cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
oradba888
Newcomer III

What next after CISSP?

 
5 Replies
oradba888
Newcomer III

sorry, entered too soon,.

 

Based on my interests/skillsets, I am leaning towards:

  1. CIPP ( Information Privacy)
  2. Forensics?
  3. Auditing (CISA)
  4. CCSP

 

As an Oracle Data Professional, and AWS tech, I have had the opportunity to work on cloud and been involved in SOC2 audits..:)

so I guess, question is: whats best to augment if you would want to enhance/build your contracting/consulting business?

 

I read about PCI QSA which is awesome, but I would have to be employed by a QSA approved firm

 

thanks

Fabio7
Newcomer I

Hi, based on your profile, I would have thought CISA by ISACA as the natural next step among the ones in your list. I'm quite keen to hear the community view.

emb021
Advocate I

CISA might be good for you.  I recommend getting involved with your local ISACA chapter, as many offer prep courses for it (mine does).  I always recommend people take a look at the application for it to be sure you are doing the work that meets the domains.  With the ISACA certs you have 5 years after passing the test to get the experience and submit the paperwork.  If you have a degree or certain certs, you can knock off a year or two of that.  Also, much of the CPE work you do for CISSP will probably count for the CISA (does for me).

 

As you're doing cloud work, CCSP might be good, but may be too general.  Also look at the AWS certs themselves.  Am looking at both myself.

Not aware of any forensic certs right now, unless you look at the SANS/GIAC certs.  These can be pricy, sadly.

IF you're doing privacy, take a look at the CIPP.  There are actually several of them.  One is aimed at IT people, another the privacy people, and they have ones aimed at folks in Europe, US, etc.  Some of what I do overlaps, but have only taken a cursory look at it.  See if there is a local CIPP chapter that you can drop by and chat with folks.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
rslade
Influencer II

> oradba888 (Newcomer II) posted a new topic in Certifications on 05-06-2019 09:15

 

> Subject: What next after CISSP?

 

Well, as we've pointed out elsewhere, have a look at
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-181.pdf
and you should get lots of good ideas ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Steve-Wilme
Advocate II

It all depends on where you'd like to go with your career, but having the paper qualification is only part of the picture.  It would probably make sense to group them by job family and then decide what sort of career path your hoping to follow:

 

Pen Testing
CREST Practitioner Security Analyst (CPSA)
CREST Registered Penetration Tester (CRT)
Certified Ethical Hacker (CEH)
Licensed Penetration Tester (LPT) Master
Offensive Security Certified Professional (OSCP)
GIAC Penetration Tester (GPEN)
GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)

 

PCI 

Internal Security Assessor (IS)
Payment Card Industry Professional (PCIP)

 

Incident Response

GIAC Certified Incident Handler (GCIH)
CyberSec First Responder (CFR)

 

Engineering

System Security Certified Practitioner (SSCP)
Information Systems Security Engineering Professional (ISSEP)

 

Auditing

GIAC Systems and Network Auditor (GSNA)
ISACA Certified Information Systems Auditor (CISA)
ISO27001 Internal Auditor
ISO27001 Lead Auditor

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS