After CISSP?

Hi guys,

I'm looking for your advice on a career decision I need to make. I recently passed CISSP and am looking for my next move. My contract is up where I'm currently working at the end of June 14, and I want to well prepared when the time comes.

My main questions: CISM or CRISC? I figure each would require 3 -4 months prep so I'm wondering which is the better move? Or does it make more sense to do one before the other?

Also how much would my recent CISSP help me with them?

My background is I'm working as a network technician for a large company for 6+ years. I have some experience in risk management and IT service management but not as much as i'd like. I'm more on the technical side of the house but TBH i'd like to eventually drift to a more managerial position.

I have a CCNP Security, ITIL foundation, CISSP and a bachelors degree in IT management.

Id love to hear some thoughts form those who have gone before me, or anybody with some insight into either CISM or CISA

Also what is G2700 like for somebody with limited experience with ISO 27001 ? Is it a good area to get into etc?

Thanks in advance for any help!!

Find more posts tagged with

Comments

JDMurray

Do you currently have the professional work experience required by the CISA, CISM, or CRISC certifications? You can take the exams without having the work experience, but that won't help you much in finding an InfoSec job. If you want to stay in network operations then I would suggest the CCIE Security would be a better choice than an InfoSec auditing or management cert. I would also suggest planning not to "drift" into management, but instead get with a large company that has a management training program.

paul78

Also to elaborate on what JD mentioned... Assuming that you have the requisite management experience, given the option of CISM or CRISC first - I would suggest the CISM. It's actually a very straight-forward body of knowledge. While there is more subjectivity based on perceived best-praactices in the CISM than in the CISSP, most people with the right experience would consider it mostly review.

While, I laud ISACA's attempt at developing a risk-based certification in the CRISC, my personal believe is that this certification has some opportunity to mature. A lot of the material is repetitive and lacks sufficient depth.

Also - CISM and CISA are ISO/IEC 17024:2003 compliant certifications - the CRISC is not.

niall.nf

wow didn't realise CRISC was not compliant with SO/IEC 17024:2003. That fairly rules that out so.

Thanks for the help.

Anybody done G2700 exam??

dou2ble

I grandfathered into CRISC and it hasn't done anything for me. Sounds like you're already going this route, but I'd recommend CISM instead.

niall.nf

dou2ble wrote: »

Sounds like you're already going this route, but I'd recommend CISM instead.

Thanks for the heads-up dou2ble. I've been doing a bit of research over the last number of days and am now sure i'll be staying away from CRISC this year.
Starting to also have second thoughts about CISM, correct me if i'm wrong but is it not slightly redundant doing CISM with a CISSP and bachelors degree in IT management. I might just take JDMurrys advice and start the CCIE..Either that or do something different like a PM cert.

Need to make up my mind soon..Thanks for your input guys

bobloblaw

Do you qualify for PMP? That would hold much more value than an ISACA cert with your current credentials.

dou2ble

niall.nf wrote: »

Thanks for the heads-up dou2ble. I've been doing a bit of research over the last number of days and am now sure i'll be staying away from CRISC this year.
Starting to also have second thoughts about CISM, correct me if i'm wrong but is it not slightly redundant doing CISM with a CISSP and bachelors degree in IT management. I might just take JDMurrys advice and start the CCIE..Either that or do something different like a PM cert.

Need to make up my mind soon..Thanks for your input guys

I agree that CISSP is redundant. I think the advice from JDMUrrays and bobloblaw is right on. I'm also trying to decide on ISSEP or PMP. I don't have enough networking experience so I know CCIE is not an option.