topic Re: PCIP (PCI-DSS) in Career Discussions

PCIP (PCI-DSS)

oradba888 — Sat, 11 May 2019 23:16:12 GMT

Hi all,

Im looking for the next step from CISSP.

what does everyone here think about the PCIP or ISA? Will they add value to the CISSP?
What about the CEH cert?
The CIPP data privacy professional is something im also considering.

basically, trying to find out as much adding to skill sets to enhance a consulting career

thanks

Re: PCIP (PCI-DSS)

CraginS — Sun, 12 May 2019 14:45:41 GMT

@oradba888 wrote:
Hi all,
Im looking for the next step from CISSP.
what does everyone here think about the PCIP or ISA? Will they add value to the CISSP?
What about the CEH cert?
The CIPP data privacy professional is something im also considering.
basically, trying to find out as much adding to skill sets to enhance a consulting career
thanks

In order to give meaningful answers to your questions, you first need to answer a few more for yourself:

1. What jobs do you want in your future?

2. What skill sets are called for in those jobs?

3. What companies or organizations do you want to work with and for: commercial, non-profit, government?

4. What certifications are you seeing in job ads from the companies you want to work for?

5. What cybersec or infosec tasks do you find engaging and really enjoy?

Remember, cybersecurity is not a single field, it is a mishmash of quite a few very different areas. Which of those fields do you want to become a specialist in?

Good luck!

Re: PCIP (PCI-DSS)

oradba888 — Sun, 12 May 2019 17:25:59 GMT

Dr, Shelton,

Ideally, no government work, in cases where I can do consulting is probably worth it, meaning I have my own time/work schedule. Quality of life is more important to me, that being said, i'd hate to be in an arena where I sit on a desk for 8 hours..:) sorry to sound weird or spoiled...

That being said, I'd like to be in a role where I perform outbound consulting to several companies, that would be the long term target

It sounds more like a data privacy consulting or security consulting role would be ideal/practical for what I am looking for.

So that translates into:

1). Maybe a CIPP/CIPT IAPP certification and gain experience on the ever-blossoming data security/privacy arena.

2). I thought about a CEH cert and that would also tie into data security.

Like you said, Security is such a broad term and one arena cannot exist without the other.

Meaning, to protect data, you have to know:

the technical controls: ( CEH, CISSP knowledge)
Admin controls ( Data privacy policies, executive management roles/controls, classifying data)

So no one thing,,,) heck, might as well get all of them..:)

Re: PCIP (PCI-DSS)

Steve-Wilme — Mon, 13 May 2019 07:24:30 GMT

You have to think it through in terms of what job roles you're looking to move into next rather than just bag certifications and hope. There are fairly clear career tracks in InfoSec; Pen Testing, Forensics, Incident Response, Audit, Training and Awareness, AppSec and more general GRC. Thinking through what you'd be looking to do in the next couple of years as a next step.

You may want to consider the CISSP concentrations, as they're not too specialised.

Keep in mind the ISA isn't transferrable between employers. Unless you're seeking to become a QSA, then specific PCI related qualifications are essentially. You can pick up everything you need from general PCI course, reading the SSC documents and working practically on a compliance program.

If you're considering an audit focused career you may want to consider an ISACA CISA or a ISO 27001 LA qualification, but even with these you'd ben starting at the junior end of the spectrum, unless you already have audit experience.

The IAPP CIPP is a more specialised privacy related qualification, more typically held by Data Protection personnel. It would balance out the more techncial focus of a CISSP, but you may find specialisation is more common in larger companies.

Re: PCIP (PCI-DSS)

emb021 — Mon, 13 May 2019 14:14:07 GMT

PCI certs. As noted, ISA isn't transferable between employers, and the QSA is limited to if your company does it. It's a big investment in getting that. Better to team up with a QSA to do PCI assessments at this point.

CEH is a mixed bag. It's more a technical cert, seems more hands-on, but there are many who aren't impressed by it or EC-Council.

Privacy certs are useful only if you're really getting into privacy work. I do some doing HIPAA work, but not focused enough to pursue on. If I did, not sure if I'd go for the CIPT or one of the CIPP.

I would recommend taking a look at ISACA's CRISC or CISA cert. And I'd really recommend the SANS/GIAC certs based on what areas you want to specialize in.

Re: PCIP (PCI-DSS)

oradba888 — Mon, 13 May 2019 14:59:41 GMT

Thanks
I took a look at CCSK last night and also based on my experience , this may be the path I will look at next.
And then the CISA would be nice

Eventually I’m hoping ,using the CISSP route to get into privacy law

Sent from myMail for iOS

Re: PCIP (PCI-DSS)

AppDefects — Mon, 13 May 2019 15:23:52 GMT

The CISSP CBK does include privacy, so don't expect to much to change there. Could there be a new CISSP Privacy Engineering specialization that would be different then what the IAPP does with its CIPT? There is always room grow, but that is a business decision for (ISC)2. I would strongly support its development. The value in such a proposition is aligning it to security controls and privacy engineering concepts rather than legal prepositions. There is a lot of good work coming out from NIST along the lines of Privacy Engineering that CISSPs can reference in terms of building privacy-preserving Cloud services and applications.

Re: PCIP (PCI-DSS)

oradba888 — Mon, 13 May 2019 15:32:42 GMT

With the advent of so many legal changes, i think we are in a splendid position to stay in the forefront. CISSP backgrounds are diverse that we can "plug and play" into any position and hit the ground running.

of course, having a specialty will onyl enhance, like the data privacy.

Seems more leaning towards legal counsel, but still , we have the technology edge to implement such a program.

Re: PCIP (PCI-DSS)

CyberMa8 — Sat, 13 Jan 2024 03:12:27 GMT

.inho I would suggest ( depending where you are I'm the journey: follow chronology this path consultant:

CISSP, CCKS, CISA, PCIP, PCI-QSA

Note: depending where's your on the journey as laid out above.

Re: PCIP (PCI-DSS)

oradba888 — Mon, 15 Apr 2024 05:49:02 GMT

the issueis finding a QSA cert org that can take me on as an auditor