CISM Questions + Work Experience?

Hello,

I am kinda interested in the CISM. If the start up I am involved with fails, my back up plan is to get into Infosec Management. I just passed the CISSP exam last week and awaiting the endorsement process to get approved. I have several some questions:

1. Once I get the CISSP, I will just need to have a minimum of 3 years of management experience correct? If so, would lead for desktop support team count (14 people were under me)? It was for a large government contract and all sorts of security related tasks. Dealt with classified information, implemented PIV card authentication for entire user base, worked with the SOC and Security teams almost on the daily basis etc.

2. My current role I just have 1 person under me since it's a small/new start up. Would that count as work experience?

3. What are your thoughts on the ROI for the CISM for someone with CISSP? Do you think it is really worth it in terms of $$$ and marketability? I already know 3 people making 180-225k with CISSP being their highest cert. Also, I am very good with people and have experience dealing with a senior government officials and millionaires most of my adult life. That is why I am on the fence if the CISM is even worth it. Love to hear your thoughts!

Thanks!

Find more posts tagged with

Comments

cyberguypr

In regards to #2 keep in ind that this cert does NOT require experience as a people manager. it just requires experience managing security processes.

TechGuru80

True...never calls out managing people..."minimum of three years of information security management work experience".

In the government, CISM probably won't mean much but you could toot your horn a little more for having it. Outside of the government where COBIT and other related stuff is used it could be more valuable. To be honest why not just try to get it and be done? It's not like it will take years to read the book and you are already in the mindset from the CISSP...and the exam isn't that expensive.

ZzBloopzZ

TechGuru80 wrote: »

True...never calls out managing people..."minimum of three years of information security management work experience".

In the government, CISM probably won't mean much but you could toot your horn a little more for having it. Outside of the government where COBIT and other related stuff is used it could be more valuable. To be honest why not just try to get it and be done? It's not like it will take years to read the book and you are already in the mindset from the CISSP...and the exam isn't that expensive.

Ah, good call. I am in the DC area so everything here is mostly government related. Even though it may be pretty achievable to get I don't want to waste my time with it if there is no ROI. Don't want another annual fee and CE's to maintain for nothing.

andrewi1

Even though you work for goverment, a lot of government contracts are now requiring 8570 compliance...and CISM is not a part of that requirement list.

http://iase.disa.mil/iawip/Pages/iabaseline.aspx

ZzBloopzZ

andrewi1 wrote: »

Even though you work for goverment, a lot of government contracts are now requiring 8570 compliance...and CISM is not a part of that requirement list.

http://iase.disa.mil/iawip/Pages/iabaseline.aspx

Except for CNDSP Manager (The last box in bottom corner)

andrewi1

Meant to say now*** a part of that list. Good ol' typos.