Which CISSP concentration for security consulting role?

Big-JJBig-JJ Member Posts: 50 ■■■□□□□□□□
I've taken a new consulting job and will be doing the following:
  • Devise cyber security program that supports the organization's strategic goals for C-executives
  • Design and review security policies, processes, and procedures
  • Conducting security maturity assessments and diagnostics
  • Design and implement security operating models
  • Design security awareness programs and phishing campaign
  • Implement risk management frameworks
Any recommendation on which CISSP concentration will be most helpful in doing my job better?

So far I've got MBA, CIA, CRMA, CISA, CISM, CRISC, CISSP, PMP.

Thanks
MBA, CIA, CRMA, CISA, CISM, CRISC, CISSP, PMP

Comments

  • Info_Sec_WannabeInfo_Sec_Wannabe Senior Member Member Posts: 408 ■■■■□□□□□□
    With your current certifications (and experience), bullets 2 to 6 can be taken care of. However, for the first one, I'm guessing it would overlap with @UnixGuy's other thread (at least IMHO).

    https://community.infosecinstitute.com/discussion/138071/resources-to-create-cyber-security-strategy-for-cisos#latest
    Three year plan: (2018) CISSP [X] and eJPT [ ]; (2019) eCPPT [ ]; (2020) OSCP [ ]
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,267 Mod
    @Big-JJ : I held a few jobs similar to the you're describing! I do not believe the CISSP is the most helpful resource here (having said that, I do not hold CISSP so I could be wrong..).


    For Security maturity assessments, you're better off learning frameworks such as NIST for example. If you work for a consulting firm, they'll have templates and stuff they said for previous engagements that you can leverage (you will also learn consultant speak heh).


    I think ISACA might be more relevant. I do not like way ISACA charges for membership, renewals, exams, and cert fees. I hold CISM and CRISC, both are kind of relevant. CISA is good for people new to audit or more junior staff.


    For the consulting, you can do really well and progress without any cert. The certs are 'nice to have'. You need to get good at running workshops with clients, analyse data, review programs and give practical advice.

    People skills <== might be the most important aspect of the job.

    Depending on the firm you're working with, expect do a lot of Powerpoint and potentially Excel. Certs won't teach you that.


    Some clients will use CIS 20, ISO27K1, NIST, .etc or a combination of those.


    Check ISACA NIST assessment free template, download and you can use it, but I'm 90% certain your firm will have a version of that that you can use.


    Feel free to message me directly, I got really good at the consulting game and quite enjoyed it!


    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
  • SteveLavoieSteveLavoie Member Posts: 961 ■■■■■■■■□□
    Big-JJ said:

    Any recommendation on which CISSP concentration will be most helpful in doing my job better?

    So far I've got MBA, CIA, CRMA, CISA, CISM, CRISC, CISSP, PMP.

    Thanks
    I think you have all certification required for that.. Time to get what you learn from all those certification in practice ;)
  • shochanshochan Member Posts: 958 ■■■■■■■□□□
    yeah, sounds like you just need to get your hands dirty & learn the job itself.  Even if you make mistakes you should learn from those and see what you can improve on.  
    2021 Goal ~ OSCP

    Urban Achiever~ A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+
    A.A.S - CIS
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,172 Admin
    edited April 2
    Will you be a business consultant for technical C-levels or a technical consultant for business C-levels?

  • Big-JJBig-JJ Member Posts: 50 ■■■□□□□□□□
    JDMurray said:
    Will you be a business consultant for technical C-levels or a technical consultant for business C-levels?

    From what I know, business consultant to business C-levels. t never hurts to be more technical but not sure of the benefits for this role at this point.
    MBA, CIA, CRMA, CISA, CISM, CRISC, CISSP, PMP
  • JDMurrayJDMurray MSIT InfoSec, CISSP, SSCP, GSEC, EnCE, C|EH, CySA+, PenTest+, CASP+, Security+ Surf City, USAAdmin Posts: 12,172 Admin
    In that case, the MBA with anything on policies and governance will be what you are needing.
  • scascscasc Member Posts: 387 ■■■■■□□□□□
    Sounds like the job I do :). You have the necessary certs, more about knowing frameworks in detail to then define gaps, risks and roadmaps to improve based on most urgent priorities. Saying that if you really wanted a cert, I would honestly suggest GIAC GSTRT or GSLC. As these touch on the points you mentioned.
    MSc, BSc (Hons), AWS CSA, C-CISO, CISSP, CCSP, CCSK, CISM, CISA, CRISC, GSTRT, GSNA, GDSA, GCSA, GCCC, CEH, ECSA, CHFI, TOGAF, CISMP
Sign In or Register to comment.