Which security certification to do

mirror51mirror51 Member Posts: 84 ■■■□□□□□□□
edited February 2020 in Cybersecurity

Guys if these are the job requirements , which security certification should i do .

Develop, implement and maintain security governance, including but not restricted to security frameworks, policies and standards Third Party Risk Management, Incident Response Plans, IS18 Assessments, ISMS creation, Business Impact Assessments, Threat and Risk Management

Solid Knowledge of risk management guidelines and frameworks such as ISO27005, ISO31000, OCTAVE and NIST 800-30

<span>In-depth experience of risk assessment, security best practice and practical application of security controls in an enterprise environment</span><br>

I am currently Devops engineer and have all AWS certifications


  • Options
    tedjamestedjames Member Posts: 1,179 ■■■■■■■■□□
  • Options
    cyberguyprcyberguypr Mod Posts: 6,928 Mod
    To me this screams CRISC. Are you changing roles? Big jump form DevOps to risk.
  • Options
    JohnBMDJohnBMD Member Posts: 1 ■□□□□□□□□□
    CISM. Great for management and knowledge of aligning a security program to a governance framework.
  • Options
    SteveLavoieSteveLavoie Member Posts: 1,133 ■■■■■■■■■□
    CISSP is the "generic black belt" for that kind of requirement ;)
  • Options
    egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    CISSP certification covers 95% of this Mirror51
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • Options
    JDMurrayJDMurray Admin Posts: 13,026 Admin
    edited June 2020
    I agree with @cyberguypr. CRISC is the cert--CISSP and CISM are not deep enough. That is a huge career path change from being an AWS developer. You'll never write a line of code in your new profession.
  • Options
    E Double UE Double U Member Posts: 2,229 ■■■■■■■■■■
    CISSP and ISACA certifications would cover those topics just for gaining knowledge, but if that is a job posting that requires "experience" in those areas then going after a certification without the skills is pointless. If you have zero experience in the areas required for the role then I highly doubt that a certification will get you over the hump. 

    Just my $0.02
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • Options
    balancebalance Member Posts: 244 ■■■■■□□□□□
    CRISC  all day long .    as stated before by other uses . CISSP  and CISM  are just not deep enough.
  • Options
    bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    I agree with cyberguy as well. This certification is all about risk.
    One issue that you may have is that the the HR or hiring manager may want the CISSP as it is more well known but not as applicable.
  • Options
    balancebalance Member Posts: 244 ■■■■■□□□□□
    You could go  CISSP, CISM,CRISC   in that order  but it is gonna suck 
Sign In or Register to comment.