Home page logo
/

basics logo Security Basics mailing list archives

RE: IT Manager to CISO
From: Jeremi Gosney <Jeremi.Gosney () motricity com>
Date: Thu, 28 Apr 2011 20:29:49 +0000

I wouldn't exactly call the CISSP well-respected -- it's respected within certain circles and among certain types of 
people. I tend to view the CISSP as a black mark on a resume. We don't really place a whole lot of weight on 
certifications to begin with as there are very few that actually demonstrate practical knowledge / skill, but if CISSP 
is the only cert on the resume, it goes in the trash.

If upper management is your goal, my advice would be to go for both GSLC and G2700 (hopefully your organization does 
ISO 27000). At least you will still have a soul after obtaining those.

________________________________________
From: listbounce () securityfocus com [listbounce () securityfocus com] on behalf of Jonathan Younie [jonnyp4lsec () 
gmail com]
Sent: Wednesday, April 27, 2011 5:21 PM
To: olufemimogaji () gmail com
Cc: security-basics () securityfocus com
Subject: Re: IT Manager to CISO

Femi,

 From any standpoint, there's no comparing the two certifications. The
Security+ exam is an entry level exam suitable for most people who are
just entering the field. The CISSP is a well respected exam for people
who are experienced and involved in designing and managing all forms of
security at a high level. In fact, the certification requires being
vouched for by other certified CISSPs and demonstration of numerous
years of InfoSec related experience. It covers a broad spectrum of
information and demonstrates a knowledge of industry standards rather
than singular products or philosophies. Another exam you might consider
is the Certified Information Security Manager (CISM) offered by ISACA
[http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx].
This is an exam designed for high level security managers who have to
cover all realms of security from a technical and administrative aspect.
Both of those are hard for anyone to scoff at.

Hope that helps.
Jonathan Younie


On 4/27/2011 4:37 AM, olufemimogaji () gmail com wrote:
Hi all,

I'm currently the de facto IT manager for a small IT services firm. The nature of our business requires that we 
follow PCI standards as per logical security. Here's the thing, the CISO is leaving next month, and I've been told 
I'll be taking his position. I already have a lot of exposure to info sec, I have a CCNP (the former version with 
ISCW) and a I'm an MCP (Active Directory for WS 2008). What I need to know is what cert I should go out there and get 
to make me more cemented in this new CISO role, at least to keep the auditors happy, as they sometimes like to 
question your competence. The outgoing CISO, even though he was trained by some of our partners, had NO certs, and 
this exposed him to uncomfy questions from hard nosed auditors. Security+ or CISSP exam? Or any others? Any form of 
guiding light will be highly appreciated.

Regards,

Femi M.




Sent from my BlackBerry® Smartphone



Sent from my BlackBerry® Smartphone


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault