Certified Chief Information Security Officer


The cybersecurity world is full of certifications.

The fact is, it’s an easy way to validate a skill set without doing a deep-dive interview with a candidate. Most certifications require classroom and fairly lengthy exams covering a large body of knowledge. In my case, the CCISO certification is my most recent validation of my skillset.

The CCISO exam is offered by EC Counsil, the folks that did the highly popular CEH certification. Similar in scope to CISSP certification, the CCISO covers 5 domains of knowledge:

  1. Governance, Risk, and Compliance
  2. Information Security Controls and Audit Management
  3. Security Program Management and Operations
  4. Information Security Core Competencies
  5. Strategic Planning, Finance, Procurement, and Third-Party Management

As you can see, this is a management level program. There isn’t a focus on certain tactics or procedures because those don’t belong at the management level in the same way the next CEO of Amazon need not have experience as a delivery driver.

I’ll admit that the exam itself was difficult, and some questions are arguably awkward, but does a good job testing against the body of knowledge. It is a great indicator of awareness and understanding of corporate risk and security. Particularly when paired with other certifications, I feel that these certifications go a long way toward validating education and awareness of issues. That is the challenge that corporations need at the C-level and boardroom.

Leave a Reply

Verified by MonsterInsights