ISACA Certs

This thread:

http://www.techexams.net/forums/security-certifications/46380-cisa-certified-information-systems-auditor.html

and this thread:

http://www.techexams.net/forums/general-certification/46399-question-uber-geeks-who-have-always-loved-computers-2.html

have both made me wonder about what is the perception of the value of ISACA's certifications out there?

To quote JD in the 2nd thread:

JDMurray wrote: »

Only a few highly recognized and respected certs (e.g., CISSP, CISA/CISM, CCIE) can actually attempt to compete with degrees in their respective fields.

While I agree with what is said here with respect to the CISSP and various iterations of Cisco's highest level certs, I'm not sure that I see they same value in the marketplace for the ISACA certs. Please note, I have nothing against ISACA (or JD for that matter

).

I'm interested to hear everyone's thoughts...here's my thought about each of ISACA's certs:

CISA - In many ways this seems like a "poor man's CPA". I often see work come around with some type of audit component, however, I rarely see any of this specifically requiring a CISA. More often than not I see specific audit-related experience requirements, such as SOX, PCI, ISO/IEC *, among others.

CISM- I understand the management focus of this cert, however, as best I can tell the high ground in the security certification world is the CISSP. It seems like most of the people that I encounter that are focused on IT security either hold or are pursuing the CISSP.

CGEIT - I'll venture a guess that many people that frequent this board are not very concerned about IT governance, what it means, or that there is a certification for it. I've felt like since this certification was released a couple of years ago that it's almost serving an empty market. Since this cert came out a couple of years ago, I have met exactly one person (in person) that holds it.

I'm not a huge believer in the metric of searching Monster or Careerbuilder to see how many jobs are looking for a certification. I do however like to try to figure out how many people hold any given certification. This says really nothing about the level of demand for the cert.

I don't know if ISACA publishes numbers for their certs (if someone does, please post a link). However, I will often do a search on LinkedIn just to get an idea of how many people out there hold the cert. Here's what I found:

CISA - 17910
CISM - 6086
CGEIT - 1599

CISSP - 26539

CCIE - No need to do that search, we all pretty much know what it is

I do realize that there is nothing scientific about this method that I've chosen, but it seems telling that in a population like that on LinkedIn that the CISSP outnumbers the CISM by roughly 4.5 to 1.

MS

Find more posts tagged with

Comments

UnixGuy

From my regular job search...I find security related jobs asking for people who have CISSP/CISA/CISM...or they say preferred certs : CISSP/CISA/CISM...but that's all I know

GAngel

7/10 of the cissp/cism/cisa candidates i interview i find to be not good enough.

People are taking the exams for the wrong reasons mainly because they see $$ when in reality it should be a culmination of what you know. Pass one exam and all of a sudden they think they're an SME.

The days of being handed jobs because of certs are over. If I interview someone with expert level certs I expect expert level knowledge to almost everything I ask.

All these cert providers should be not for profit I think as right now they're all in it for the money and diluting what should be akin to a masters degree. They should also review the requirements and the time frame for being granted these certs. I've never met an expert who only had to pass one exam in any field.

eMeS

GAngel wrote: »

7/10 of the cissp/cism/cisa candidates i interview i find to be not good enough.

People are taking the exams for the wrong reasons mainly because they see $$ when in reality it should be a culmination of what you know. Pass one exam and all of a sudden they think they're an SME.

The days of being handed jobs because of certs are over. If I interview someone with expert level certs I expect expert level knowledge to almost everything I ask.

All these cert providers should be not for profit I think as right now they're all in it for the money and diluting what should be akin to a masters degree. They should also review the requirements and the time frame for being granted these certs. I've never met an expert who only had to pass one exam in any field.

Well said.

JDMurray

GAngel wrote: »

People are taking the exams for the wrong reasons mainly because they see $$ when in reality it should be a culmination of what you know. Pass one exam and all of a sudden they think they're an SME.

Many people have an erroneous idea that employers are handing-out high-paying jobs to people who only passed an exam and got a certification. Certs like the CISSP, CISA, and CISM are meant to be achieved after considerable industry experience is acquired, and as a demonstration of that achievement. Getting the paper first is like being handed a college degree before you've taken the classes.

eMeS

JDMurray wrote: »

Many people have an erroneous idea that employers are handing-out high-paying jobs to people who only passed an exam and got a certification. Certs like the CISSP, CISA, and CISM are meant to be achieved after considerable industry experience is acquired, and as a demonstration of that achievement. Getting the paper first is like being handed a college degree before you've taken the classes.

What I find most interesting about these and other high-level certs is the experience required and verification of said experience. I know from reading discussions that the ISC2 has tightened things up a bit, but I would say that at least most of the others have not.

For all of the high-level certs that I hold, I only know of one that actually verified the experience that was submitted. That was ASQ for their Six Sigma Black Belt.

MS