Security Basics mailing list archives
Re: IT Manager to CISO
From: Mitchell Rowton <mitchell.rowton () cisspzone com>
Date: Sat, 30 Apr 2011 16:50:41 -0400
Femi, I would not pursue the Security+, although its gotten a lot more difficult over the last few years, many people don't have a high degree or respect of the for it because of how easy it used to be. You may also want to consider the CISM (management) or CISA (auditing) However, if I were you I would pursue the CISSP. Its fairly well respected and covers a broad area of information security. One of the reasons I recommend this is that you can follow it up with one of their concentrations, ISSMP (management) and ISSAP (technical). There is a fair amount of overlap between the CISSP and either of these concentrations, so you could conceivably get the CISSP-ISSMP in a fairly short period of time. In addition, I'd recommend the Project Management Professional (PMP) for someone in your position. I think this is as much, or more important than most other industry/vendor specific certifications. //shameless self promotion// I put a lot of my personal experiences, as well as study information and practice test for the CISSP on my blog. All free and you don't need to register to access anything. http://www.cisspzone.com/about-cissp-zone/ Mitchell
On 4/27/2011 4:37 AM, olufemimogaji () gmail com wrote:Hi all, I'm currently the de facto IT manager for a small IT services firm. The nature of our business requires that we follow PCI standards as per logical security. Here's the thing, the CISO is leaving next month, and I've been told I'll be taking his position. I already have a lot of exposure to info sec, I have a CCNP (the former version with ISCW) and a I'm an MCP (Active Directory for WS 2008). What I need to know is what cert I should go out there and get to make me more cemented in this new CISO role, at least to keep the auditors happy, as they sometimes like to question your competence. The outgoing CISO, even though he was trained by some of our partners, had NO certs, and this exposed him to uncomfy questions from hard nosed auditors. Security+ or CISSP exam? Or any others? Any form of guiding light will be highly appreciated. Regards, Femi M.
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: IT Manager to CISO Sanchez, Gabriel (May 02)
- <Possible follow-ups>
- Re: IT Manager to CISO Mitchell Rowton (May 02)
- RE: IT Manager to CISO Bob Radvanovsky (May 02)