Figuring Out ISACA Certifications for Cybersecurity Careers: ④ CISM
In this fourth piece of the “Figuring Out ISACA Certifications for Cybersecurity Careers”, I’m introducing the certificate titled Certified Information Security Manager (CISM). You can skip towards the end for more information on prerequisites and salaries you can earn with CISM.
ISACA (Information Systems Audit and Control Association®) is one of the world’s leading education and certification center for IT professions including cybersecurity. Started in 1967 by a small group of individuals, ISACA has become a “… centralized source of information and guidance in computer systems as well as an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field.” Accepted widely across sectors, ISACA offers a myriad of education programs in addition to powerful certificates.
Here are eight cybersecurity certificates offered by ISACA, with some of the certifications being cumulative ‘composites’ of several certificates:
- Information Technology Certified Associate (ITCA) (Read about it here)
- Certified Information Systems Auditor (CISA) (Read about it here)
- Certified in Risk and Information Systems Control (CRISC) (Read about it here)
- Certified Information Security Manager (CISM)
- Certified Data Privacy Solutions Engineer (CDPSE) (Read about it here)
- Certified in Governance of Enterprise IT (CGEIT)
- CSX Cybersecurity Practicioner (CSX-P)
- Certified in Emerging Technology (CET)
Let’s take a look at the fourth certificate on the list: Certified Information Security Manager (CISM). According to the information provided by ISACA, the CISM is mostly for mid-level IT workers with technical expertise and experience in IS/IT security and control and who want to make the move from team player to manager. CISM is very useful for adding credibility and confidence to potential interactions with internal and external stakeholders, peers and regulators. Having this type of credibility helps ensure improved alignment between the organization’s information security program and its broader goals and objectives. Since efforts towards compliance, security and integrity across organizations are currently in high gear worldwide, CISM can make an immense difference in your cybersecurity career projectory.
Having CISM in your CV will grant immense credibility in your interactions with internal stakeholders, regulators, external auditors, and customers. However, there is an experience requirement for taking up CISM unlike ITCA. The applicant is expected to have 5+ years of experience in technical IT security and cybersecurity. Also, having obtained the CISA and the CRISC certificates before starting is considered a plus. Making the effort to get the CISM is meaningful if you are aiming to become either of these below:
- VP/AVP Information Security (Average annual US base salary in 2022: $230,233)
- Chief Information Security or Compliance Officer (Average annual US base salary in 2022: $229,610)
- Security and Compliance Director (Average annual US base salary in 2022: $151,338)
- Data Security Manager (Average annual US base salary in 2022: $137,729)
- IT Architect (Average annual US base salary in 2022: $120,772)
- Security Analyst (Average annual US base salary in 2022: $104,339)
The training for the certificate is completely knowledge-based without any hands-on lab-based training, so the process can be done entirely online. Since mid-career IT professionals with 5+ years of experience can easily get a nice bump up in annual salaries with potential career switches, CISM is worth pursuing for many of us interested in cybersecurity careers.
P.S.: The CISM Exam Content Outline will be updated on June 1, 2022. You can still take the current CISM exam based on the current content outline up until May 31, 2022.
Source: History of ISACA, ISACA Credentialing, Glassdoor, Payscale, Indeed
Note: Before enrolling in the certification program, I highly suggest reading more on ITCA, CISA, CRISC, and CDPSE.
