What to go for CISA vs CISM first

ram0402ram0402 Member Posts: 4 ■□□□□□□□□□
15+ yrs in IT mainly in IT operations managing servers and network devices, attended many audits from IT side e.g PCI DSS, SOC.Planning to shift to Infosec side from IT .  
What should I go for First CISA or CISM? 

What would be more value addition and easy to start with.


  • Options
    E Double UE Double U Member Posts: 2,232 ■■■■■■■■■■
    Which is easier to begin with depends on your knowledge of the study areas going into it. Go to the ISACA website and review all of the topics covered by both credentials to what you feel the most comfortable with.

    Value is subjective. I do not feel one is nececssarily more valuable than the other. I just know both are respected so I did both. I only did CISM before CISA because my former VP of Info Sec advised that CISM had a lot of overlap with CISSP. Since I completed CISSP the CISM was a logical next step. 

    I completed CISA in 2018 with an official scaled score of 572

    The Process of Auditing Information Systems: 541
    Governance and Management of IT: 655
    Information Systems Acquisition, Development and Implementation: 465
    Information Systems Operations, Maintenance and Service Management: 534
    Protection of Information Assets: 648

    I completed CISM in 2017 with a total scaled score of 536

    Information Security Governance: 512
    Information Risk Management and Compliance: 621
    Information Security Program Development and Management: 481
    Information Security Incident Management: 512
    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • Options
    JDMurrayJDMurray Admin Posts: 13,041 Admin
    edited March 2021
    Is your immediate career path InfoSec auditing or InfoSec management. What are you hoping to achieve career-wise by getting either or both certs?
  • Options
    ram0402ram0402 Member Posts: 4 ■□□□□□□□□□
    My ultimate aim is to go into Infosec management but thought out getting detailed knowledge from auditors point of view and then moving up the ladder into management.
  • Options
    JDMurrayJDMurray Admin Posts: 13,041 Admin
    Both CISA and CISM are for people that already have years of professional work experience in IT auditing or IT (InfoSec) management. Getting the CISM now won't help you understand how to be a manager, but studying for the CISA will give you a perspective into (COBIT) auditing. Job-wise, these certs will only give you a slightly better chance of getting a first-round interview; simply having the cert won't get you a job.
Sign In or Register to comment.