We get asked all the time – should I get a CISM, CISSP, or both?
The short answer is you should get the CISSP certification.
The long answer is that it really depends on your goals and what you are trying to accomplish.
Several years ago, the DoD passed a regulation, DoD 8570, which stated that all Information Assurance (IA) personnel were required by law to be compliant. Certification is necessary to work with this data, whether that be DoD staff, contractors, or partners.
DoD 8570, the Cybersecurity Information Assurance Workforce Development Program, will soon be replaced by DoD 8140. DoD 8570 determines which cybersecurity certifications are required for Information Assurance positions in a United State’s government organization.