cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Mde
Newcomer I

Suggestions

I just received my CISSP and would like to pursue another certification, what do you recommend and why? (I have a little over 3 year experience in the field and I am interested in something that helps me get a more in depth knowledge on topics covered by cissp. Thank you..
10 Replies
Steve-Wilme
Advocate II

You could look at the CISSP concentrations, but I'd suggest you align your studies to your longer term career strategy.  There are a number of different roles in security and it would make sense to do something relevant to your next step.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
CraginS
Defender I


@Mde wrote:
I just received my CISSP and would like to pursue another certification, what do you recommend and why? (I have a little over 3 year experience in the field and I am interested in something that helps me get a more in depth knowledge on topics covered by cissp. Thank you..

You may notice a tendency in this forum for answers pointing at other (ISC)2 credentials. However, I recommend you consider certifications from two other professional organizations that are more likely to contribute to broader success in getting your cybersec knowledge and advice implemented. First, look at the System Engineering certifications from INCOSE. The SE approach will align you with the security engineering philosophy that Dr. Ron Ross and NIST are moving to with NIST SP 800-160. Second, look at the PMP for project management, that will help you guide your security recommendations through the enterprise bureaucracy to actually accomplish your goals.

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
CraginS
Defender I


@Mde wrote:
I just received my CISSP and would like to pursue another certification, what do you recommend and why? (I have a little over 3 year experience in the field and I am interested in something that helps me get a more in depth knowledge on topics covered by cissp. Thank you..

Also, for more in depth cybersec, broaden beyond (ISC)2 to consider other related areas such as EC Council's  CEH and ISACA's COBIT efforts.

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Steve-Wilme
Advocate II

You could follow the standard track and look at ISO 27001 lead implementer or auditor.

You could look at cyber security incident responder.

You could take a more general risk management qualificatiion.

Taking PMP, MSP or similar project/porgramme qualification is always a reasonable call.

It would be a good idea to look at SANS and ISACA courses.

 

My suggestion would be to join a few professional organisation as an associate and do some networking asking other people how they developed their careers.  Since many people like to talk about themselves you should pick up quite a quantity of useful information.  For example, I'm a member of ISC2, ISACA, BCS, IISP, ISSA and OWASP.  That's not me claiming that as an achievement, just recognising that networking within your fields is worthwhile.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Mde
Newcomer I

Thank you !! This is a great advice.
I am looking some courses from GIAC and while CISSP already covered CISM domains, I was hoping to get that first. I do want to aim for a managerial position in next 3 years, and I want to make the right choices along the way.
Chuxing
Community Champion

@Mde If you are aiming at managerial positions, I would agree with  @CraginS that looking beyond security is a better option, IMHO.

 

Staggering multiple security certifications does not necessarily improve your chances of opening doors for managerial positions, adding other 'soft' skills and related certifications would be more beneficial. Organizations are looking for more broader-knowledge individuals for the leadership roles, thus PMP, ITIL, COBIT, etc, would be better, again IMHO.

 

Best of luck,


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP
CraginS
Defender I


@Mde wrote:
Thank you !! This is a great advice.
I am looking some courses from GIAC and while CISSP already covered CISM domains, I was hoping to get that first.

CISSP and CISM are pretty much competitive certifications covering the same security management arenas, just from slightly different perspectives. (When ISACA first created the CISM, any CISSP could grandfather in as a CISM with just a resume showing management time on top of the CISSP.) There is high duplication between them. I recommend adding a CISM only if the industry or companies you are looking at show a high level of interest or usage of CISA and CISM. Your energies of study time and cam and CPE fees will be better spent on tighter focus within Cybersecurity and broader management (beyond security) training and certs.

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Mde
Newcomer I

Thank you for your suggestions. I will be getting my work to sponsor the education, what do these usually cost ?

Much appreciated..
Chuxing
Community Champion

The latest COBIT 2019 has an online certification course ran by ISACA, I believe that is costs ~USD1100 including voucher. 

 

There are multiple ITIL 4 ( the latest version) courses online such as udemy, Check with AXELOS for authorized trainers in your region.   

 

Check PMI for training courses online or in your area on PMP, and costs. I believe some colleges offer PMP courses as extensions, usually cheaper than commercial trainers. 

 

But, the most important thing is: you should plan your career path first, and then research what additional certifications are beneficial.


____________________________________
Chuxing Chen, Ph.D., CISSP, PMP