Advanced Certification Guidance

bokosbokos Member Posts: 14 ■□□□□□□□□□
Hello,

Long time visitor of these forums. Over the years, I've gained some great knowledge from everyone here. This is my absolute go-to place to look for my next opportunity for technology-related certification. Today, I come to you guys (and gals) with an issue that has really been throwing me for a loop. This issue is where I go next with respect to security certification. For the first time, I feel like I've run into a wall and really unsure of what my next certification should be.

I currently hold valid certifications in the following: CISSP, CISA, CISM, CCSK, CIPM (IAPP), and CIPT (IAPP). I'm very interested in the security management and privacy practices of organizations. I've never been a huge fan of vendor certifications (i.e. Microsoft and Cisco) as I like to have a "broad" scope when approaching these certifications and prefer not to be tied to a vendor, even if they have a strong market share. Furthermore, I recognize that EC-Council, specifically CEH, has a strong marketing budget and appear in the DoD certification matrix. However, I'm uncomfortable with how, over the years, they've approached their certification practices.

So, to those who stumble upon my thread, Please help me. Where should I be looking next?

Thank you.

Comments

  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    What is your formal education background?
    When you go the extra mile, there's no traffic.
  • bokosbokos Member Posts: 14 ■□□□□□□□□□
    B.S. Information Technology and M.S. Information Systems
  • bokosbokos Member Posts: 14 ■□□□□□□□□□
    Allow me to communicate some of what's been on my mind...

    Microsoft: Didn't see anything of interest. I don't believe it's beneficial to go after their MSCA/MSCE designations.

    Cisco: Didn't see anything of interest. They, of course, have their security concentration, but I don't think that would compliment what I have thus far.

    ISACA: Only two certifications left in their portfolio (CRISC, CGEIT). These may work. Little frustrating that they still do their exams on paper and only twice a year.

    (ISC)2: Don't believe CSSLP will do much for me. Same goes for CAP. There are the CISSP concentration and the CCSP.

    SANS: These are off limits for now, unfortunately. Great material, great certifications, however I'm on my own at the moment with respect to paying for exam fees. These are super expensive.
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    I was thinking the same thing. What about some of the GIAC ones? GIAC Information Security Management Certifications

    Edit: Nevermind, skipped over the GIAC/SANS part.
    When you go the extra mile, there's no traffic.
  • bokosbokos Member Posts: 14 ■□□□□□□□□□
    CarlSaiyed,

    Thanks for the responses thus far.

    Little bit of a draft list for me --

    ISACA - CGEIT, CRISC
    (ISC)2 - ISSAP, ISSEP, ISSMP
    IAPP - CIPP/E, CIPP/C
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    What about a project management certification? Since there isn't really any technical certifications you can go for since you want to stay neutral...something like PMP would round you out.
  • OctalDumpOctalDump Member Posts: 1,722
    Have you got anything in the ISO 20000, Cobit or Resilia? I think there's also someone offering ISO 27000 series certifications.

    I think that fluency in multiple frameworks like these, beyond what you just pick up along the way, could be very useful at the higher, more abstract level you seem to prefer.

    The CRISC also seems like an obvious choice, and there are others aimed more at CISO level. There's also the new ISC2 CCSP, which seems like an obvious bandwagon to jump on. It seems to be the first serious Cloud Security certification available.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • bryanthetechiebryanthetechie Member Posts: 172
    Have you thought of teaching community college or CISSP prep courses instead of pursuing another cert? I've always felt that teaching experience on a resume looks great. You have a great set of certs and education, and this sounds like a solid step for building greater authority in your field.
  • bokosbokos Member Posts: 14 ■□□□□□□□□□
    TechGuru80,

    Thank you for your guidance. I've actually thought about getting the PMP certification, on and off, for many years. At one point I had an approved application in PMI's system and had purchased Rita Mulcahy's book to start preparation. Upon further reflection, I felt it was a very heavy non-technology certification to have for a security guy. Also reading some of the book, the material was extremely boring and dry to me. I actually enjoy reading technology and security materials, but when I got to project management text, it put me to sleep.

    OctalDump,

    Thank you for your guidance. Do you have some framework certifications in mind? When one looks at job postings, you see the typical "CISSP, CISM, etc. required," but the line below usually talks about COBIT, FISMA, or the NIST 800 series. I agree with CRISC. I think that could be a great one to add to the list. CCSP also looks very interesting but is a new release. Not a lot of training materials out there. Definitely on my radar, though. Do you have any other CISO-level certifications in mind?

    Bryanthetechie,

    Thank you for your guidance. This is actually a great suggestion. I was reading some materials by Chuck Easttom and ended up on his website looking at his CV. He has a bunch of certifications and work experience. What really stood out, however, was his teaching experience both in a formal university setting but also courses online and bootcamps.


    I slept on it a bit and adjusted my draft certification list above slightly. Took off IAPP certifications and tightened up ISACA/(ISC)2. Now I have...

    ISACA - CRISC
    (ISC)2 - ISSAP, ISSMP
  • bokosbokos Member Posts: 14 ■□□□□□□□□□
    I'd also like to expand the scope of this slightly. I'm also very open to well respected, well priced certificate programs offered by universities. I think it's a great pairing to formal degrees.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    bokos wrote: »
    TechGuru80,

    Thank you for your guidance. I've actually thought about getting the PMP certification, on and off, for many years. At one point I had an approved application in PMI's system and had purchased Rita Mulcahy's book to start preparation. Upon further reflection, I felt it was a very heavy non-technology certification to have for a security guy. Also reading some of the book, the material was extremely boring and dry to me. I actually enjoy reading technology and security materials, but when I got to project management text, it put me to sleep.
    Ready for some tough love? If you like management of anything related to technology, you have to be able to lead and manage projects. Small, medium, large size projects are a major part of the job. Need a huge configuration rollout...implementing new infrastructure...auditing compliance of your organization...these can all be considered projects. It's boring I get it but you are missing a chunk to make you well rounded. A manager who cannot lead projects is worthless. Think about it...if you hate project management but have a certification in it you will be ahead of those who hate it and have nothing to show...might help you for a job or interview later. You could do something like Project+...fairly basic and doesn't require a lot of crazy dedication.
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    While this might be a bit basic for you, you might want to consider MIT's Cybersecurity: Technology, Application and Policy certificate. It will give you a bit of a name drop (it is MIT after all) without costing a ton of money ($595).
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • adrenaline19adrenaline19 Member Posts: 251
    Write and submit a paper to a big conference. Saying you were a presenter at Defcon, BlackHat, etc. goes a lot further than a basic certificate.
Sign In or Register to comment.