Experience for CISM

nipun1987nipun1987 Registered Users Posts: 2 ■□□□□□□□□□
I am planning to give CISM exam in the Month of Dec.
I have a query if my work experience will be valid for CISM certification.
i am working as a SAP Security Consultant from 3 years in IBM India. My basic work involves Implementation of Security for ERP tools.



  • Options
    paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    You can find information about the experience requirements for the CISM here:

    How to Become CISM Certified

    You must have 5 years of experience. For 2 of those years, you can substitute certain certifications and education. Minimally, you must have 3 years of actual management experience in security, The 3 years also has to be in 3 practice areas - the practice areas are defined here:

    CISM Job Practice Areas

    Based on your description, you are not likely to qualify to hold a CISM.
  • Options
    JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Just to add to what paul78 said, I contacted ISACA directly and you don't have to have experience as a manager per se, but if you have 3 years of experience where you can check off at least one task statement in 3 of the practice areas you qualify. But then you look at the actual application and it states that you do. So I would contact ISACA and confirm if you have done the responsibilities of an ISM but not had the actual position, if that counts.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • Options
    nipun1987nipun1987 Registered Users Posts: 2 ■□□□□□□□□□
    Thanks for the Reply.
    I have registered for Dec 2013 CISM exam. Probably this is the first step towards moving to domain of information security.
    Bit confused about the preparation part. I am gonna start up with 2009 Manual to have a glance of the overall scope.

    How different is the 2009 CRM from 2013 ?

Sign In or Register to comment.