CISM / CISSP / CISA - Which certification for moving to IT Security field?

testlinktestlink Posts: 4Member ■□□□□□□□□□
I have 10+ years experience in IT Support + Software Testing (Manual). I am currently preparing for PRINCE 2 certification and wish to move towards management side of things. At the same time I am also interested in IT Security. I only have  have intermediate level networking knowledge. Also no scripting experience. 

Is it Ok to directly go for CISM? How difficult is this exam? 

Or should I go for some other certification like CISA which would let me apply for roles IT Auditor ?

Appreciate any help in this regard...

Comments

  • mikey88mikey88 CISSP, CySA+, Security+, Network+ and others Posts: 471Member ■■■■■□□□□□
    edited June 5
    testlink said:
    Is it Ok to directly go for CISM? How difficult is this exam? 

    Or should I go for some other certification like CISA which would let me apply for roles IT Auditor ?

    Appreciate any help in this regard...
    Can you expend more on your experience? The certifications you listed require 5 years of InfoSec experience. 
    Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux

  • testlinktestlink Posts: 4Member ■□□□□□□□□□
    • Anti-Virus and Web/Mail usage monitoring using Webmarshal & Mailmarshal
    • Support to Siemens HI-Path 4000 Phone system and HiMed bedside entertainment system
    • VPN and RSA SecureId token setup
    • Network Maintenance, Network Printer Support, Cabling, Patching
    • Windows Server Active Directory (AD) Management 
    • Network Maintenance, Network Printer Support, Cabling, Patching
    • Technical Documentation of various IT procedures
    • Building Windows test servers on Hyper-V and VMware
  • JDMurrayJDMurray Certification Invigilator Surf City, USAPosts: 11,447Admin Admin
    You can take and pass any or all of these cert exams tomorrow, but passing alone won't get you the full certifications. The CISSP requires several years of professional, verifiable InfoSec experience. The CISM requires several years of professional, verifiable InfoSec management (of people, not things) experience. The CISA requires several years of professional, verifiable IT auditing experience. There is a possibility that an employer would only care that you have passed the exam(s) and do not have the actual cert(s), but you would still not have the experience for the job. I don't see anything listed in your bullets that indicates you have the experience required for these certs.
  • testlinktestlink Posts: 4Member ■□□□□□□□□□
    So what certification, should I start with to move towards IT security? Again I have only basic networking skills + No scripting expr. 

  • Danielm7Danielm7 Posts: 2,264Member ■■■■■■■■□□
    Check the CISSP requirements, map your experience against the domains there and see if what you'e done matches up and that you can prove it to ISC2 if needed through an audit. 

    https://www.isc2.org/Certifications/CISSP/experience-requirements#
  • kaijukaiju Posts: 400Member ■■■■■■□□□□
    After reading the requirements for CISA, CISM, and CISSP you should be able to decide which certification is good for you.

    Work smarter NOT harder! Semper Gumby!
  • testlinktestlink Posts: 4Member ■□□□□□□□□□
  • lucky0977lucky0977 Senior Member Posts: 203Member ■■■■□□□□□□
    testlink said:
    So what certification, should I start with to move towards IT security? Again I have only basic networking skills + No scripting expr. 

       Why did you not mention Security+ (should I assume you already have that)? That will give you the foundational knowledge required for CISSP or CISM.
    Take a look at the 8 domains of the CISSP and the 5 domains of CISM and the experience requirements. They don't explicitly state this but they expect you to have some foundational security related knowledge prior to taking their exams. You'll know what I'm talking about when you take their exams. You'll take the exam and read the questions over and over again and think to yourself "Hey I'm pretty sure I've never read this before in any of the textbooks".
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
Sign In or Register to comment.