What next after CISSP?

So I've seen a few postings that recommend getting a CISM after passing the CISSP since they are both similar with regards to most content. My question is...is the CISM really noticable to HR and/or recruiters? Usually most postings I see state only CISSP or (CISSP or CISM). Would going for the second not have the same "payout"?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

lamont29

Getting the CISM after CISSP would be somewhat redundant. I am CISM & CISA, and as I study and prepare for the CISSP, I am seeing a lot of redundancy. I would recommend that you go for the CISA instead. On the other hand, it wouldn't hurt to have CISM with CISSP, depending upon what you want to do in your career. If you go to Indeed.com and search jobs using the key word "CISM," you'd be quite surprise at the litany of jobs requiring that credential... usually as an alternative to the CISSP.

TechGuru80

CISSP is the gold standard...some jobs do list "CISSP or CISM" but CISSP is usually the one that shows up most frequently. Honestly the CISM is a nice to have but you aren't likely to see a major boost from adding it to the CISSP.

If you are looking for the greatest impact, the CISSP + CISA would provide better coverage than CISSP + CISM.

E Double U

I see all three asked for in many job postings where I am so I am doing all three. I did CISSP in 2015, CISM last year, and currently studying for CISA. The overlap makes it easier to pass plus my employer pays for it so why not.

mattster79

I see lots of posting asking for both.

There is so much overlap between the two you may as well go for CISM. One extra string in your bow!

Danielm7

It depends on the type of roles you're going for. Lots of more technical positions ask for CISSP because they're written by HR, but if you're not going for a management type position I wouldn't bother with the CISM.

Mide

Thanks all for the advice. Yes I agree that it will be an extra feather as I'm already in management. The overlap will at least cover me past the HR filter.

Info_Sec_Wannabe

E Double U wrote: »

I see all three asked for in many job postings where I am so I am doing all three. I did CISSP in 2015, CISM last year, and currently studying for CISA. The overlap makes it easier to pass plus my employer pays for it so why not.

Same here. Since my employer pays for it (including the membership), I don't mind sitting for the exams.

As to what to do after I pass the CISSP, I'll probably pursue pentesting (e.g., eJPT, CEH???, OSCP).