+ Reply to Thread
Results 1 to 6 of 6

Thread: ISACA Certs


  1. Join Date
    Jun 2007
    Posts
    1,859
    #1

    Default ISACA Certs

    This thread:

    http://www.techexams.net/forums/secu...s-auditor.html

    and this thread:

    Question for the uber-geeks who have always loved computers.

    have both made me wonder about what is the perception of the value of ISACA's certifications out there?

    To quote JD in the 2nd thread:

    Quote Originally Posted by JDMurray View Post
    Only a few highly recognized and respected certs (e.g., CISSP, CISA/CISM, CCIE) can actually attempt to compete with degrees in their respective fields.
    While I agree with what is said here with respect to the CISSP and various iterations of Cisco's highest level certs, I'm not sure that I see they same value in the marketplace for the ISACA certs. Please note, I have nothing against ISACA (or JD for that matter ).

    I'm interested to hear everyone's thoughts...here's my thought about each of ISACA's certs:

    CISA - In many ways this seems like a "poor man's CPA". I often see work come around with some type of audit component, however, I rarely see any of this specifically requiring a CISA. More often than not I see specific audit-related experience requirements, such as SOX, PCI, ISO/IEC *, among others.

    CISM- I understand the management focus of this cert, however, as best I can tell the high ground in the security certification world is the CISSP. It seems like most of the people that I encounter that are focused on IT security either hold or are pursuing the CISSP.

    CGEIT - I'll venture a guess that many people that frequent this board are not very concerned about IT governance, what it means, or that there is a certification for it. I've felt like since this certification was released a couple of years ago that it's almost serving an empty market. Since this cert came out a couple of years ago, I have met exactly one person (in person) that holds it.

    I'm not a huge believer in the metric of searching Monster or Careerbuilder to see how many jobs are looking for a certification. I do however like to try to figure out how many people hold any given certification. This says really nothing about the level of demand for the cert.

    I don't know if ISACA publishes numbers for their certs (if someone does, please post a link). However, I will often do a search on LinkedIn just to get an idea of how many people out there hold the cert. Here's what I found:

    CISA - 17910
    CISM - 6086
    CGEIT - 1599

    CISSP - 26539

    CCIE - No need to do that search, we all pretty much know what it is

    I do realize that there is nothing scientific about this method that I've chosen, but it seems telling that in a population like that on LinkedIn that the CISSP outnumbers the CISM by roughly 4.5 to 1.

    MS
    Last edited by eMeS; 09-06-2009 at 07:43 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Are we having fun yet? UnixGuy's Avatar
    Join Date
    Mar 2008
    Posts
    3,328

    Certifications
    GCFA, eJPT, RHCE, Solaris 10, SNIA SCSP, Security+, Server+, ITILv3, CCNA (Expired)
    #2
    From my regular job search...I find security related jobs asking for people who have CISSP/CISA/CISM...or they say preferred certs : CISSP/CISA/CISM...but that's all I know
    Goal: GCFA (DONE), GPEN
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    702

    Certifications
    Most Recent: CISSP & CCDA
    #3
    7/10 of the cissp/cism/cisa candidates i interview i find to be not good enough.

    People are taking the exams for the wrong reasons mainly because they see $$ when in reality it should be a culmination of what you know. Pass one exam and all of a sudden they think they're an SME.

    The days of being handed jobs because of certs are over. If I interview someone with expert level certs I expect expert level knowledge to almost everything I ask.

    All these cert providers should be not for profit I think as right now they're all in it for the money and diluting what should be akin to a masters degree. They should also review the requirements and the time frame for being granted these certs. I've never met an expert who only had to pass one exam in any field.
    Reply With Quote Quote  


  5. Join Date
    Jun 2007
    Posts
    1,859
    #4
    Quote Originally Posted by GAngel View Post
    7/10 of the cissp/cism/cisa candidates i interview i find to be not good enough.

    People are taking the exams for the wrong reasons mainly because they see $$ when in reality it should be a culmination of what you know. Pass one exam and all of a sudden they think they're an SME.

    The days of being handed jobs because of certs are over. If I interview someone with expert level certs I expect expert level knowledge to almost everything I ask.

    All these cert providers should be not for profit I think as right now they're all in it for the money and diluting what should be akin to a masters degree. They should also review the requirements and the time frame for being granted these certs. I've never met an expert who only had to pass one exam in any field.
    Well said.
    Reply With Quote Quote  

  6. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,597
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #5
    Quote Originally Posted by GAngel View Post
    People are taking the exams for the wrong reasons mainly because they see $$ when in reality it should be a culmination of what you know. Pass one exam and all of a sudden they think they're an SME.
    Many people have an erroneous idea that employers are handing-out high-paying jobs to people who only passed an exam and got a certification. Certs like the CISSP, CISA, and CISM are meant to be achieved after considerable industry experience is acquired, and as a demonstration of that achievement. Getting the paper first is like being handed a college degree before you've taken the classes.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  


  7. Join Date
    Jun 2007
    Posts
    1,859
    #6
    Quote Originally Posted by JDMurray View Post
    Many people have an erroneous idea that employers are handing-out high-paying jobs to people who only passed an exam and got a certification. Certs like the CISSP, CISA, and CISM are meant to be achieved after considerable industry experience is acquired, and as a demonstration of that achievement. Getting the paper first is like being handed a college degree before you've taken the classes.
    What I find most interesting about these and other high-level certs is the experience required and verification of said experience. I know from reading discussions that the ISC2 has tightened things up a bit, but I would say that at least most of the others have not.

    For all of the high-level certs that I hold, I only know of one that actually verified the experience that was submitted. That was ASQ for their Six Sigma Black Belt.

    MS
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks