Any CISM accredited people on here?
17 December 2012, 10:26 AM
#1
Scooby Regular
Thread Starter
Join Date: Mar 2011
Posts: 546
Likes: 0
Received 0 Likes
on
0 Posts
Any CISM accredited people on here?
Morning folks,
Probably a long shot, but...
I was wondering if there are any people on here with the Certified Information Security Manager accreditation on this forum, and if so, what study materials you used?
The CISM is next on my list of security certifications I want to get and from what I can see, ISACA want $110 for a 270 odd page book, which seems a joke, and all the non ISACA study material has really poor reviews on amazon, so I'm dubious about their value.
Cheers,
MArk.
Probably a long shot, but...
I was wondering if there are any people on here with the Certified Information Security Manager accreditation on this forum, and if so, what study materials you used?
The CISM is next on my list of security certifications I want to get and from what I can see, ISACA want $110 for a 270 odd page book, which seems a joke, and all the non ISACA study material has really poor reviews on amazon, so I'm dubious about their value.
Cheers,
MArk.
18 December 2012, 12:12 AM
#3
Dont wish to sound arrogant, however, in my opinion these certifications are intended to demonstrate that your level of professional competence is up to a baselined standard. You should be able to pass the exam based on experience. I have no experience of CISM exams, but my CV currently states "CISSP (Expired)". In the back of a drawer somewhere in work I have a badge which states "No Longer CISSP" which a colleague gave me to wear on my ID lanyard!!!!
I got fed up encountering so called security professionals who were certified, but if you set them down at a keyboard they were unable to achieve anything of any significance. This would have been forgivable if they excelled in an "architect" type role, but it soon became obvious they had got the qualification without the experience. In my opinon the value went out of these exams when they became a requirement to enter InfoSec roles, rather than an indicator of exposure to the broad range of roles in the InfoSec environment.
It is my understanding that CISM is a managment qualification focussed on processes to manage risk in the InfoSec environment, whereas CISSP consolidates technical skills and certifications to demonstrate a broad experience and exposure to security technologies and techniques.
I got fed up encountering so called security professionals who were certified, but if you set them down at a keyboard they were unable to achieve anything of any significance. This would have been forgivable if they excelled in an "architect" type role, but it soon became obvious they had got the qualification without the experience. In my opinon the value went out of these exams when they became a requirement to enter InfoSec roles, rather than an indicator of exposure to the broad range of roles in the InfoSec environment.
It is my understanding that CISM is a managment qualification focussed on processes to manage risk in the InfoSec environment, whereas CISSP consolidates technical skills and certifications to demonstrate a broad experience and exposure to security technologies and techniques.
18 December 2012, 09:54 AM
#4
Scooby Regular
Thread Starter
Join Date: Mar 2011
Posts: 546
Likes: 0
Received 0 Likes
on
0 Posts
Doesn't sound arrogant at all mate.
The CISSP is largely a money making initiative from ISC2 - got mine and am still in good standing, although how long for remains to be seen. Although I will say that in my opinoin it is the no1 Infosec certification you can get.
I agree re encountering people with the certification and no skills - similar to the old MCSE exams years ago. However, in my case, it's looking that there's a fair chance I could end up contracting next year so a long list of accreditations would be a useful way to get noticed above other experienced InfoSec contractors. From what I have read, the CISM is basically a slightly more in-depth version of the governance related part(s) of the CISSP, but with some incident management process stuff thrown in as well.
I have 10+ years experience in the field, with the 8 prior to that in technical IT roles managing desktop and server infrastructure, but I can't agree that I would have passed the CISSP based on experience alone.
If I'm going to sit an exam I want to be damn sure I will pass it, especially if it's only possible to take it twice a year, as in the case of the CISM, CISA, and i assume CRISC....
The CISSP is largely a money making initiative from ISC2 - got mine and am still in good standing, although how long for remains to be seen. Although I will say that in my opinoin it is the no1 Infosec certification you can get.
I agree re encountering people with the certification and no skills - similar to the old MCSE exams years ago. However, in my case, it's looking that there's a fair chance I could end up contracting next year so a long list of accreditations would be a useful way to get noticed above other experienced InfoSec contractors. From what I have read, the CISM is basically a slightly more in-depth version of the governance related part(s) of the CISSP, but with some incident management process stuff thrown in as well.
I have 10+ years experience in the field, with the 8 prior to that in technical IT roles managing desktop and server infrastructure, but I can't agree that I would have passed the CISSP based on experience alone.
If I'm going to sit an exam I want to be damn sure I will pass it, especially if it's only possible to take it twice a year, as in the case of the CISM, CISA, and i assume CRISC....
Thread
Thread Starter
Forum
Replies
Last Post