Once I held a few certifications, I sought after longer term prospects. My career started to lean towards Governance/Compliance, and that was the time when I decided to go for CISSP (or CISM, depends on your expectations). After achieving the CISSP, I identified the topics in which I could further strengthen my position as a manager and pursued ITIL and Prince2 certifications. That was the best long term decision I could have taken: I was a Security manager, juggling with projects in one hand and ITIL/Cobit on the other. The knowledge absorbed through the certification process helped me to identify and work upon my weak spots, leading me to the path of becoming an all-rounded manager.

Thinking even further upon my career, I understood that becoming an independent consultant is one of the natural paths my career might take. That’s when I decided to go for CISA and ISO 27001 Lead Auditor. The illustration below should give you a best understanding of my recommendation:

What are the financial/logistical requirements to achieve and keep the certification in good standing?


Some other factors to consider involve the budget required to achieve/keep the certification and the re-certification requirement of the vendor/institution. Some re-certification requires you to pass an updated exam while others call for you to have continuing education credits. The process of (re)certification may be pricey when all the costs (test fees, study materials) are added up. However, in today’s highly competitive IT environment, maintaining your certification makes it easier for you to land information security jobs, and since you already spent a considerable amount of resources/energy to become a certified professional, the recertification is a must. Just to wrap this topic up, handle the whole certification process (learning about the certification itself, studying, getting ready for the exam, taking the exam and so on) as an investment on you. It’s like going to the gym: sometimes we are comfortable with our looks or current condition, but we can always get better.

Finally, make sure to do your homework and don’t buy into the hype offered by many vendors who claim that their security certification offers the best opportunities to be hired for the best security jobs. Study the requirements of your organization carefully to decide which certification best suits its needs and the responsibilities of your current information security career. If you are considering security certification in order to shift careers, make sure to look carefully at the objectives of every certification examination to see if it meshes with your desired career objectives.

That’s all for now, readers! The theme is lengthy and complex, and impossible to be covered in one go. If you have any questions about the certification topic, please send it to our e-mail and I’ll do my best to clarify!