CISM '3 years in Job Practice Areas' Question

Hello! I am just beginning to determine if I would meet the requirements for the CISM. This feels like a dumb question but I can't sort it out from my own research...

I have 5+ years information security experience - I am an endorsed CISSP. However, I am stuck on the "...with a minimum of three years of information security management work experience in three or more of the job practice analysis areas." because I am readying that I need to be in a management role in one of the job practice analysis areas. But that is not correct, right?

Is it just telling me that the 3 years should come from experience in those 'info sec management' areas? Because, if so, I have experience in all 4 - the entirety of my 5 years in the field has actually been in those areas only.

Just can't get it out of my head that I need to be a manager to be endorsed as a CISM - I think it was because I was once told that the CISM is the cert that I would want since I plan to get into 'people management'.

Thanks!

Find more posts tagged with

Comments

ChristineEshelman

I am super surprised that this went unanswered. However, I figured out the answer on my own and realized that I was misunderstanding the term. Maybe everyone else figured that I would eventually find my way here

Regardless, I pass the CISM exam today! Once the results are finalized, I will submit my application for certification. Very excited - it's been a satisfying road to earn these certifications as I grow in my field.