ISSMP vs CISM

JackSussmilch · ‎01-19-2021

Ho All,

I'm sorry if this looks like a rehash of the an old topic, however, my research only really found some outdated responses.
TLDR; Is the CISM really worth it compared to the ISSMP from a learning perspective?

Over the past few months, I have finally had the time and headspace to get myself certified ( CISSP, CCSP (pending accreditation), CSSLP (sitting exam in a couple of weeks).

After I have knocked out the CSSLP, I am trying to decide between doing the ISSMP or the CISM. The CISM serms to be much more recognised by HR groups, however, aside from that I am not so sure it will provide much more educational knowledge than if I took the CISSP-ISSMP. Likewise, the CISM seems quite expensive by comparison both in terms of acquisition and maintenance.

On the other hand, the reference material for the isc specializations do not seem to have had much focus.

Just as a bit of background, I have always had a broad degree of everything IT and in business ( original degree was applied computing ), and I have spent a couple of decades architecting, designing, implementing, leading and managing teams of Software Configuration Managers ( but a much broader definition of SCM that serms to pervade ISC ) - i.e. everything from implementing full SDLC lines of communication ( reqs through to dev and retirement), but also branching strategies, SCM strategies, policies and plans, sw assurance, Environment management etc).

As some people may ask, my target is very much along the lines of continuing to ensure I do not ask a report to do something I either have not or could not do to a reasonably competant level. And to be the sort of manager who can coach and mentor without micromanaging. I get a kick out of enabling people and teams.

To this end, I am considering going "Full neckbeard" and picking up all the ISC certs, just to be a bit different.

AppDefects · ‎01-19-2021

Congratulations and welcome to the certification hog club and I mean that in the most affectionate way possible! I hope that you have a supportive employer because the time and dollar commitment to maintaining multiple certifications cannot be understated.

Both the ISSMP and the CISM have lots to offer and they even have some overlap, but the real hard question to ask yourself and the certifying organizations is whether or not there is real growth with the certification. That will give you a hint at its trajectory. Consider membership counts and marketing visibility - that's what drives community and professional engagement.

JKWiniger · ‎01-19-2021

@JackSussmilch I would say that the CISM tries to compete the they CISSP. I have known people who have tried and failed the CISM, and I know why! The two certifications come from very different mindset. I believe the CISSP comes from a best practices mindset, where as the CISM comes from a what's best for management mindset. If you try to take the CISM with a best practices mindset you will not be happy with the outcome.

While I have not looked into the ISSMP concentration I would expect that it would go into deeper knowledge than what is covered with the CISSP.

I was offered to be grand fathered into the CISM when it first came out and declined. My main reasons where that I already have the CISSP and I did not want to have to bother with tracking CPEs and paying fees for a certification I felt was not as good as what I already had. With resent changes the ISC2 has combines fees for certification so one fee covers all that you have with them, which I like, and CPEs can be applied to multiple certifications as long as they apply.

If I have missed the mark with any of this I hope others will step up and correct me,

But that's my .02

John-

AppDefects · ‎01-19-2021

Having lived through the dark ages of paying individual certification fees I seemed to have forgotten how good we now have it with (ISC)2. The Board Member that dreamed up combined fees really needs to get a medal of honor! I won't get into the rollout which was a little bit of a roller-coaster!

Now, in terms of mindset @JKWiniger is spot on, in fact that premise applies to the entire catalog of ISACA certifications - I know because I passed and certified all of their credentials. Does having the CISM matter? Its not like the classic "wine pairing" that we used to do i.e., start with the CISSP then add on the CISA, etc. In today's world, especially in defense, you need to layer on technical skill. Whether that is program management with the PMP or other "offensive security" type certifications that will differentiate you.

"You take the blue pill, the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill, you stay in wonderland, and I show you how deep the rabbit hole goes. Remember: all I'm offering is the truth. Nothing more."

Which will it be?

JackSussmilch · ‎01-19-2021

Thanks AppDefects,

Thanks for the warm welcome.

With me being self employed, I have a good rapport with my boss, so that shouldn't be a problem 😉

JackSussmilch · ‎01-19-2021

Thank you JK,

That perfectly summarises what I have read regarding the CISSP and CISM and it makes perfect sense.

Definitely it makes more sense for me to keep this raft of certifications under the one roof, or so to speak.

I wonder what people who have obtained the ISSMP have to say. For me, I am most interested in the content - the visibility of the certification comes secondary to that to some extent.

GermanArnd · ‎01-20-2021

Hi Jack,

i did the issmp training end of 2020 as a slef pased training. Because of covid i was not able to make the exam, but will try it as soon as pearson is open again.

The subjects of the training have a more management point of view, and are for me as an IT guy with round about 25 years expirience sometimes to high level :-).

But in general you will have a good overview about the topics and how you can handle this within a company. sometimes, if you are thinking about lifecycle and risk, you will see, that most of the tasks you allready have seen in your daily work.

2 colleags of mine took the cissp and one year alter the cism, and now have to pay isaca as well. they said, thats questions of the test are different, but many of them where allready covered by the cissp.

On comment to the self passed online training... You will go mad... most of them where really short like 90 seconds of video with loading and the ic2 intro it took a really long time. You have good articels you need to read what are more detailled as the videos. In my point ov view it is stupid to to have a 90 second video, 2 pages of reading, 90 seconds video and so on. Because of that the estimated time for working throught this is much higher than the 40 hours.

Have fun
alf

JackSussmilch · ‎01-20-2021

Thanks Alf, thats a really useful Insight.

I have decided to do the ISSMP. The CISM can wait for now, I think.

AppDefects · ‎01-21-2021

@GermanArnd you are in luck! In February you can take the exam from home. Check out the press release here.

"Candidates can register for the (ISC)² online proctoring pilot test beginning today. Online examinations for the CAP, CCSP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and SSCP certifications will be administered February 15, 2021 – February 21, 2021. Online CISSP examinations will be administered February 22, 2021 – February 28, 2021."

GermanArnd · ‎01-22-2021

@AppDefects

Online proctoring pilot test deliveries will be limited to candidates located within the United States...

living in the wrong country 😂