Re: IT Manager to CISO

[Mitchell Rowton <mitchell.rowton () cisspzone com>]

Femi,

I would not pursue the Security+, although its gotten a lot more difficult
over the last few years, many people don't have a high degree or respect of
the for it because of how easy it used to be.

You may also want to consider the CISM (management) or CISA (auditing)

However, if I were you I would pursue the CISSP.  Its fairly well respected
and covers a broad area of information security.  One of the reasons
I recommend this is that you can follow it up with one of their
concentrations, ISSMP (management) and ISSAP (technical).  There is a fair
amount of overlap between the CISSP and either of these concentrations, so
you could conceivably get the CISSP-ISSMP in a fairly short period of time.

In addition, I'd recommend the Project Management Professional (PMP) for
someone in your position. I think this is as much, or more important than
most other industry/vendor specific certifications.

//shameless self promotion// I put a lot of my personal experiences, as well
as study information and practice test for the CISSP on my blog.  All free
and you don't need to register to access anything.
http://www.cisspzone.com/about-cissp-zone/

Mitchell


> On 4/27/2011 4:37 AM, olufemimogaji () gmail com wrote:
> > Hi all,
> >
> > I'm currently the de facto IT manager for a small IT services firm. The nature of our business requires that we 
> > follow PCI standards as per logical security. Here's the thing, the CISO is leaving next month, and I've been told 
> > I'll be taking his position. I already have a lot of exposure to info sec, I have a CCNP (the former version with 
> > ISCW) and a I'm an MCP (Active Directory for WS 2008). What I need to know is what cert I should go out there and 
> > get to make me more cemented in this new CISO role, at least to keep the auditors happy, as they sometimes like to 
> > question your competence. The outgoing CISO, even though he was trained by some of our partners, had NO certs, and 
> > this exposed him to uncomfy questions from hard nosed auditors. Security+ or CISSP exam? Or any others? Any form of 
> > guiding light will be highly appreciated.
> >
> > Regards,
> >
> > Femi M.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------