I got news the other that my application to be grandfathered into EC-Council’s Certified Chief Information Security Officer certification (C|CISO). I guess 16+ years of infosec experience and 5+ yrs of management/leadership has paid off. As I posted before 2013 is going to be the year of the certifications. I understand that a certification doesn’t necessarially mean someone knows something – in fact I know many certified folks that don’t know squat and many that don’t that are sharp as tacks; however, I (at least in my own head) know what I am doing and I have the means (with the help of company reimbursement) to get certifications so I figured why not. Next on my list are (maybe in this order):
EC-Council’s CEH
Secuity+ (already have the CISSP so this should be cake – hope I didn’t jinx it)
ISACA’s CISA
and last but not least ISC2 CSSLP.
Since I didn’t actually take a test for the C|CISO I can’t comment on how hard it will be or what specifically to study but with the others I plan on giving you as muh insight as I can.