Has anyone done the CISM certification? If so, I'd like to know how difficult it was for you to obtain with a beginner IT background?

Training & Certification Security Strategy & Roadmap

727 views3 Comments

Sort by:

Director of Information Security in Consumer Goods7 months ago

With a good Cyber background, a few weeks of study should prepare you for the test. Use the practice tests a few times and you will be good.

CISO in Government8 months ago

I obtained the CISM about three years after completing my CISSP. I would say the CISM is not really a certification for someone with a beginner IT background. It's meant to show that you have the skills and management acumen to be a manager of an IT security team, and I think you can't do that very well without a solid IT background.

I will say that if you pass the CISM, you should take the CRISC soon after. There's a ton of overlap between the two certs.

Chief Risk Officer8 months ago

I obtained my CISM while enrolled in my MBA program and spent a month preparing. It focuses more on general security practices and strategic planning as it relates to security. I come from a background of IT and Security, so it was not as difficult. If you study the principles and take advantage of practice test, you should be fine.

Content you might like

What do you think of the current state of collaboration between your org’s IT and infosec teams when it comes to vulnerability patching?

Excellent1%

Very good75%

Good12%

Bad11%

Very bad

View Results

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

How are you making sure the security team has visibility into social engineering attempts on helpdesk staff, especially with attacks using voice impersonation or other deepfake techniques?

Do you currently have a scalable API security solution?

Yes51%

Not yet, but we plan to implement one.37%

No10%

Other (tell us in the comments)

View Results

Has anyone done the CISM certification? If so, I'd like to know how difficult it was for you to obtain with a beginner IT background?

Sort by:

Content you might like

What do you think of the current state of collaboration between your org’s IT and infosec teams when it comes to vulnerability patching?

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

How are you making sure the security team has visibility into social engineering attempts on helpdesk staff, especially with attacks using voice impersonation or other deepfake techniques?

Do you currently have a scalable API security solution?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

Generative AI Training for IT Organizations

Take Your Insights On-the-Go