I earned my CISSP a couple months ago, and I'm interested in continuing my training in IT security. I get working towards certifications in the professional direction I want to go, but my interests are fairly broad.
I think ultimately I'd like to earn CEH, CSSP, and CRISC, but I'm not sure what order or if any of those are less prestigious or sought after than they used to be.
First off, congrats on the CISSP! That's one of the toughest to get, so great job!
Per the article linked, (and I agree), it's considered an expert certification so you have proven you have the security chops. :-)
As I'm sure you are aware, all these certs require continuing education units annually to maintain them, in typically a 3 year cycle.
That's a money commitment annually as you accumulate credits to recertify by going to training, seminars, conferences, etc. Ideally, you want your employer to pay for more certs. ;-)
If you are going for certs on your own, just be really aware of the cost initially to take the exam, and that hidden cost of maintaining the cert in the future. (you don't want to lapse, lose the cert, and then have to take those torturous exams AGAIN. Once is enough. Ha)
When you have multiple certs with one org like ISACA, depending on the activity you wish to log you may be able to apply the credit hour(s) to both certs. CISM and CRISC have some overlap for instance.
The certs I have and maintain are Project Management Professional (PMP), Certified in Information Security Management (CISM) and Certified in Risk and Information Security Controls (CRISC).
I think as far as other certs to possibly look at, it depends (of course! LOL).
If your interest is in a security management track, CISM is a good one to have.
If you see yourself going the risk way...then CRISC has value.
The fact I have CISM and CRISC is simply because my job has changed over time and different bosses wanted different certs as security strategy changes occured in the company.
If you want to get into cybersecurity/SOC/threats and vulnerabilities, CEH makes sense.
But the fact you have the CISSP tells the hiring manager you have studied broadly across many technology areas so you can be plugged into their organization in many ways.
Hope that helps.
I'm not personally that knowledgable about IT/Cybersecurity Certifications but I did look around and I found a website that seems to talk about certifications and their value in that field.
Hope that helps!
Please log in to answer this question.