Passed CISA 01/22/19 with total scaled score of 633. Should I go with CISM or CISSP or CRISC?

I took and preliminary passed CISA exam yesterday, first take. I am a CPA and have no experience related to Infosec although I am an IS auditor for 3 years already. Should I go with CISM or CISSP or CRISC? How do you evaluate my chances in passing these certs?

Thanks guys and gals!

Find more posts tagged with

cissp

CRISC

CISA

CISM

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

DZA_

I'd recommend having a couple solid years of InfoSec management experience before tackling on the exams as both of them require you to have 5 years of experience (CISM; 3 or more domains & CISSP; 2 or more domains) to be certified. You can probably leverage a infosec degree to buffer off a year of experience but you might be a little bit short. Otherwise, since you're on the ISACA track that you might do the CISM first to do the CISSP prep and then the CISSP down the road.

CISM Requirements

Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the 10-year period preceding the application date for certification or within 5 years from the date of originally passing the exam.

A passing score on the CISM examination, without completing the required work experience as outlined below, will only be valid for 5 years. If the applicant does not meet the CISM certification requirements within the five year period, the passing score will be voided.

edsern

@DZA_

Thanks for pointing that out.
Do I really need to be employed in Infosec role to satisfy the experience requirement? I believe there are overlaps between CISA and CISM/CISSP related to infosec.

kaiju

For both CISSP and CISM you will need verifiable experience in the domains.

E Double U

What exactly is your goal?

edsern

E Double U said:

What exactly is your goal?

For now, i want to have diversity in my career. So i'm thinking first of having a cert in infosec. It would also help me with my current role as IS auditor.

Eventually, I would want to be in infosec. If I take the exam and passed, I only have 5 yrs for the certification requirement, which I think is not yet attainable given my current experience (accountant/IS auditor) vs. the requirement. I also think that it would give a me a hard time landing a good infosec job, given my experience, in order to satisfy the requirement on the experience.

I guess I need your opinions and experiences to guide/enlighten me on this one. I would gladly appreciate it guys! Thanks.

edsern

Got my scores yesterday as follows:

Job Practice Area	Scaled Score
	The Process of Auditing Information Systems	693
	Governance and Management of IT	511
	Information Systems Acquisition, Development and Implementation	595
	Information Systems Operations, Maintenance and Service Management	648
	Protection of Information Assets	678

sumeetgandhi

Congrats mate!

sumeetgandhi

erichamm said:

You should Go With CISSP I will be Good For Your Future. If You want to prepare for CISSP Then Start Your Preparations Form This Authentic Platform : CertsEngine.com

Are you affiliate of that site or reseller?