Certification Advice - New to Security

jcicatellojcicatello Registered Users Posts: 1 ■□□□□□□□□□
Hi,

Does anyone have a certification suggestion for a certified project manager (PMP) from the telecommunications industry (21+ years technical 6 management) who is now being asked to manage security related projects?

I work for a large telecom company that is moving heavily into managed security services and security outsourcing. As a PM I do not need to be a SME (they will be part of the project team), nor do I have the inclination for highly technical roles.

I am considering

Security+
GSEC
CISA (my manager suggested it)

Any others for someone who is management focused?

Thanks

Comments

  • fuz1onfuz1on Member Posts: 961 ■■■■□□□□□□
    I think Security+ is really beneficial for someone who has the technical know-how to transition into an infosec role by building foundational, security-specific best practices. Of course, I'm just talking about my own personal experience and how the doors were opened for me lately. Also, I'm all for GIAC and ISACA certifications too (especially if your work pays for them). If you do try for the CISA, become an ISACA member so you get discounts.

    I pay for most of my certs myself so Security+ ($240) vs. CISA ($600) vs. GSEC ($1099) was a no-brainer in terms of cost and benefit.

    CISSP, CISM and CASP are better but you said you don't need to be a SME.
    timku.com(puter) | ProHacker.Co(nsultant) | ITaaS.Co(nstultant) | ThePenTester.net | @fuz1on
    Transmosis | http://transmosis.com | LinkedIn | https://linkedin.com/in/t1mku
    If evil be spoken of you and it be true, correct yourself, if it be a lie, laugh at it. - Epictetus
    The only real failure in life is not to be true to the best one knows. - Buddha
    If you are not willing to learn, no one can help you. If you are determined to learn, no one can stop you. - Unknown
  • dou2bledou2ble Member Posts: 160
    I used to work for one of the Big 4 and managers are required to have CISSP or CISM. These are both non technical. CISM is more on the auditing side so I would say go for CISSP. CISA and S+ are for entry level, IMO. Not familiar enough with GSEC to recommend or not.

    As someone who's been in security for a while and had to work my way up. PM's that didn't have an overall understanding of security, know methodologies and frameworks of how to implement security never got very far. And it was very frustrating to work for them. This is why I recommend the CISSP.
    2015 Goals: Masters in Cyber Security
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    The CISA covers more of an auditing perspective whereas CISSP and CISM cover management and Information Security.

    I have not taken the GSEC but if your work will buy the training then I would suggest you go for the GSEC.
    If not, go for the Security+ then hit the CISSP. Most people who have passed the CISSP and took the CISM and passed with ease.

    Good Luck!
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    The GSEC is relatively technical and the coverage is rather broad. If you're not very technical, this class might feel overwhelming and I'd be unsure of its applicability to your specific need. However, information security can require understanding scenarios in a contextually-dependent manner and you need to have some insight in regards to operational realities as well as general theory and mindset. I do not believe the CISSP itself goes in detail enough for someone to be aware of potential subtleties that make a difference because it doesn't seem to have exposure of the "in your face" dynamic nature of threats and risks (at least in the way the GSEC does, although not as much as other SANS courses). I've only casually studied for the CISSP, however, so I'm not all that qualified to make that comparison.

    Note that the GSEC itself is a semi-starter level certification (beyond Security+ for sure), but it's more broad than deep-focused on specific subsets of security domains. Sometimes you don't need to have that in-the-trenches knowledge, but sometimes not having awareness of some of the smaller details might leave you detatched from reality.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • RemedympRemedymp Member Posts: 834 ■■■■□□□□□□
    But, the perks of being ISACA is that the community charter is one of best technology organization I ever had the opportunity to join. Attend maybe five average meetings or conferences a year regionally and nationally and the learning experience is refreshing.

    Check out their Security Nexus.
  • dou2bledou2ble Member Posts: 160
    Remedymp wrote: »
    But, the perks of being ISACA is that the community charter is one of best technology organization I ever had the opportunity to join. Attend maybe five average meetings or conferences a year regionally and nationally and the learning experience is refreshing.

    Check out their Security Nexus.

    Agreed. And much better than ISC2 community in my area.
    2015 Goals: Masters in Cyber Security
  • seltaebseltaeb Member Posts: 11 ■□□□□□□□□□
    GSEC is the best for new for IT Security, because it has all material about security from the basic
Sign In or Register to comment.