Peter H Gregory’s Study Guides Available For 2023 Top-Rated Certifications

Gregory’s best-selling books cover five of the top ten certifications ranked by salary

January 23, 2023

SEATTLE, Washington – Peter H Gregory’s best-selling certification study guides cover several of the highest-ranked certifications in the 2023 Salary Survey 75 list, including the #1 and #3 spots. Gregory’s books cover five of the top ten paying IT certifications, according to Certification Magazine, which just released its 2023 Salary Survey 75, the top 75 IT certifications ranked by U.S. salaries. The survey covered over 1,200 vendor and non-vendor certifications in IT, IT Security, and privacy.

The top certifications in the survey with best-selling study guides written by Peter H Gregory include:

• #1: CRISC (Certified in Risk and Information Systems Control) from ISACA. U.S. salary $156,390. Study guide: CRISC Certified in Risk and Information Systems Control All-In-One Exam Guide, 2^nd edition, co-authored with Bobby Rogers and Dawn Dunkerley.
• #3: CISM (Certified Information Security Manager) from ISACA. U.S. salary $148,680. Study guides: CISM Certified Information Security Manager All-In-One Exam Guide, 2nd edition, CISM Certified Information Security Manager Practice Exams, 2nd edition, and CISM Certified Information Security Manager Bundle, 2nd edition.
• #6: CISA (Certified Information Systems Auditor) from ISACA. U.S. salary $145,240. Study guide: CISA Certified Information Systems Auditor All-In-One Exam Guide, 4th edition.
• #7: CDPSE (Certified Data Privacy Solutions Engineer) from ISACA. U.S. salary $144,910. Study guide: CDPSE Certified Data Privacy Solutions Engineer All-In-One Exam Guide.
• #9: CISSP (Certified Information Systems Security Professional) from (ISC)². U.S. salary $140,230. Study guides: CISSP For Dummies, 7th edition, co-authored with Lawrence Miller; CISSP Guide to Security Essentials, 2nd edition.
• #54: CIPM (Certified Information Privacy Manager) from IAPP. U.S. salary $96,093. Study guide: CIPM Certified Information Privacy Manager All-In-One Exam Guide.

“I am pleased that these certifications have made such a strong showing,” says Peter H Gregory, who has published over fifty books since 2000. “This success would not be possible, however, without strong support from McGraw-Hill Professional over the past thirteen years with the publication of the first edition of the CISA Certified Information Systems Auditor All-In-One Exam Guide.”

Gregory has written a total of sixteen titles for McGraw-Hill Professional since 2009, including CRISC Certified in Risk and Information Systems Control All-In-One Exam Guide, second edition, co-authored with Bobby Rogers and Dawn Dunkerley. Gregory’s other notable books include CISSP For Dummies (first published in 2002, now in its 7th edition), CISSP Guide to Security Essentials, second edition, The Art of Writing Technical Books, Chromebook For Dummies, and Solaris Security. “All of my published books have fueled my passion for helping IT professionals successfully pursue IT security and privacy careers,” Gregory adds. “The skills that my readers learn enable them to better understand how to protect their organizations’ sensitive information and critical systems.”

About Peter H Gregory

Peter H Gregory is a career information security and privacy leader. He is the author of over fifty books on information security and emerging technology. Visit him at peterhgregory.com.

For interviews with Peter H Gregory, please contact: peter.gregory [at] gmail.com

# # #

You are free to disseminate this news story. We request that you reference Peter H Gregory and include his web address, www.peterhgregory.com.

Peter H Gregory’s Study Guides Available For Top-Rated Certifications

January 4, 2022

SEATTLE, Washington – Peter H Gregory’s top-selling certification study guides cover several of the highest-ranked certifications in the Salary Survey 75 list, including the #1 and #2 spots. Certification Magazine has just released its Salary Survey 75, the top 75 IT certifications ranked by U.S. salaries. The survey covered over 900 vendor and non-vendor certifications in IT, IT Security, and privacy. The survey also includes a “Simmering Salaries” list of certifications where certification holders’ salaries increased at least 7% in 2021.

Top-selling study guides written by Peter H Gregory include:

• #1: CRISC (Certified in Risk and Information Systems Control) from ISACA. U.S. salary $154,870. Study guide: CRISC Certified in Risk and Information Systems Control All-In-One Exam Guide, 2^nd edition, co-authored with Bobby Rogers and Dawn Dunkerley, available for pre-order at Amazon and released in March 2022.
• #2: CDPSE (Certified Data Privacy Solutions Engineer) from ISACA. U.S. salary $150,230. Study guide: CDPSE Certified Data Privacy Solutions Engineer All-In-One Exam Guide, published in 2021.
• #4: CISM (Certified Information Security Manager) from ISACA. U.S. salary $150,040. Study guide: CISM Certified Information Security Manager All-In-One Exam Guide, published in 2018. Practice questions: CISM Certified Information Security Manager Practice Exams, published in 2019. Both of these books are available together as a bundle.
• #10: CISA (Certified Information Systems Auditor) from ISACA. U.S. salary $135,760. Study guide: CISA Certified Information Systems Auditor All-In-One Exam Guide, 4^th edition, published in 2019. Practice questions: CISA Certified Information Systems Auditor Practice Exams, published in 2020. Both of these books are available together as a bundle.
• #11: CISSP (Certified Information Systems Security Professional) from (ISC)². U.S. salary $135,560. Study guide: CISSP For Dummies, 6^th edition, published in 2018. CISSP For Dummies, 7^th edition, available for pre-order and released in March 2022. CISSP Guide to Security Essentials, 2^nd edition, targets higher education institutions.
• “Heating Up” – CIPM (Certified Information Privacy Manager) from IAPP. U.S. salary $104,110. Study guide: CIPM Certified Information Privacy Manager All-In-One Exam Guide, published in 2021.

“I am pleased that my titles’ certifications have made such a strong showing,” says Peter H Gregory, who has published over forty books since 2000. “This success would not be possible, however, without strong support from McGraw-Hill Professional over the past thirteen years with the publication of the first edition of the CISA Certified Information Systems Auditor All-In-One Exam Guide.”

Gregory has written a total of twelve titles for McGraw-Hill Professional since 2009, including CRISC Certified in Risk and Information Systems Control All-In-One Exam Guide, second edition, co-authored with Bobby Rogers and Dawn Dunkerley, available for pre-order and expected to be available in late March 2022. Gregory’s other notable books include CISSP For Dummies (first published in 2002, now in its 7th edition), CISSP Guide to Security Essentials, second edition, Chromebook For Dummies, and Solaris Security. “All of my published books have fueled my passion for helping IT professionals successfully pursue IT security and privacy careers,” Gregory adds. “The skills that my readers learn enable them to better understand how to protect their organizations’ sensitive information and critical systems.”

About Peter H Gregory

Peter H Gregory is a career information security and privacy leader. He is the author of over forty books on information security and emerging technology. Visit him at peterhgregory.com.

For interviews with Peter H Gregory, please contact: peter.gregory [at] gmail.com

# # #

You are free to disseminate this news story. We request that you reference Peter H Gregory and include his web address, www.peterhgregory.com.

CISM vs CISSP

A reader recently asked me about the CISM versus the CISSP. Specifically, he asked, “How hard is the CISM for someone who passed the CISSP?”

Having earned both certs (and a few more besides), and having written study guides for both, I felt qualified to help this individual. My answer follows.

CISM is much heavier on security management and risk management than CISSP. You’ll have to study these topics, and the business side of information security.  To paint with a broad brush, you could say that CISM is for CISO’s while CISSP is for security engineers. That, in essence, is the distinction.

Oh and there’s a great study guide out for the CISM: https://www.amazon.com/Certified-Information-Security-Manager-Guide-ebook/dp/B079Z1J87M

I passed my CISSP almost 20 years ago while I was still a hands-on technologist.  I studied for my CISA two years later. I learned through my ISACA CISA study materials (provided by my employer) that ISACA has a vastly different vocabulary for infosec than does (ISC)2.  Think of it as a business perspective versus an engineering perspective.  Both are right, both are valid, both are highly valued in the employment market.  But they are different.  Master both, and you’ll be a rare treasure.

---

Study guides for CISSP:

CISSP For Dummies

CISSP Guide to Security Essentials

Study guides for CISM:

CISM All-In-One Exam Guide

 

 

Hard copy vs online verification

Today, in an online forum, someone asked why ISACA still uses paper based certification applications instead of moving to online verification. The person argued that other organizations had gone to an online verification system.

My response:

I can understand why this is still a paper-based process. Moving it online would provide many opportunities for fraud. While I believe that 99.9% of CISA/CRISC/CISM applicants are honest, a purely online system would provide an easier opportunity for someone lacking the necessary background or experience to fabricate it – including verifiers. How could you prove that the verifiers are genuine?

Maybe, someday, if we ever get to a reliable online identity system that provides a solid tie between a real person and an online identity, I think that ISACA should stick with the paper model.

I am sure that ISACA has had this discussion, and will continue to have it from time to time.

Certification and Experience: Putting the Cart Before the Horse

When I earned my CISSP in 2000, and my CISA in 2002, I desired to earn these certifications as a way of demonstrating the knowledge and experience that I had already accumulated. To me, these certifications are a visible symbol of my professional qualifications in the professional community.

In recent years, I have seen many people who do not have the knowledge or the experience, and they desire to earn these certifications so that they may be better qualified for positions where they can earn the knowledge and experience that these certifications require.

These people have it backwards. They are showing impatience: they want the positions that require experience, but they do not yet have it. They ask, now that I have my CISSP (or CISA or CISM), how can I now get security specialist, security manager, security auditor, or other positions? And they wonder why they have difficulty finding these jobs that require CISSP, CISA, or CISM certification.

What I believe they fail to understand is that they do not have the required experience.

The correct path for professional certification and experience is this: acquire the knowledge and the experience, and then earn the certification. This is the method expected by employers, professionals, and the organizations that develop and manage these certifications.

Would you go to a doctor who had his license to practice but did not yet have the required experience? Of course not, and likewise employers do not hire candidates based only on their certifications. Instead, employers hire based upon knowledge, experience, and particular skills.

I believe that many of these aspiring certification candidates are being led astray by training organizations who are implicitly (if not explicitly) fostering the expectation that one can earn a certification based on a short training course alone, as though it is a “shortcut” to positions with greater responsibility, expectations, and compensation.

To IT professionals who want to get ahead and earn certifications: good for you! I wish you well! However, do know that you need to accumulate years of work experience first – then earning those certifications will be relatively easy, and you will have greater satisfaction through knowing that you have rightfully earned your certification, not only because you were able to pass a certification exam, but also because you have the experience that goes with it.

CISA study group

CISM study group

CISSP study group

CRISC study group

What security professionals can learn from Eliot Spitzer

Eliot Spitzer, the [soon-to-be-former] governor of New York State has resigned due to his being involved in a highly publicized sex scandal.

Corporate security professionals, time to sit up and take notice. I’m talking to CISSPs, CISAs, CISMs, and those in positions of ISO, ISSO, CISO, as well as Manager / Director / VP of IT Security.

As I have opined before, we are obliged to lead our organizations by example, in terms of prescribing and demonstrating desired behavior of employees on the protection of all corporate assets, including information. Leading by example means working transparently, of working every hour as though others are watching.

Eliot Spitzer gave in to his carnal desires and indulged in prostitution because he thought that he could keep it hidden. But behavior is like pouring water onto a sponge: for a time the sponge will soak up the water, keeping its presence hidden; eventually, however, the water – like the illicit behavior – will overflow and be impossible to hide. But like a frog in boiling water, Gov. Spitzer probably indulged in small ways at first, but proceeded slowly until he was no longer in control of his behavior / addiction.

Security professionals, there are steps that you can take to avoid falling into a trap of undesired behavior:

1. Be accountable. Pick two or more peers with whom you can meet every week to discuss your activities. These individuals must be trustworthy and themselves above reproach.

2. When you feel the tug of undesired behavior, confide in these accountability partners. Then, listen to their advice; if it is sound, heed it.

3. When you partake in undesired behavior, confess it to your accountability partners. Listen to their counsel; if they are loyal and have personal integrity, they will not chastise you for your behavior but instead help you to get back onto the right track.

4. Keep no secrets. Tell your accountability partners everything that you do. Keep nothing back. Share even the deep recesses of your “thought life” – which is the kernel of future behavior.

While it will be convenient to select accountability partners from the workplace, you should not choose your superiors or your staff. Instead I recommend that you choose individuals in your organization who you do not work with routinely or, better yet, choose individuals who do not work in your organization.

You can only be accountable to others when you allow yourself to be accountable to you.

Some principles of behavior:

A. If you were an outsider and would judge or criticize your own behavior, spend more time seriously considering what you are doing, and get yourself onto a path of change.

B. Do not be afraid to ask for help.

C. Learn to forgive yourself for your mistakes.

D. Do not give up.

There is an old saying: “There is no such thing as a complete failure; they can always be used as a bad example.” Gov. Spitzer may be a bad example today, but his example should help others to be introspective and re-examine their own behavior.

Remember the security professional codes of ethics:

(ISC)²
ISACA
ASIS
CTIN
ISSA
GIAC
InfraGard
SANS
NCISS

Other postings:

CIA Triad also the basis for our ethical behavior

A call for character and integrity

Principles that guide the Christian security professional

Personal integrity the keystone in an information security career

Integrity begins within: security pros lead by example (Computerworld)

CISM exam study guides

There are a few books in print that the CISM (Certified Information Security Manager) candidate can use as a study aid for the CISM exam.

CISM All-In-One Exam Guide by Peter H Gregory

CISM Review Review Manual 2007, 15th Ed by ISACA

The CISM Prep Guide: Mastering the Five Domains of Information Security Management by Ronald L. Krutz and Russell Dean Vines

Complete Guide to CISM Certification by Thomas R. Peltier and Justin Peltier
CISA exam study guides