Home page logo

basics logo Security Basics mailing list archives

Re: IT Manager to CISO
From: Jonathan Younie <jonnyp4lsec () gmail com>
Date: Wed, 27 Apr 2011 20:21:22 -0400


From any standpoint, there's no comparing the two certifications. The Security+ exam is an entry level exam suitable for most people who are just entering the field. The CISSP is a well respected exam for people who are experienced and involved in designing and managing all forms of security at a high level. In fact, the certification requires being vouched for by other certified CISSPs and demonstration of numerous years of InfoSec related experience. It covers a broad spectrum of information and demonstrates a knowledge of industry standards rather than singular products or philosophies. Another exam you might consider is the Certified Information Security Manager (CISM) offered by ISACA [http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx]. This is an exam designed for high level security managers who have to cover all realms of security from a technical and administrative aspect. Both of those are hard for anyone to scoff at.

Hope that helps.
Jonathan Younie

On 4/27/2011 4:37 AM, olufemimogaji () gmail com wrote:
Hi all,

I'm currently the de facto IT manager for a small IT services firm. The nature of our business requires that we follow PCI standards as per 
logical security. Here's the thing, the CISO is leaving next month, and I've been told I'll be taking his position. I already 
have a lot of exposure to info sec, I have a CCNP (the former version with ISCW) and a I'm an MCP (Active Directory for WS 2008). What I 
need to know is what cert I should go out there and get to make me more cemented in this new CISO role, at least to keep the auditors happy, as 
they sometimes like to question your competence. The outgoing CISO, even though he was trained by some of our partners, had NO certs, and this 
exposed him to uncomfy questions from hard nosed auditors. Security+ or CISSP exam? Or any others? Any form of guiding light will be highly 


Femi M.

Sent from my BlackBerry® Smartphone

Sent from my BlackBerry® Smartphone

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]