Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer III

What next after CISSP?

5 Replies
Newcomer III

Re: What next after CISSP?

sorry, entered too soon,.


Based on my interests/skillsets, I am leaning towards:

  1. CIPP ( Information Privacy)
  2. Forensics?
  3. Auditing (CISA)
  4. CCSP


As an Oracle Data Professional, and AWS tech, I have had the opportunity to work on cloud and been involved in SOC2 audits..:)

so I guess, question is: whats best to augment if you would want to enhance/build your contracting/consulting business?


I read about PCI QSA which is awesome, but I would have to be employed by a QSA approved firm



Newcomer I

Re: What next after CISSP?

Hi, based on your profile, I would have thought CISA by ISACA as the natural next step among the ones in your list. I'm quite keen to hear the community view.

Contributor III

Re: What next after CISSP?

CISA might be good for you.  I recommend getting involved with your local ISACA chapter, as many offer prep courses for it (mine does).  I always recommend people take a look at the application for it to be sure you are doing the work that meets the domains.  With the ISACA certs you have 5 years after passing the test to get the experience and submit the paperwork.  If you have a degree or certain certs, you can knock off a year or two of that.  Also, much of the CPE work you do for CISSP will probably count for the CISA (does for me).


As you're doing cloud work, CCSP might be good, but may be too general.  Also look at the AWS certs themselves.  Am looking at both myself.

Not aware of any forensic certs right now, unless you look at the SANS/GIAC certs.  These can be pricy, sadly.

IF you're doing privacy, take a look at the CIPP.  There are actually several of them.  One is aimed at IT people, another the privacy people, and they have ones aimed at folks in Europe, US, etc.  Some of what I do overlaps, but have only taken a cursory look at it.  See if there is a local CIPP chapter that you can drop by and chat with folks.

Influencer II

Re: What next after CISSP?

> oradba888 (Newcomer II) posted a new topic in Certifications on 05-06-2019 09:15


> Subject: What next after CISSP?


Well, as we've pointed out elsewhere, have a look at
and you should get lots of good ideas ...


Other posts:

This message may or may not be governed by the terms of or
Advocate I

Re: What next after CISSP?

It all depends on where you'd like to go with your career, but having the paper qualification is only part of the picture.  It would probably make sense to group them by job family and then decide what sort of career path your hoping to follow:


Pen Testing
CREST Practitioner Security Analyst (CPSA)
CREST Registered Penetration Tester (CRT)
Certified Ethical Hacker (CEH)
Licensed Penetration Tester (LPT) Master
Offensive Security Certified Professional (OSCP)
GIAC Penetration Tester (GPEN)
GIAC Exploit Researcher & Advanced Penetration Tester (GXPN)



Internal Security Assessor (IS)
Payment Card Industry Professional (PCIP)


Incident Response

GIAC Certified Incident Handler (GCIH)
CyberSec First Responder (CFR)



System Security Certified Practitioner (SSCP)
Information Systems Security Engineering Professional (ISSEP)



GIAC Systems and Network Auditor (GSNA)
ISACA Certified Information Systems Auditor (CISA)
ISO27001 Internal Auditor
ISO27001 Lead Auditor