Where do I go from here?

94jedi · March 2014

Hey all, I've been a CISSP since March of 2012 and am looking to take the next step. I'm currently a info security analyst but would like to eventually be a CISO and take the next step into the six-figure realm. I currently work in healthcare (seems to be more money here) but have also worked as a DoD contractor for one of the top 5 major contractors.

My question is - what's my next certification step?

I've heard that the CISA is a bit redundant if I already have the CISSP, although I notice most job req's ask for the CISA.

CISM seems like a likely choice, but I wonder if I'd price myself out of the market.

HCISPP might be a good choice give my current industry, but I don't know if the value is there yet. Maybe I should get it now, before supply crosses over demand?

PMP/Project+: This is one I hadn't considered until recently but I think it might be of value to me and my career.

Any thoughts/input would be appreciated.

zxbane · March 2014

Jedi,

I am pursuing the CISM myself at the moment because I work as a Info Assurance Manager for the DoD. I don't know if I agree that the CISA is redundant if you hold the CISSP since from my understanding the CISA delves much deeper into the realm of auditing, as expected..

I plan to test in June for the CISM and from studying so far I must say it gives me a much better overall view of organizations and how security is incorporated into organizational activities, as well as risk management, compliance etc. I definitely would recommend it if you have the required experience to go along with it.

94jedi · March 2014

zxbane wrote: »

Jedi,

I am pursuing the CISM myself at the moment because I work as a Info Assurance Manager for the DoD. I don't know if I agree that the CISA is redundant if you hold the CISSP since from my understanding the CISA delves much deeper into the realm of auditing, as expected..

I plan to test in June for the CISM and from studying so far I must say it gives me a much better overall view of organizations and how security is incorporated into organizational activities, as well as risk management, compliance etc. I definitely would recommend it if you have the required experience to go along with it.

Thanks for the input zxbane. I was IAO/ISSO for a DoD entity. Never made it to IAM but I had always planned that. I'd like to stay in healthcare as it seems a bit more lucrative but I must admit, I do miss aspects of the military/DoD.

I feel like the CISA may be beneficial, especially in the healthcare industry as auditing is a core duty.

I know you haven't tested yet but is the CISM more difficult than the CISSP?

zxbane · March 2014

As you mentioned I haven't actually taken the CISM yet but in my opinion so far the CISM isn't as stressful as the CISSP was. The reason I say that is that the scope isn't as broad as the CISSP was, the CISM focuses on 4 domains where CISSP had 10 and covered many more topics. The CISM allows you to focus on a concentrated 4 domains. It is also more logic based, a lot of the review practice questions can be answered by following a logical thought process, compared to the CISSP where you honestly had to remember technical details about encryption, networking etc.

94jedi · March 2014

zxbane wrote: »

As you mentioned I haven't actually taken the CISM yet but in my opinion so far the CISM isn't as stressful as the CISSP was. The reason I say that is that the scope isn't as broad as the CISSP was, the CISM focuses on 4 domains where CISSP had 10 and covered many more topics. The CISM allows you to focus on a concentrated 4 domains. It is also more logic based, a lot of the review practice questions can be answered by following a logical thought process, compared to the CISSP where you honestly had to remember technical details about encryption, networking etc.

Is the CISM something that can be done fairly quickly? I believe the next test is in June. Is it feasible to do self-study or is it something like the CISSP where you really would benefit from a class or bootcamp?

zxbane · March 2014

I personally self studied for the CISSP for roughly 2.5-3 months and I am self studying for the CISM until June as well. I guess that is a question that really depends on the individual and their ability to self study and dedication to it.

94jedi · March 2014

zxbane wrote: »

I personally self studied for the CISSP for roughly 2.5-3 months and I am self studying for the CISM until June as well. I guess that is a question that really depends on the individual and their ability to self study and dedication to it.

I see. I was moved to IAM-II so I needed to get the CISSP asap. As a result, the contractor I was with at the time paid for a bootcamp. I don't know that I would have passed on the first shot without the boot camp, but all of my other certs have been self-study. I'm a little worried about the CISM test though. I was one of the last CISSP's to test on paper and I'm not looking forward to that again!

paul78 · March 2014

Just my 2 cents, but I think ISACA certs are generally best done as self-study. Most of their materials are generally review of topics which are pretty straight-forward if you already have relevant work experience. While the material isn't difficult, the interesting part about ISACA exams is their attempt to try to evaluate judgement of the individual. For me, that makes taking the exam very tiring because of the intense focus that is needed. And because it's paper-based, I find it exhausting after taking an ISACA exam - just because of my tendency to grip that pencil and circle those dots for 4 hours.

Good luck to those taking the June exams.

Where do I go from here?

Comments