Ask the Expert

Experienced security pro ponders taking the ISSMP or CISM cert

I have my CISSP certification and have about eight years of experience in security, particularly in antivirus and perimeter security/IDS implementations. I have undergone all the premier security vendor certifications and now would like to have a career in IS security management. Which certification should I take -- the ISSMP (CISSP concentration) or CISM (ISACA)?

    Requires Free Membership to View

Given that you already have a CISSP you may be able to qualify for the CISM simply by requested to be "grandfathered" into that new fraternity. (Check out the ISACA for more information on this prospect. A quick review shows me that you should qualify easily under that provision.) If not, given that the CISSP and CISM are on roughly equal footing, and the CISSP is better known and more frequently of interest to employers, I don't see much value in pursuing the CISM through examinations and so forth.

If your interest really does lie in security management, the ISSMP probably makes more sense, because it extends your existing credentials and takes you to the highest level of credentialing currently available from the ISC(2).

For more info on this topic, please visit these resources:

This was first published in September 2003

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: