Next step dilemma
SDee
Member Posts: 82 ■■■□□□□□□□
I am in this place and pretty sure that I will find others who have been in a similar place and managed to take good decisions.
At the moment I am; CISM, CISSP, CCSP, CEH, CCNP, ITIL
On a professional experience, I am an Information Security manager. At this stage I feel totally relaxed dealing with the higher level managerial aspects which are included in the likes of CISM, CISSP and CCSP. However I am at this stage where I want to keep on learning new things, but I would not fancy going to reverse engineering level for example as my background is Networks/Networks Security and I am not really good with programming languages.
I am doing lots of reading here and there, about this and that topic but I think I will need to focus on something new that will add value and focus on getting it done. What certificates or programs would suit someone in my situation? At the moment I am looking to things like ISO27001 LI but I am already a key part in a successful ISO27001 compliance project and I am not sure how much of value will the LI bring. The other thing I am considering is the GDPR Practitioner, but for some reason, I prefer to go to something that is a "lower-level"
GIAC looks great, but honestly, it is really costly!
Suggestions?
At the moment I am; CISM, CISSP, CCSP, CEH, CCNP, ITIL
On a professional experience, I am an Information Security manager. At this stage I feel totally relaxed dealing with the higher level managerial aspects which are included in the likes of CISM, CISSP and CCSP. However I am at this stage where I want to keep on learning new things, but I would not fancy going to reverse engineering level for example as my background is Networks/Networks Security and I am not really good with programming languages.
I am doing lots of reading here and there, about this and that topic but I think I will need to focus on something new that will add value and focus on getting it done. What certificates or programs would suit someone in my situation? At the moment I am looking to things like ISO27001 LI but I am already a key part in a successful ISO27001 compliance project and I am not sure how much of value will the LI bring. The other thing I am considering is the GDPR Practitioner, but for some reason, I prefer to go to something that is a "lower-level"
GIAC looks great, but honestly, it is really costly!
Suggestions?
Comments
-
UnixGuy
Mod Posts: 4,570 Mod
I recommend SABSA at your level (It's not a technical cert though). OR CISSP ISSAP. I find architecture knowledge always help.How about some vendor cloud certs to give you more knowledge about cloud?For Data Privacy, CIPP/E seem to be the gold standard.What topic are you interested in? What sort of work do you want to be doing in the next 5-10 yrs ? -
SDee
Member Posts: 82 ■■■□□□□□□□
UnixGuy said:I recommend SABSA at your level (It's not a technical cert though). OR CISSP ISSAP. I find architecture knowledge always help.How about some vendor cloud certs to give you more knowledge about cloud?For Data Privacy, CIPP/E seem to be the gold standard.What topic are you interested in? What sort of work do you want to be doing in the next 5-10 yrs ?
For SABSA it falls outside the category I am actually looking for, looking for something that would add a specific skill so I feel pretty covered by CISSP/CISM when it comes to architecture, design, risk, etc.
I am quite familiar and have hands-on experience in Azure and AWS, but it might be something to look at, the thing is that I feel there might be something that would add more value out there.
CIPP/E? Well, I am looking for something that adds value when it comes to all GDPR-related activities. So I am yet to totally evaluate what would be the best option but absolutely something to consider. So yes looking to information into that direction. What data protection certificate/course would add most value/recognition?
Besides GDPR-related certification, looking for something that adds value on Incident Response skills, but again not on a low-level such as reverse engineering and malware analysis, more of threat intel, MITRE, etc.
What I will be doing is managing and running the Information Security program in a large enterprise but will be working closely with business units and IT administrators. But we all came across this Information Security person who knows all the buzzwords and compliance-related terminologies but had no idea about the actual cybersecurity, I will never be that person so the dilemma is my career is too advanced to study for reverse engineering and learn a programing language but I want to remain up to date on how things are done.