Manage Learn to apply best practices and optimize your operations.

The right cert for a security and risk management project manager

I am a project manager working in the security and risk management field. I have worked in security for five years but do not consider myself to be technical. I am more in tune with policies and migration/deployment. Which security certification would you recommend for me?

Despite your belief that you are not technical, your background does not disqualify you from pursuing many, if not most, information security certifications (assuming, of course, you are willing to learn and master the technical topics you'll encounter on the way to earning such credentials). Given an interest in security policy and high-level security management, I'd recommend investigating the ISC2's Certified Information Systems Security Professional (CISSP; look up program information from the home page at www.isc2.org) as a starting point and then think about tackling the ISSMP (Information Systems Security Management Professional), which is a follow-on to the CISSP (also known as a CISSP concentration: see here for more details). The only potential sticking point is with their experience requirement, whereby you'd need to document four years of relevant work-related information security experience to qualify for the credential. That said, ISC2 does offer an ISC2 Associate program that permits individuals to sit for the CISSP exam before meeting the experience requirement that may be worth considering.

I don't know very much about purely local information security credentials available in the U.K., but would also suggest talking to somebody who works or teaches in the field to find out what other kinds of options are open to you.

Good luck with your job change. As somebody who finds infosec endlessly fascinating, I can only imagine you will soon feel the same way yourself!

For more info on this topic, visit these SearchSecurity.com resources:
  • Ask the Expert: What is the value of a CISSP certification?
  • Ask the Expert: What role should certifications play in hiring someone?
  • Careers and Certification Tips: Security certification landscape, part 2 -- Climbing the certification ladder
  • This was last published in March 2004

    Dig Deeper on Information security certifications, training and jobs

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.