I am a project manager working in the security and risk management field. I have worked in security for five years...
but do not consider myself to be technical. I am more in tune with policies and migration/deployment. Which security certification would you recommend for me?
Despite your belief that you are not technical, your background does not disqualify you from pursuing many, if not most, information security certifications (assuming, of course, you are willing to learn and master the technical topics you'll encounter on the way to earning such credentials). Given an interest in security policy and high-level security management, I'd recommend investigating the ISC2's Certified Information Systems Security Professional (CISSP; look up program information from the home page at www.isc2.org) as a starting point and then think about tackling the ISSMP (Information Systems Security Management Professional), which is a follow-on to the CISSP (also known as a CISSP concentration: see here for more details). The only potential sticking point is with their experience requirement, whereby you'd need to document four years of relevant work-related information security experience to qualify for the credential. That said, ISC2 does offer an ISC2 Associate program that permits individuals to sit for the CISSP exam before meeting the experience requirement that may be worth considering.
I don't know very much about purely local information security credentials available in the U.K., but would also suggest talking to somebody who works or teaches in the field to find out what other kinds of options are open to you.
Good luck with your job change. As somebody who finds infosec endlessly fascinating, I can only imagine you will soon feel the same way yourself!
For more info on this topic, visit these SearchSecurity.com resources:
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.