Please upgrade your web browser

These pages are built with modern web browsers in mind, and are not optimized for Internet Explorer 8 or below. Please try using another web browser, such as Internet Explorer 9, Internet Explorer 10, Internet Explorer 11, Google Chrome, Mozilla Firefox, or Apple Safari.

What certification after CISSP?


Andy Malecki Silver Spring, MD

I earned my CISSP a couple months ago, and I'm interested in continuing my training in IT security. I get working towards certifications in the professional direction I want to go, but my interests are fairly broad.

I think ultimately I'd like to earn CEH, CSSP, and CRISC, but I'm not sure what order or if any of those are less prestigious or sought after than they used to be.


26 June 2019 2 replies Education & Training



Clif Hadley Keller, TX

Hi, Andy.

First off, congrats on the CISSP! That's one of the toughest to get, so great job!

Per the article linked, (and I agree), it's considered an expert certification so you have proven you have the security chops. :-)

As I'm sure you are aware, all these certs require continuing education units annually to maintain them, in typically a 3 year cycle.

That's a money commitment annually as you accumulate credits to recertify by going to training, seminars, conferences, etc. Ideally, you want your employer to pay for more certs. ;-)

If you are going for certs on your own, just be really aware of the cost initially to take the exam, and that hidden cost of maintaining the cert in the future. (you don't want to lapse, lose the cert, and then have to take those torturous exams AGAIN. Once is enough. Ha)

When you have multiple certs with one org like ISACA, depending on the activity you wish to log you may be able to apply the credit hour(s) to both certs. CISM and CRISC have some overlap for instance.

The certs I have and maintain are Project Management Professional (PMP), Certified in Information Security Management (CISM) and Certified in Risk and Information Security Controls (CRISC).

I think as far as other certs to possibly look at, it depends (of course! LOL).

If your interest is in a security management track, CISM is a good one to have.

If you see yourself going the risk way...then CRISC has value.

The fact I have CISM and CRISC is simply because my job has changed over time and different bosses wanted different certs as security strategy changes occured in the company.

If you want to get into cybersecurity/SOC/threats and vulnerabilities, CEH makes sense.

But the fact you have the CISSP tells the hiring manager you have studied broadly across many technology areas so you can be plugged into their organization in many ways.

Hope that helps.

Clif Hadley


ACP AdvisorNet Staff New York, NY

Hi Andy,

I'm not personally that knowledgable about IT/Cybersecurity Certifications but I did look around and I found a website that seems to talk about certifications and their value in that field.

Hope that helps!

Your Answer

Please log in to answer this question.

Sign Up

You can join as either a Veteran or an Advisor.

An Advisor already has a career, with or without military experience, and is willing to engage with and help veterans.
Sign Up as an Advisor.

A Veteran has military experience and is seeking a new career, or assistance with life after service.
Sign Up as a Veteran.