Is it worth having both the CISSP and the CISM

I passed my CISM two years ago, and now I'm studying for the CISSP. Is it worth having both? It almost seems like the same content. How beneficial job hunting wise is it to have both? Who has both and how marketable has it made you?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

mattster79

Made a big difference for me. I also see lots of job postings asking for both certs.

TechGuru80

Jobs in the U.S. are usually one of the two...but CISSP is seen as the gold standard so it will show up more frequently, where the CISM is a lot less known. I believe there is only like 30,000 CISM worldwide and around 80,000 CISSP in the U.S., which is more a testament of how many people will be familiar with one over the other not necessarily an exclusive club like with a CCIE for example.

tedjames

Most people I know earn CISSP first and then earn CISM only if they want to move into management/leadership positions, such as CISO or CIO. It's true that CISSP will open more doors for you.

A former co-worker earned CISSP and then sat for the CISM exam a few years later without studying. He said there was a lot of crossover.

If I were in your shoes, I'd pursue CISSP. Having CISSP and CISM together will do you a lot of good, depending on your career goals.

DZA_

mattster79 wrote: »

Made a big difference for me. I also see lots of job postings asking for both certs.

I'm literally writing my CISM this Saturday morning.

I'm anxious to get it over with!

Cheers,
DZA_

mattster79

DZA_ wrote: »

I'm literally writing my CISM this Saturday morning. I'm anxious to get it over with!

Cheers,
DZA_

Good luck for tomorrow 👍🍀

beads

TechGuru80 wrote: »

Jobs in the U.S. are usually one of the two...but CISSP is seen as the gold standard so it will show up more frequently, where the CISM is a lot less known. I believe there is only like 30,000 CISM worldwide and around 80,000 CISSP in the U.S., which is more a testament of how many people will be familiar with one over the other not necessarily an exclusive club like with a CCIE for example.

ISC(2) recently proclaimed 125,000 certified individuals in the the January/February 2018 Information Security Magazine. I have no clue as to the number of CISMs out there but its hard to argue with the ISC(2)'s marketing and public relations departments.

- b/eads

TechGuru80

beads wrote: »

ISC(2) recently proclaimed 125,000 certified individuals in the the January/February 2018 Information Security Magazine. I have no clue as to the number of CISMs out there but its hard to argue with the ISC(2)'s marketing and public relations departments.

- b/eads

Ah was that 125,000 worldwide or the United States?...I was just looking at ISC2 website so they must not have updated that yet. I am sure some of it has to do with when the certifications were originally released but I've never heard rumblings that CISM will overtake the CISSP at least not anytime soon.

https://www.isc2.org/About/Member-Counts
https://www.isaca.org/About-ISACA/Press-room/Pages/ISACA-Certifications-by-Region.aspx

adeblu

Thank you all for your insight. I guess having one is better than having none, but having both will help me stand out. And yes, CISSP is noticed more than the CISM. I guess I should have gotten it first.

anilkumartr

Good to have both the certifications. especially out side US.

talbert80

It's good to have both, specifically if in management or leadership roles.

H-bomb

Get both! IMO I think passing the CISSP first, gives you a great advantage and foundation of the concepts required to clear the CISM. This is comming from someone who wrote (and passed) both exams in the past 1.5 months.

talbert80

I completely agree with H-bomb. I took the CISSP first. Then COBIT Foundation and Implementation (the company required COBIT training). I cleared the CISM is less than 1.5 hours. If you can pass the CISSP, you can pass the CISM. But understand governance and risk management.

Info_Sec_Wannabe

H-bomb wrote: »

Get both! IMO I think passing the CISSP first, gives you a great advantage and foundation of the concepts required to clear the CISM. This is comming from someone who wrote (and passed) both exams in the past 1.5 months.

I'm currently doing it the other way around. Sat for CISM in December and hoping to sit for (and pass) CISSP in March 2018.

H-bomb

You got this!!!

laurieH

I guess it depends a lot on what you want to do. From what I've seen often they ask for CISSP and/or CISM partly because they don't really know the difference and may accept one in lieu of the other. CISSP is harder (from what I've heard) but if you need it I'm sure you can get it.