CISM vs CISSP

A reader recently asked me about the CISM versus the CISSP. Specifically, he asked, “How hard is the CISM for someone who passed the CISSP?”

Having earned both certs (and a few more besides), and having written study guides for both, I felt qualified to help this individual. My answer follows.

CISM is much heavier on security management and risk management than CISSP. You’ll have to study these topics, and the business side of information security.  To paint with a broad brush, you could say that CISM is for CISO’s while CISSP is for security engineers. That, in essence, is the distinction.

Oh and there’s a great study guide out for the CISM: https://www.amazon.com/Certified-Information-Security-Manager-Guide-ebook/dp/B079Z1J87M

I passed my CISSP almost 20 years ago while I was still a hands-on technologist.  I studied for my CISA two years later. I learned through my ISACA CISA study materials (provided by my employer) that ISACA has a vastly different vocabulary for infosec than does (ISC)2.  Think of it as a business perspective versus an engineering perspective.  Both are right, both are valid, both are highly valued in the employment market.  But they are different.  Master both, and you’ll be a rare treasure.


Study guides for CISSP:

CISSP For Dummies

CISSP Guide to Security Essentials

Study guides for CISM:

CISM All-In-One Exam Guide

 

 

Advertisements

2 thoughts on “CISM vs CISSP

  1. Sy Inwentarz

    Peter:
    I have over 30 years of hands-on IT experience in application development and systems management. For the last 10 years, I was a CIO for a series of companies owned by Private Equity firms in which I had an equity interest. I am 66 and still looking to stay active with my Technical consulting skills. I decided to pursue the CISSP option and I am enjoying the study process (e.g. your book)
    . Question for you: Am IO too old to pursue a consulting position in the cybersecurity segment of the IT industry?

    Reply
    1. peterhgregory Post author

      Sy – you’re an ideal candidate to pivot into cybersecurity! Your 30 years of IT experience makes you an ideal candidate. Start earning some certs and begin to change your resume and online profile to reflect your career pivot. A great cybersecurity career awaits you!

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.