CISM Certification: What’s the Benefit, and Why Does it Matter?

Get CISM Certified: The benefits and meaning

There aren’t enough information security professionals to go around. That’s the word from a recent ISACA report, which found that 60 percent of organizations had open security positions which took on average three months to fill.For job-seekers looking to break into the infosec market or upgrade their existing security career, this seems like a golden opportunity. The caveat? It’s not limited budgets that keep companies from hiring new information security pros — it’s lack of skills.Breaking out of front-line work and into infosec management now means finding the right combination of on-the-job training and recognized certifications. But with so many certifications and courses now available, what’s the best way to jump-start an infosec management career? CISM certification. Here’s why.

What is CISM?

Certified information security manager certification is an advanced program designed for IT pros with the knowledge and experience to develop and manage information security programs. Often, technology professionals have been doing this job for months or years without any formal title or recognition and may be looking to move up in their own organization or apply for new jobs elsewhere.CISM is one of the most popular infosec certifications available and is accredited by ANSI under ISO/IEC 17024:2003. Achieving the certification requires the successful completion of a 200-question multiple choice exam that covers information security management, risk management, security program development and security incident management. CISM exams are administered three times a year and are valid for three years after successfully completing the exam. In addition, successful candidates must agree to the CISM code of Professional Ethics. Qualifications for taking the exam include five years of infosec experience and three years of management experience gained within a 10-year period prior to the application date.  While any IT pro with enough experience can pay the fee and write the exam, CISM training courses help prepare applicants for common challenges and reduce the likelihood they’ll have to retake the exam.

Why Does it Matter?

With so many infosec professionals already doing management work and gaining the expertise necessary to develop information security systems, why does the CISM certification matter?

• Management-Specific

CISM certification is designed for IT staff with management experience. As a result, it’s designed around international security best practices and showcases a manager’s ability to oversee both IT staff and create viable information security frameworks.

• Validates Experience

In-situ experience is invaluable. But it’s also difficult to measure given the diverse nature of IT environments across industries and organizations. The CISM certification effectively codifies this experience — instead of companies having to track down, sources for experience earned or skills demonstrated, CISM certification establishes up-front that infosec staff is management material who have put in the work to earn this designation.

• Improves Autonomy

One of the top predictors of job satisfaction? Autonomy. But that’s a difficult ask in infosec, where C-suites often prefer more well-worn solutions to innovative alternatives. Managers with CISM certification have demonstrated their ability to not only implement infosec solutions but design their own variations on the theme which provide business-specific protection. The result? CISM-certified staff is more likely to get the green light for new projects and initiatives.

• Enhances Compliance

When it comes to information security, compliance is a top priority. Data that is improperly stored, handled or accessed by staff can lead to significant compliance challenges, especially given the long arm of new legislation such as GDPR. CISM training and certification gives IT managers the tools and skills they need to ensure infosec processes and policies exceed compliance expectations.

How Will it Benefit My Career?

Equipped with CISM certification, how can IT pros expert their career to improve?Better compensation tops the list — as noted by the Infosec Institute, top-tier CISM-certified professionals command salaries of more than $200,000. In addition, this certification lets professionals move up more quickly in their own organization or ask for written changes to their job description which reflect their new expertise. The certification also benefits IT managers looking to change jobs or shift into other industries. As noted above, limited skillsets are the limiting factor when it comes to infosec hiring; staff with the right qualifications will quickly get noticed by IT recruiters and can use that interest to either switch jobs or demonstrate to current employers that a re-evaluation and benefits are in order.

Earning CISM

Information security managers fill a critical role in a company’s infosec strategy. Not only are they in charge of shoring up the existing defense, ensuring compliance and implementing new security tools, they’re also responsible for ensuring that infosec initiatives align with large-scale business objectives.Bottom line? This management-level certification can be challenging to obtain but provides significant benefits for IT professionals looking to move up in their current organization or discover a new career opportunity.

TL;DR:

Certified information security manager certification is an advanced program designed for IT pros with the knowledge and experience to develop and manage information security programs. Achieving the certification requires the successful completion of a 200-question multiple choice exam that covers information security management, risk management, security program development and security incident management. With so many infosec professionals already doing management work and gaining the expertise necessary to develop information security systems, why does the CISM certification matter? The CISM certification effectively codifies this experience — instead of companies having to track down, sources for experience earned or skills demonstrated, CISM certification establishes up-front that infosec staff is management material who have put in the work to earn this designation.