Certifications are not a mandatory requirement for becoming a CISO (Chief Information Security Officer). However, there are excellent reasons to have them. Certifications indicate a standard of achievement.

They demonstrate a level of competence, skills, and experience, and they lend credibility to the decisions a CISO makes.

So, which CISO certifications would benefit those responsible for identity management?

Certified Information Systems Security Professional (CISSP) Certification

Presently, CISSP certification is the closest to a must-have for CISOs. It’s considered the “gold standard,” similar to the CPA for accountants (Certified Public Accountant), or the ACE for video editors (American Cinema Editors).

What it is not, however, is a declaration of expertise in anything.

The (ISC)2, the non-profit organization that backs the CISSP, states that it demonstrates a knowledge of the fundamentals of information security, and proves minimal competency.

It’s a three step process to obtain the CISSP credential.

  1. To apply, you must have four or five years of experience in security.
  2. You will have to pass a six-hour, 250-question exam.
  3. Then you will need to get an endorsement from someone familiar with your experience – preferably that person will have CISSP certification.

CompTIA Security+ Certification

This certification is a good second alternative to the CISSP.

Also, a CompTIA Security+ credential can substitute for one year of experience in the CISSP requirements.

To pass the 90-question exam, you’ll need to show vendor-neutral expertise in identity management, security systems, risk management, best practices, and more.

Every three years, the certificate must be renewed by taking the current exam, passing a higher level CompTIA exam, or meeting a required minimum of continuing education credits before the end of the three years.

Cloud Identity and Access Manager (CIAM) Certification

The CIAM, administered by the Identity Management Institute (IMI), is designed for those in the information security field who manage user identities and resource access.

It indicates an understanding of risk management and the capability of developing and managing programs that deal with authentication, access, security, and compliance.

To obtain CIAM certification, you must be a member of IMI, meet certain experience and education requirements, and submit a written statement to assess communication skills.

To maintain certification, you’ll need to meet a required minimum of continuing education credits, follow the IMI Code of Ethics, and be an active IMI member.

Other CISO Certifications

Other certifications would benefit a CISO, including a Certificate of Cloud Security from the Cloud Security Alliance, the Certified Access Management Specialist (CAMS) credential from IMI, and the Certified Information Security Manager (CISM) certificate from the Information Systems Audit and Control Association.

Besides indicating seriousness on your part to your profession and a level of competency, studying to obtain the certifications will make you more knowledgeable and confident in your position and add to your value as a company asset.


Which CISO certifications do you believe would best benefit those responsible for identity management? Let us know your thoughts in the Comments box below.


And if you’re responsible for marketing and sales of identity management, be sure to download our free eBook on “Identity Management Lead Generation Best Practices.”

Identity Management Lead Generation Best Practices [Download Free eBook]


Submit a comment