I have my CISSP certification and have about eight years of experience in security, particularly in antivirus and perimeter security/IDS implementations. I have undergone all the premier security vendor certifications and now would like to have a career in IS security management. Which certification should I take -- the ISSMP (CISSP concentration) or CISM (ISACA)?
Given that you already have a CISSP you may be able to qualify for the CISM simply by requested to be "grandfathered" into that new fraternity. (Check out the ISACA for more information on this prospect. A quick review shows me that you should qualify easily under that provision.) If not, given that the CISSP and CISM are on roughly equal footing, and the CISSP is better known and more frequently of interest to employers, I don't see much value in pursuing the CISM through examinations and so forth.
If your interest really does lie in security management, the ISSMP probably makes more sense, because it extends your existing credentials and takes you to the highest level of credentialing currently available from the ISC(2).
For more info on this topic, please visit these SearchSecurity.com resources:
- Best Web links: Infosec training, career and events
- Archived Featured Topic: Security certifications
- On-demand webcast: Security certifications: What's hot, what's not
This was first published in September 2003