Value of CISM for Job Hunting?

jax7

I am curious if there are any CISMs on the message board that can weigh in on the value of the CISM when looking for a job. To put this in context, I am talking about jobs that would be posting for "CISSP, CISM, CISA, CEH, etc..." I realize everything is relative to a resume and the exact job description.

In a nut shell, I am approaching 25 years working in the technology space with at least ten cumulative years directly working in information security going back to 1999. When not working directly with security, I have been specializing in networking and more recently with cloud/SDN technologies.

I have 10+ years working in technical management roles and otherwise have held individual contributor roles at the expert level. I have tried to keep this varied so I could have a credible resume for either type of role in the future.

I am currently working for a network/security vendor in a pre-sales technical role and this allows me to work from home with some travel. In the future, I would like to find a similar arrangement although my goal is not to be a traveling consultant who spends most of every week on the road. I imagine that rules out incident handling roles, for example.

I have two CCIE certifications going back to 2001, ten years with the CISSP, a JNCIE from 2004, VCP4-DV, VCP6-NV, and most recently the AWS CSA Associate.

Any advice?

Thanks in advance.

cbdudek

There are 3 areas that all employers look at.

1. Experience
2. Education
3. Certifications

Experience will always be king. Sounds like you are good to go here.
Education is important especially as you move up the ladder. That 2 year or 4 year degree will open doors.
Certifications like the CISM, CISSP, and so on will also open doors for you.

In this job market, having all three areas shored up are key. If you are weak in one area, then make it stronger. So when you ask is the CISM going to help your job hunt, it will help you out. How much help are you anticipating though. You have the experience to back it up, and with your CISSP studies, you should be able to pass the CISM as well. A lack of education may hurt more than not having the CISM though. Once again, it all depends. All you can do is work on all three areas and make sure you are strong in all of them.

jax7

cbdudek wrote: »

There are 3 areas that all employers look at.

1. Experience
2. Education
3. Certifications

Thanks. This is very helpful because I've been avoiding my gap in education. I've been lucky it has not posed a problem for me so far and might have gotten a bit too comfortable in this area. I need to figure out an answer that makes sense given the cost in time and money vs. ROI. But, that's a whole different topic.

It does seem the CISM should be easy enough to just complete regardless of whether it really makes a difference.

dustervoice

Ive never been asked in any interview about my CISM... all conversations leads to CISSP so its difficult to say what the true value is in regards to getting a Job. Im sure it does help a bit if they are undecided between two.

EJMADELINE

jax7 wrote: »

I am curious if there are any CISMs on the message board that can weigh in on the value of the CISM when looking for a job. To put this in context, I am talking about jobs that would be posting for "CISSP, CISM, CISA, CEH, etc..." I realize everything is relative to a resume and the exact job description.

In a nut shell, I am approaching 25 years working in the technology space with at least ten cumulative years directly working in information security going back to 1999. When not working directly with security, I have been specializing in networking and more recently with cloud/SDN technologies.

I have 10+ years working in technical management roles and otherwise have held individual contributor roles at the expert level. I have tried to keep this varied so I could have a credible resume for either type of role in the future.

I am currently working for a network/security vendor in a pre-sales technical role and this allows me to work from home with some travel. In the future, I would like to find a similar arrangement although my goal is not to be a traveling consultant who spends most of every week on the road. I imagine that rules out incident handling roles, for example.

I have two CCIE certifications going back to 2001, ten years with the CISSP, a JNCIE from 2004, VCP4-DV, VCP6-NV, and most recently the AWS CSA Associate.

Any advice?

Thanks in advance.

For what it's worth, I've been contacted about more management type roles since adding the CISM to my resume. I also have the CISSP, and while that does garner the most attention in IT security, the CISM seems to be opening more doors.

cbdudek

EJMADELINE wrote: »

For what it's worth, I've been contacted about more management type roles since adding the CISM to my resume. I also have the CISSP, and while that does garner the most attention in IT security, the CISM seems to be opening more doors.

I have my CISSP and am pursuing my CISM. I am taking the test first week in August. As someone who has done hiring in IT for over 10 years, I can tell you that both the CISSP and CISM will hold value to employers. Some employers like one over the other. The key to understand is that they both compliment each other. Having them both and maintaining them both will be valuable. Especially when paired with 10+ years of experience and a strong education.

TankerT

I think it depends on the type of job you are pursing. I have only seen CISM in management jobs, and normally in the "CISSP or CISM" flavor. Sometimes, I will see the "CISSP and CISM" requirement, but that has often been in upper management jobs.

cbdudek

jax7 wrote: »

Thanks. This is very helpful because I've been avoiding my gap in education. I've been lucky it has not posed a problem for me so far and might have gotten a bit too comfortable in this area. I need to figure out an answer that makes sense given the cost in time and money vs. ROI. But, that's a whole different topic.

It does seem the CISM should be easy enough to just complete regardless of whether it really makes a difference.

I just wanted to add something here. Everyone has gaps in their experience, education, or certifications.

The key is if they ever become a issue to what you want to be. I always wanted to be an IT security professional, but standing in my way was the certifications. I have my MBA and the 20 years of experience. So I shored things up and took the CISSP and passed. Now I am pushing myself by taking the CISM and other security certifications.

What you will find is the very highly sought after jobs are tough to get because you are competing against others who have strong backgrounds. My 20 years of experience and education is going to fall short against someone with 15 years of experience, education, and a lot of certifications. As you said, you can avoid a weakness in most cases, but in some cases you will fall short.

When I calculated the ROI of getting my MBA, I took into account that my company was willing to pay for it. So I went to school for 3 years part time to get it. My MBA paid for itself.

Best of luck to you man!

ChristineEshelman

I didn't have to search long before finding this response and feeling like it answers my own question! I have a question about earning my CISM if I already have CISSP and I feel like your response was the single answer I needed to hear! This is also the path I am looking to evolve more in; management.

ChristineEshelman

Shoot - sorry, new poster here... the above comment was to EJMADELINE and their reply about having CISSP but feeling that CISM is opening more management doors for them.