 27001)

I have a strong process (ITIL) & improvement (Lean) background within a big Pharma company, and now I'll be leading three Customer Support teams which are far from security. But I know that in the new position it could be possible for me to switch to InfoSec, and I hope that official cert will help me with this.

Any advice is highly appreciated.

Comments

  • wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    Do you want to go down the Technical route or the more Governance and Compliance route? SCCP is more technical and leads to Sec Analyst roles and CISM is more managerial and policy driven
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    I generally self-promote my thread at

    http://www.techexams.net/forums/security-certifications/113328-what-information-security-certifications-should-i-get.html

    SSCP & CISM are two totally different worlds. Entry-level vs. experienced. I recommend starting small (such as SSCP) to get your feet wet before moving on to the bigger boys (like CISSP or CISM).
  • MaszynaMaszyna Registered Users Posts: 3 ■□□□□□□□□□
    Do you want to go down the Technical route or the more Governance and Compliance route? SCCP is more technical and leads to Sec Analyst roles and CISM is more managerial and policy driven

    As you probably saw I've moved out technical roles and was involved in policies and management stuff for the last 4 years. My question is related more on from which certificate should I start. I'm not interested in technical stuff, but I'm not 100% sure I will be able to fulfil all CISM requirements.
  • wayne_wonderwayne_wonder Member Posts: 215 ■■■□□□□□□□
    You thought about taking the Cissp? if you want to move away from a Technical role you'll have more chance of getting that and if you have a ccna or mcsa for example that takes a year off and you'll only have to have 4 years experience which you have covered and then some
  • MaszynaMaszyna Registered Users Posts: 3 ■□□□□□□□□□
    I have few MCSA/MCSE on my plate, and now my role is strictly managerial with security background. I'm not doing any tech activities since 2013...
  • beadsbeads Senior Member Member Posts: 1,523 ■■■■■■■■■□
    Look deep into the actual requirements and get back with us. Are you comfortable asking someone to vouch you have 3 years of active IT Security Manager experience?

    CISM has that odd requirement.

    -b/eads
  • TongyTongy Member Posts: 234
    I have SSCP and did the CISM as my next cert. I wouldn't say that it was the normal way of moving higher in Infosec, but it's how I roll :)

    There is virtually no similarity between them and as a strategic path... Which mine was not.... It doesn't follow.

    I liked SSCP and think that it's a much underrated certification, however the next leg up after it if you want to get into the upper levels of Infosec would be its bigger, badder bruv the CISSP.
Sign In or Register to comment.