I'd like to enter the information security management field. What cert programs should I focus on?
I am a management graduate with three years of experience. I would like to get into the information security management field and eventually become a consultant in information security (as well as audit information security management systems). What should I be doing to get into this field and what are the courses I should be targeting? What is the scope of this field in today's market?
Given your interests, you should look into both of the major offerings from the ISACA certification program -- namely the CISA (Certified Information Systems Auditor) and the CISM (Certified Information Security Manager) credentials.
Anyone who wants to do IT auditing will benefit from the CISA, and as long as you're going to be involved with that organization anyway, it makes sense to pursue your InfoSec credential there as well (which should qualify you for various discounts on training and membership, if memory serves correctly). The ISACA also offers pointers to quality training in these subjects, and will help you identify what you must know and be able to do to earn these certifications.
Best of luck in your studies and on your exams.
This was first published in June 2007