CISM without enough experience
Hi there,
I recently passed the CISSP certification and endorsement process, and are now looking towards the next certification step.
I would like to work with security management, so the CISM CISA are interesting for me. Of course I've got the 5 years of experience in the it security field (since i passed the CISSP endorsement), but i don't have any management experience.
I guess i could take the exam anyways but i won't be able to get the certificate, and how good is it without anyway?
I've tried to find information at the isaca site regarding which experience that counts. Does it have to be full time professional management or can i try to find a volunteer job?
If i take the exam without any experience and without any prerequisites to starting getting some experience, i guess i only have 5 years to getting the necessary experience or i'll have to retake the exam?
Is it the same thing with the CISA?
Are there any other certs you could recommend me taking, that would bring me ind the management direction and that i can take without management experience?
I was also thinking of taking a diploma in leadership, to supply the management part of the job...
Best regards
Mathias
I recently passed the CISSP certification and endorsement process, and are now looking towards the next certification step.
I would like to work with security management, so the CISM CISA are interesting for me. Of course I've got the 5 years of experience in the it security field (since i passed the CISSP endorsement), but i don't have any management experience.
I guess i could take the exam anyways but i won't be able to get the certificate, and how good is it without anyway?
I've tried to find information at the isaca site regarding which experience that counts. Does it have to be full time professional management or can i try to find a volunteer job?
If i take the exam without any experience and without any prerequisites to starting getting some experience, i guess i only have 5 years to getting the necessary experience or i'll have to retake the exam?
Is it the same thing with the CISA?
Are there any other certs you could recommend me taking, that would bring me ind the management direction and that i can take without management experience?
I was also thinking of taking a diploma in leadership, to supply the management part of the job...
Best regards
Mathias
Comments
-
colemic Member Posts: 1,569 ■■■■■■■□□□Don't confuse security management with being a 'manager'. All you need is verifiable work experience from three of the five domains.
Domain 1—Information Security Governance
Domain 2—Information Risk Management
Domain 3—Information Security Program Development
Domain 4—Information Security Program Management
Domain 5—Incident Management & Response
For the Work Experience Requirement: (directly from How to Become CISM Certified)
Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam.
Experience Substitutions
The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.
Two Years:- Certified Information Systems Auditor (CISA) in good standing
- Certified Information Systems Security Professional (CISSP) in good standing
- Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)
- One full year of information systems management experience
- One full year of general security management experience
- Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)
- Completion of an information security management program at an institution aligned with the Model Curriculum
Some of my coworkers hold the CISM cert, and they say it is more off-the-wall than the CISA (which has slightly different experience requirements.) And I say the CISA is, to put it quite delicately, bat-**** crazy and ridiculous and hairsplitting (I am currently sstudying for the exam in June.) I just can't see the benefit for me of pursuing the CISM, I value my sanity too much.
I would think that if you could pass the CISSP endorsement process, that you would not have any issue with the CISM/CISA work experience requirement.Working on: staying alive and staying employed -
mathiasm Registered Users Posts: 4 ■□□□□□□□□□Don't confuse security management with being a 'manager'. All you need is verifiable work experience from three of the five domains.
Domain 1—Information Security Governance
Domain 2—Information Risk Management
Domain 3—Information Security Program Development
Domain 4—Information Security Program Management
Domain 5—Incident Management & Response
For the Work Experience Requirement: (directly from How to Become CISM Certified)
Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam.
Experience Substitutions
The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.
Two Years:- Certified Information Systems Auditor (CISA) in good standing
- Certified Information Systems Security Professional (CISSP) in good standing
- Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)
- One full year of information systems management experience
- One full year of general security management experience
- Skill-based security certifications (e.g., SANS Global Information Assurance Certification (GIAC), Microsoft Certified Systems Engineer (MCSE), CompTIA Security +, Disaster Recovery Institute Certified Business Continuity Professional (CBCP), ESL IT Security Manager)
- Completion of an information security management program at an institution aligned with the Model Curriculum
Some of my coworkers hold the CISM cert, and they say it is more off-the-wall than the CISA (which has slightly different experience requirements.) And I say the CISA is, to put it quite delicately, bat-**** crazy and ridiculous and hairsplitting (I am currently sstudying for the exam in June.) I just can't see the benefit for me of pursuing the CISM, I value my sanity too much.
I would think that if you could pass the CISSP endorsement process, that you would not have any issue with the CISM/CISA work experience requirement.
I have read that on the site, but maybe its because of my poor English, but i can't see if they require professional experience (full timed paid job) or volunteer jobs satisfy for management experience?
Well the CISSP domains that i have worked in is primely the technical ones (crypto, app security design, security architecture and design etc.) and they are quite different from the 5 domains in CISM, so i guess that i won't have any work experience? -
colemic Member Posts: 1,569 ■■■■■■■□□□It doesn't specify, but I would imagine they are saying that if not fulltime, then the equivalent (2080 hours per year for volunteer work.)
Domain 4, Task Statement 1: 4.1 Manage internal and external resources (e.g., finances, people, equipment, systems) required to execute the information security program. --I'd say that easily covers security architecture and design.Working on: staying alive and staying employed -
mathiasm Registered Users Posts: 4 ■□□□□□□□□□Thank you very much, maybe i should try reading the domains/tasks and see if my work fits at 3 domains or more