What to go for CISA vs CISM first
Guys,
15+ yrs in IT mainly in IT operations managing servers and network devices, attended many audits from IT side e.g PCI DSS, SOC.Planning to shift to Infosec side from IT .
What should I go for First CISA or CISM?
What would be more value addition and easy to start with.
15+ yrs in IT mainly in IT operations managing servers and network devices, attended many audits from IT side e.g PCI DSS, SOC.Planning to shift to Infosec side from IT .
What should I go for First CISA or CISM?
What would be more value addition and easy to start with.
Comments
-
E Double U
Member Posts: 2,233 ■■■■■■■■■■
Which is easier to begin with depends on your knowledge of the study areas going into it. Go to the ISACA website and review all of the topics covered by both credentials to what you feel the most comfortable with.
Value is subjective. I do not feel one is nececssarily more valuable than the other. I just know both are respected so I did both. I only did CISM before CISA because my former VP of Info Sec advised that CISM had a lot of overlap with CISSP. Since I completed CISSP the CISM was a logical next step.
I completed CISA in 2018 with an official scaled score of 572
The Process of Auditing Information Systems: 541
Governance and Management of IT: 655
Information Systems Acquisition, Development and Implementation: 465
Information Systems Operations, Maintenance and Service Management: 534
Protection of Information Assets: 648
I completed CISM in 2017 with a total scaled score of 536
Information Security Governance: 512
Information Risk Management and Compliance: 621
Information Security Program Development and Management: 481
Information Security Incident Management: 512
Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
JDMurray
Admin Posts: 13,090 Admin
Is your immediate career path InfoSec auditing or InfoSec management. What are you hoping to achieve career-wise by getting either or both certs?
-
ram0402
Member Posts: 4 ■□□□□□□□□□
My ultimate aim is to go into Infosec management but thought out getting detailed knowledge from auditors point of view and then moving up the ladder into management. -
JDMurray
Admin Posts: 13,090 Admin
Both CISA and CISM are for people that already have years of professional work experience in IT auditing or IT (InfoSec) management. Getting the CISM now won't help you understand how to be a manager, but studying for the CISA will give you a perspective into (COBIT) auditing. Job-wise, these certs will only give you a slightly better chance of getting a first-round interview; simply having the cert won't get you a job.