topic Re: What next after CISSP? in Exams

What next after CISSP?

oradba888 — Tue, 07 May 2019 01:15:25 GMT

Re: What next after CISSP?

oradba888 — Tue, 07 May 2019 01:18:25 GMT

sorry, entered too soon,.

Based on my interests/skillsets, I am leaning towards:

CIPP ( Information Privacy)
Forensics?
Auditing (CISA)
CCSP

As an Oracle Data Professional, and AWS tech, I have had the opportunity to work on cloud and been involved in SOC2 audits..:)

so I guess, question is: whats best to augment if you would want to enhance/build your contracting/consulting business?

I read about PCI QSA which is awesome, but I would have to be employed by a QSA approved firm

thanks

Re: What next after CISSP?

Fabio7 — Tue, 07 May 2019 08:54:11 GMT

Hi, based on your profile, I would have thought CISA by ISACA as the natural next step among the ones in your list. I'm quite keen to hear the community view.

Re: What next after CISSP?

emb021 — Tue, 07 May 2019 15:26:46 GMT

CISA might be good for you. I recommend getting involved with your local ISACA chapter, as many offer prep courses for it (mine does). I always recommend people take a look at the application for it to be sure you are doing the work that meets the domains. With the ISACA certs you have 5 years after passing the test to get the experience and submit the paperwork. If you have a degree or certain certs, you can knock off a year or two of that. Also, much of the CPE work you do for CISSP will probably count for the CISA (does for me).

As you're doing cloud work, CCSP might be good, but may be too general. Also look at the AWS certs themselves. Am looking at both myself.

Not aware of any forensic certs right now, unless you look at the SANS/GIAC certs. These can be pricy, sadly.

IF you're doing privacy, take a look at the CIPP. There are actually several of them. One is aimed at IT people, another the privacy people, and they have ones aimed at folks in Europe, US, etc. Some of what I do overlaps, but have only taken a cursory look at it. See if there is a local CIPP chapter that you can drop by and chat with folks.

Re: What next after CISSP?

rslade — Tue, 07 May 2019 16:18:03 GMT

> oradba888 (Newcomer II) posted a new topic in Certifications on 05-06-2019 09:15

> Subject: What next after CISSP?

Well, as we've pointed out elsewhere, have a look at
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-181.pdf
and you should get lots of good ideas ...

Re: What next after CISSP?

Steve-Wilme — Wed, 08 May 2019 09:25:53 GMT

It all depends on where you'd like to go with your career, but having the paper qualification is only part of the picture. It would probably make sense to group them by job family and then decide what sort of career path your hoping to follow:

Pen Testing
CREST Practitioner Security Analyst (CPSA)
CREST Registered Penetration Tester (CRT)
Certified Ethical Hacker (CEH)
Licensed Penetration Tester (LPT) Master
Offensive Security Certified Professional (OSCP)
GIAC Penetration Tester (GPEN)
GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)

PCI

Internal Security Assessor (IS)
Payment Card Industry Professional (PCIP)

Incident Response

GIAC Certified Incident Handler (GCIH)
CyberSec First Responder (CFR)

Engineering

System Security Certified Practitioner (SSCP)
Information Systems Security Engineering Professional (ISSEP)

Auditing

GIAC Systems and Network Auditor (GSNA)
ISACA Certified Information Systems Auditor (CISA)
ISO27001 Internal Auditor
ISO27001 Lead Auditor