Re: IT Manager to CISO



Femi,

I would not pursue the Security+, although its gotten a lot more difficult
over the last few years, many people don't have a high degree or respect of
the for it because of how easy it used to be.

You may also want to consider the CISM (management) or CISA (auditing)

However, if I were you I would pursue the CISSP. Its fairly well respected
and covers a broad area of information security. One of the reasons
I recommend this is that you can follow it up with one of their
concentrations, ISSMP (management) and ISSAP (technical). There is a fair
amount of overlap between the CISSP and either of these concentrations, so
you could conceivably get the CISSP-ISSMP in a fairly short period of time.

In addition, I'd recommend the Project Management Professional (PMP) for
someone in your position. I think this is as much, or more important than
most other industry/vendor specific certifications.

//shameless self promotion// I put a lot of my personal experiences, as well
as study information and practice test for the CISSP on my blog. All free
and you don't need to register to access anything.
http://www.cisspzone.com/about-cissp-zone/

Mitchell


On 4/27/2011 4:37 AM, olufemimogaji@xxxxxxxxx wrote:
Hi all,

I'm currently the de facto IT manager for a small IT services firm. The nature of our business requires that we follow PCI standards as per logical security. Here's the thing, the CISO is leaving next month, and I've been told I'll be taking his position. I already have a lot of exposure to info sec, I have a CCNP (the former version with ISCW) and a I'm an MCP (Active Directory for WS 2008). What I need to know is what cert I should go out there and get to make me more cemented in this new CISO role, at least to keep the auditors happy, as they sometimes like to question your competence. The outgoing CISO, even though he was trained by some of our partners, had NO certs, and this exposed him to uncomfy questions from hard nosed auditors. Security+ or CISSP exam? Or any others? Any form of guiding light will be highly appreciated.

Regards,

Femi M.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: Entry Level Certifications
    ... you apply to become a CISSP. ... Information Security Analyst ... antivirus and patch management etc. ...
    (Security-Basics)
  • RE: Re: University Degree or CISSP
    ... A legitimate CISSP requires at a minimum of 4 years of industry ... degree with experience, or cert with experience. ... SECURITY+ is OK, but combined with a NETWORK+ and an A+, shows that you ... mostly management concepts in security. ...
    (Security-Basics)
  • Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer v3.1 (FREEWARE)
    ... Not a rant just something to think about the next time you claim mastery! ... security credential showing mastery of all aspects of security, ... disagree that a CISSP shows a mastery of all things security. ... testing and vulnerability management needs. ...
    (Pen-Test)
  • Re: Hacker Stories, Certs,vs Projects
    ... The CISSP cert should be kept in perspective. ... It is a good certification for people on a managerial level to have because it gives them a fairly broad, high level view of the security field, which they need to do their job more effectively. ... -not boasting or professing mastery. ... there, then we wouldn't have configuration management issues, patch management ...
    (Pen-Test)
  • Re: Network Engineer vs. Network Security Engineer
    ... the systems is poor policy and/or management. ... Network Engineer vs. Network Security Engineer ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)