Sec+, CISM and CISSP....oh my!

Banzai_Joe · 8 Mar 2022 at 10:02

Hi all,
I was a senior Group IT Manager for 15 years. Simply put I've done a lot.......yet there's plenty i don't know.
My plan is (was) to do Sec+, CISSP and CISM in 2022.
However (ISC)2 have just moved the goalposts on the CISSP whereby in May it goes to 4 hours and 200 questions and if I'm honest its put me off a bit.
I'm on my 2nd run through the Sec+ course and thinking maybe CISM next to give me some extra info and confidence prior to going for CISSP.

To be clear, whilst i want the extra knowledge, a lot of the material touches on stuff I've been doing for years, the courses will fill in the blanks and formalise a lot of it I guess and I'd certainly need to study hard to pass the exams. I also (mainly) want to add these certs to my CV as I feel I'm stagnating in my current job as an IT Consultant on a zero hour contract. The pay and the hours are good but if I move back into a full time job i could do with really respected IT security quals like the ones above.

Soooo.........bearing in mind I have no real intention of fully becoming a cyber security specialist in its own right (i still enjoy all other aspects of IT management), and whilst I certainly think they'd massively add to my experience and credentials of 16 years in IT management which would you do?

I guess this is really aimed at those who have knowledge of CISM and CISSP.

Any advice appreciated.

Banzai_Joe · 9 Mar 2022 at 17:42

Thanks Ev0,
Thing is that as I work my way through the sec+ (for the 2nd time) AND look at some of the CISSP material, I’m getting more interested in cyber security. However some of the domain stuff is as boringly dull as dishwater.
I’m counting on CISSP and/or CISM enticing me into more diverse senior IT management roles…..and I can go from there. It’s not like I’d be “winging” it after all. I’ve done ok for 16 years so far.

Banzai_Joe · 10 Mar 2022 at 09:53

Thank you sir.

Banzai_Joe · 10 Mar 2022 at 21:19

Thanks Stu999.
I’m actually using (ISC)2 for CISM (not ISACA) and CISSP to keep them together as there are benefits for being a certified member of (ICS)2.
If I can get into a proper rhythm of study (which is hard at my age) then hopefully things will slot into place easier and I can get a crack on with them.

Banzai_Joe · 11 Mar 2022 at 16:51

It’s not really the content and time per questions, it’s them buggering about and changing the goalposts.
I’m not a fan of online proctored exams, so extending the time being scrutinised by some overzealous idiot on a power trip for even longer doesn’t sit well with me. I don’t think they have any exam centres anywhere near me.
I’ll be travelling to Lincoln to sit my security+ exam.

Banzai_Joe · 11 Mar 2022 at 21:55

Well CISSP is one of the majorly respected certs in cyber security.
I don’t think you necessarily get the full amount of questions. if you hit the pass mark in fewer questions then I think you stop. That happens on other exams and I’m sure someone in my CISSP study group said the same of this one.
For now, I’m re-studying for the sec+ and when I walk my dog or driving in the car I listen to CISSP audio stuff, just to familiarise myself before deep diving when I finish the sec+.
The hope is to also do the CISM which is more exec/managerial and non-hands on. Something I’ll maybe end up doing, as you can only crawl through so many roof spaces with network cabling, or rebuilding comms racks, computers etc before it takes its toll…..

Banzai_Joe · 11 Mar 2022 at 21:57

malachi said:
No surprise there. Microsoft did the same a few years back. When too many people pass the exams they make them harder.

Good luck on the Sec+ exam, I pass it over a year ago.

Thanks bud. You did the 501? I decided to go for the 601 and take my time as I knew I’d not be ready before July 2021 to take the exams which was the retirement for the 501.