Which security certification to do

mirror51mirror51 Member Posts: 82 ■■■□□□□□□□
edited February 12 in Cybersecurity

Guys if these are the job requirements , which security certification should i do .

Develop, implement and maintain security governance, including but not restricted to security frameworks, policies and standards Third Party Risk Management, Incident Response Plans, IS18 Assessments, ISMS creation, Business Impact Assessments, Threat and Risk Management

Solid Knowledge of risk management guidelines and frameworks such as ISO27005, ISO31000, OCTAVE and NIST 800-30

<span>In-depth experience of risk assessment, security best practice and practical application of security controls in an enterprise environment</span><br>

I am currently Devops engineer and have all AWS certifications


  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,174 ■■■■■■■■□□
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,912 Mod
    To me this screams CRISC. Are you changing roles? Big jump form DevOps to risk.
  • JohnBMDJohnBMD Member Posts: 1 ■□□□□□□□□□
    CISM. Great for management and knowledge of aligning a security program to a governance framework.
  • SteveLavoieSteveLavoie Member Posts: 894 ■■■■■■■■□□
    CISSP is the "generic black belt" for that kind of requirement ;)
  • egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ Member Posts: 384 ■■■■□□□□□□
    CISSP certification covers 95% of this Mirror51
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 11,936 Admin
    edited June 4
    I agree with @cyberguypr. CRISC is the cert--CISSP and CISM are not deep enough. That is a huge career path change from being an AWS developer. You'll never write a line of code in your new profession.
  • E Double UE Double U Member Posts: 1,788 ■■■■■■■■■□
    CISSP and ISACA certifications would cover those topics just for gaining knowledge, but if that is a job posting that requires "experience" in those areas then going after a certification without the skills is pointless. If you have zero experience in the areas required for the role then I highly doubt that a certification will get you over the hump. 

    Just my $0.02
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, Azure Security Engineer Associate, ITIL 4 Foundation, and more.

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • balancebalance MBA,CISM,CISA,CRISC,CISSP,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+ Member Posts: 139 ■■■■□□□□□□
    CRISC  all day long .    as stated before by other uses . CISSP  and CISM  are just not deep enough.
  • bigdogzbigdogz Member Posts: 873 ■■■■■■■■□□
    I agree with cyberguy as well. This certification is all about risk.
    One issue that you may have is that the the HR or hiring manager may want the CISSP as it is more well known but not as applicable.
  • balancebalance MBA,CISM,CISA,CRISC,CISSP,CDSPE,CASP,CEH,CSM,ITIL V3,V4 Found,Sec+,Net+,Project+, ITF+ Member Posts: 139 ■■■■□□□□□□
    You could go  CISSP, CISM,CRISC   in that order  but it is gonna suck 
Sign In or Register to comment.