mnovelo - Fotolia
I'm a PMP-certified technical project manager with about 10 years of experience. My background is in security operations, networking, Java EE and e-commerce. I'm also a certified ScrumMaster with a Rackspace Cloud certification. I'd like to pursue a career in mobile/BYOD/SaaS/PaaS management. Should I get the CISSP or CISM? Is the CISM valued in the marketplace? Also, should I get an advanced cybersecurity degree?
Career advancement can be difficult, even in the high-demand field of information security. The PMP certification and experience are good assets in helping to drive your career forward. Many employers are looking for project management experience on a resume, even if it is not required for the position, as it can be beneficial in any role.
You may want to start by narrowing down your goal and focusing on a single position or technology. The mobile and BYOD focus doesn't have much in common with the focus on cloud services, such as SaaS or PaaS. You will benefit more by spending the time to specialize in one of those areas. Career opportunities will then be searching for you instead of the other way around.
The choice of information security certifications is not as critical as the choice to focus on a technology area. The CISSP and CISM are both respected in the market -- although they tend to have different target audiences. There is some overlap between the two, but the CISSP tends to be more technically focused than the CISM. The CISSP has a slight edge in that it has become the de facto certification for information security practitioners.
I am not a strong believer in advanced cybersecurity degrees, and usually instead look for experience, expertise and passion in a potential candidate. It seems like every educational institution now has a degree program in information security just to capitalize on the potential size of the market, but they often don't have staff qualified in information security. There are some exceptions, like the cybersecurity master's degree from the SANS Technology Institute.
The steps required for career advancement will be different for everyone. There isn't a clearly defined sequence that can be followed to achieve the next level. Information security certifications are expected by employers, but they won't create advancement opportunities on their own. The best way to advance your career is by focusing on becoming an expert in a specific field. The best way to become an expert is to continually study and practice. Before you know it, the employers will be searching for you.
Find out how a new certification looks to strengthen insider threat programs
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Joseph Granneman
The consequences of phishing attacks could fall on the victims as enterprises start to punish employees who fall for this age-old scam. Expert Joseph... Continue Reading
CERT's ITPM certification is designed to help enterprises with their insider threat programs. Expert Joseph Granneman discusses the certification and... Continue Reading
Privileged users pose a growing threat to organizations. Expert Joseph Granneman looks at this insider threat and shares ways to mitigate it. Continue Reading