topic Re: Suggestions in Member Support

Suggestions

Mde — Mon, 09 Oct 2023 09:14:40 GMT

I just received my CISSP and would like to pursue another certification, what do you recommend and why? (I have a little over 3 year experience in the field and I am interested in something that helps me get a more in depth knowledge on topics covered by cissp. Thank you..

Re: Suggestions

Steve-Wilme — Tue, 25 Jun 2019 07:26:43 GMT

You could look at the CISSP concentrations, but I'd suggest you align your studies to your longer term career strategy. There are a number of different roles in security and it would make sense to do something relevant to your next step.

Re: Suggestions

CraginS — Tue, 25 Jun 2019 12:52:30 GMT

@Mde wrote:
I just received my CISSP and would like to pursue another certification, what do you recommend and why? (I have a little over 3 year experience in the field and I am interested in something that helps me get a more in depth knowledge on topics covered by cissp. Thank you..

You may notice a tendency in this forum for answers pointing at other (ISC)2 credentials. However, I recommend you consider certifications from two other professional organizations that are more likely to contribute to broader success in getting your cybersec knowledge and advice implemented. First, look at the System Engineering certifications from INCOSE. The SE approach will align you with the security engineering philosophy that Dr. Ron Ross and NIST are moving to with NIST SP 800-160. Second, look at the PMP for project management, that will help you guide your security recommendations through the enterprise bureaucracy to actually accomplish your goals.

Re: Suggestions

CraginS — Tue, 25 Jun 2019 13:27:31 GMT

@Mde wrote:
I just received my CISSP and would like to pursue another certification, what do you recommend and why? (I have a little over 3 year experience in the field and I am interested in something that helps me get a more in depth knowledge on topics covered by cissp. Thank you..

Also, for more in depth cybersec, broaden beyond (ISC)2 to consider other related areas such as EC Council's CEH and ISACA's COBIT efforts.

Re: Suggestions

Steve-Wilme — Tue, 25 Jun 2019 13:15:36 GMT

You could follow the standard track and look at ISO 27001 lead implementer or auditor.

You could look at cyber security incident responder.

You could take a more general risk management qualificatiion.

Taking PMP, MSP or similar project/porgramme qualification is always a reasonable call.

It would be a good idea to look at SANS and ISACA courses.

My suggestion would be to join a few professional organisation as an associate and do some networking asking other people how they developed their careers. Since many people like to talk about themselves you should pick up quite a quantity of useful information. For example, I'm a member of ISC2, ISACA, BCS, IISP, ISSA and OWASP. That's not me claiming that as an achievement, just recognising that networking within your fields is worthwhile.

Re: Suggestions

Mde — Tue, 25 Jun 2019 13:38:39 GMT

Thank you !! This is a great advice.
I am looking some courses from GIAC and while CISSP already covered CISM domains, I was hoping to get that first. I do want to aim for a managerial position in next 3 years, and I want to make the right choices along the way.

Re: Suggestions

Chuxing — Tue, 25 Jun 2019 14:05:09 GMT

@Mde If you are aiming at managerial positions, I would agree with @CraginS that looking beyond security is a better option, IMHO.

Staggering multiple security certifications does not necessarily improve your chances of opening doors for managerial positions, adding other 'soft' skills and related certifications would be more beneficial. Organizations are looking for more broader-knowledge individuals for the leadership roles, thus PMP, ITIL, COBIT, etc, would be better, again IMHO.

Best of luck,

Re: Suggestions

CraginS — Tue, 25 Jun 2019 15:01:38 GMT

@Mde wrote:
Thank you !! This is a great advice.
I am looking some courses from GIAC and while CISSP already covered CISM domains, I was hoping to get that first.

CISSP and CISM are pretty much competitive certifications covering the same security management arenas, just from slightly different perspectives. (When ISACA first created the CISM, any CISSP could grandfather in as a CISM with just a resume showing management time on top of the CISSP.) There is high duplication between them. I recommend adding a CISM only if the industry or companies you are looking at show a high level of interest or usage of CISA and CISM. Your energies of study time and cam and CPE fees will be better spent on tighter focus within Cybersecurity and broader management (beyond security) training and certs.

Re: Suggestions

Mde — Tue, 25 Jun 2019 15:14:39 GMT

Thank you for your suggestions. I will be getting my work to sponsor the education, what do these usually cost ?

Much appreciated..

Re: Suggestions

Chuxing — Tue, 25 Jun 2019 15:44:48 GMT

The latest COBIT 2019 has an online certification course ran by ISACA, I believe that is costs ~USD1100 including voucher.

There are multiple ITIL 4 ( the latest version) courses online such as udemy, Check with AXELOS for authorized trainers in your region.

Check PMI for training courses online or in your area on PMP, and costs. I believe some colleges offer PMP courses as extensions, usually cheaper than commercial trainers.

But, the most important thing is: you should plan your career path first, and then research what additional certifications are beneficial.

Re: Suggestions

Mde — Tue, 25 Jun 2019 16:22:39 GMT

Thank you ... thank you for you greatly helpful advice. I am looking into your recommendations and I really think they would be a great next move !!!