ISSMP - CISSP Concentration - Certification recommendations ?

Hi there,

I passed CISSP two years ago, my certification profile in a good standing is as follow:
- ISO 27005/RABQSA (2011)
- CISSP/ISC2 (2012)
- CISM/ISACA (2013)
- CISA/ISACA (waiting for results in 3 weeks) but hopefully I'll pass as the exam was pretty straightforward.

10 years of experience, working in IT/BP compliance and working on a daily basis with C level / Audit. Aiming for CISO.

Just wondering if ISSMP would be a great asset.. I can't find any prep questions. What's sure is that this concentration will require low preparation, as everything is already covered on CISM/CISA/CISSP exams... So I may go for it... computer based (I dont like that, that much - prefer pen & paper exams), but I can basically register the day before the exam. around 350 euros.

Otherwise, I think I'll stop my certification career, as it seems pretty complete at this time.

Thanks!

Wish you the best for 2014.

Find more posts tagged with

Comments

okp

Hi, any thoughts ?

colemic

Well, I don't think it would hurt... I am in a very similar boat (minus CISM, plus a few more minor certs) and am considering the ISSMP. I am also trying to determine whether something like PMP would be a better investment in time and dollars. It would fill a gap that I feel a good CISO needs, outside of the technical arena. Getting both wouldn't hurt either. I am still on the fence.

dijital1

Hi Okp,

Only you know if the ISSMP is worth doing. Based on your current certifications, the ISSMP would probably overlap a bit with your CISM certification. I've not taken any of the ISACA certs so I don't know how it directly compares. People that have both the ISACA and ISC2 certs and the general feeling is that the ISSMP compares well with the CISM.

It probably wouldn't be a huge undertaking for you to prepare for it, so why not knock it out. You'll probably pick up a few bits of knowledge as well as increases your marketability; both good things.

I'd probably do it if I were you.

okp

thanks for the support. I was reading the official ISSMP book of knowledge... and I've to say that ISC2 certifications questions are more tricky to understand.. whereas ISACA are straightforward. ISC brings double negations, a more shakespeare way of writing.. which brings a lot more difficulty in the exam.

PMP is also definitely an asset to look at.

AnthonyF

Go for PMP. No one has really ever noticed my ISSMP. But they notice PMP right away. My 2 cents.

dijital1

Do both.

okp

well PMP is really focused on project management right. Project Manager is a different job than CISO. Just wondering if PMP will be a great asset as a CISO...

How much involvement for PMP...? I don't like to get into training session; prefer self work and questions...

okp

Hey, any thoughts are welcome. I'm really wondering if I should go for PMP.... worth it when you aim for CISO ? It's like getting a CCNA when you are going for a security management position (and by the way manage the security program). Interesting but not that useless.

colemic

A CISO with a PMP will understand how his/her teams function better, and will understand the underlying processes that enable them to see the bigger picture, while understanding the details of their business from a functional perspective. Having a PMP benefits a lot of others than just the project manager.

okp

Thanks, just trying to gather enough ideas, so I can ask my boss to follow me on this PMP road... Because from his perspective, I'm quite sure he'll reply... PMP... you want to be a project manager not a CISO ?!

AnthonyF

colemic wrote: »

A CISO with a PMP will understand how his/her teams function better, and will understand the underlying processes that enable them to see the bigger picture, while understanding the details of their business from a functional perspective. Having a PMP benefits a lot of others than just the project manager.

Agree 100%

I also would say every org is different (okp's question). I know CISO's who have large portfolios and manage huge teams. While others have a small role and are a small 'c' rather than a large 'C' and have directors of IS that pull all the weight.

The more you understand from the business perspective the better off you will be.

okp

hi Anthony,

fully understand your recommendation. In fact, my company culture seems not to be oriented towards certification. So I assume I'll have to finance the PMP by myself. Only "issue" is the 35 hours training which cost like 2500 USD... whereas ... CISA,CISSM,CISSP were "only" around 400 USD (I don't like the courses)