Help Your Clients Raise the Information Security Bar With CISSP, CISM and CRISC

Blog Post • Industry Insights • [read_meter]

Organizations that fail to protect the personal details of their customers suffer severe financial and reputational repercussions. The theft of their vital intellectual property is becoming considerably easier and the thought of losing trade secrets which could subsequently jeopardize their very core and even put them out of business is a major concern. To put a number to it, according to the Telegraph the cost of cybercrime for the global economy is approximately $445 billion annually.

Unfortunately skilled cybersecurity professionals who could adequately protect organizations are a scarce commodity:

  • According to the UK National Audit Office, it could take up to 20 years to address the current skills gap. (Source: The Guardian, 26 September 2013)
  • 47% of organizations say that the number of employees dedicated to network security is inadequate in some, most, or all cases. (Source: Network World September 2014)
  • 86% of respondents see a global cybersecurity skills gap – and 92% of those planning to hire more cybersecurity professionals this year say they expect to have difficulty finding a skilled candidate (Source: ISACA Global Cybersecurity Report January 2015)

A Great Opportunity for IT Training Providers to Bridge the Skills Gap

The likes of Sony Corporation and, Inc. may be obvious targets due to their presence and stature, but cyber attacks are usually indiscriminate and your learners/clients are as vulnerable as the next organization.

Helping clients raise their information bar is not just a way for IT training providers to create revenue. It is an opportunity to build a reputation in a domain with an enormous demand that dwarfs the current and future supply. One could even argue that it is an ethical responsibility of every IT training provider to equip its learners/clients with the best skills and certifications available in cybersecurity.

CISSP, CISM, and CRISC – What You Need to Know


Certified Information Systems Security Professional (CISSP) is a vendor-neutral certification backed by ISC².

This certification course is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.

Source: ISC²

Candidates must have five years of direct full-time professional security work experience in two or more of the ten domains of the (ISC)² CISSP CBK. Since 1998, CISSP has been a globally accepted standard of competency among information security professionals.

CISSP qualified individuals often hold the following positions among others:

  • Security Consultant
  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Security Architect
  • Security Analyst
  • Security Systems Engineer
  • Chief Information Security Officer
  • Director of Security
  • Network Architect IT Director/Manager
  • Security


Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) are ISACA backed certification courses covering information security and risk management respectively.

Successful CISM candidates may pursue a career as Chief (Information) Security Officer (CSO / CISO) while CRISC leads to a career as Chief Risk Officer (CRO).

CISM Requirements: Submit verified evidence of a minimum of 5 years of information security management work experience (covering 3 of the 4 job practice domains).

CRISC Requirements: Submit verified evidence of a minimum of 3 years of risk and information systems controls experience (covering 3 of the 5 job practice domains).

Overcoming the Complacency Barrier

It is a well-known fact that there is increasing awareness for those involved in an organization’s cybersecurity about the threats they face in cyberspace and their own vulnerabilities. However, many of them are still very complacent. Last year Trend Micro highlighted how and why such complacency can occur on their blog post-Cybersecurity complacency a leading cause of data breaches.

Some of the major aspects to be taken into consideration when consulting with clients about adding to their arsenal of cybersecurity knowledge are:

Key Drivers for Information Security Training
  • Protect business assets and repair vulnerabilities
  • Be compliant with regulatory requirements
  • Build trust with clients to ensure business success
  • Corporate reputation
Understanding the Perspective of Different Stakeholders
  • CEO: More than 3,000 companies in the U.S. were victims of a cyberattack last year, costing an estimated $445 billion – how well-protected are we against operational and reputational damage from cyber-attacks?
  • CIO/CISO: I want security to support business objectives. I want to find qualified staff to build the team to meet requirements and performance standards.
  • CFO: Have we aligned our cybersecurity strategy to our risk appetite and the overall risk environment? Cyber attacks can invite greater regulatory scrutiny, which in turn increases organizational costs – Have we addressed this risk properly?
Understanding the Perspective of Individual Learners

Employers look to certifications as a measure of excellence and quality. Getting certified pays off in increased salary. According to the 2015 IT Skills and Salary Survey conducted by Global Knowledge and Windows IT Pro, the certification courses we have mentioned are among the top-paying:

  • Certified in Risk and Information Systems Control (CRISC) $119,227
  • Certified Information Security Manager (CISM) $118,348
  • Certified Information Systems Security Professional (CISSP) $110,603

Choosing the Right Content Provider

As an IT training provider, it is of paramount importance that you partner with the content provider that fully understands your needs. Just like any business entity, you want to increase revenue and save costs while benefiting your clients. When it comes to the above-mentioned training portfolio, there is no exception.

See how ITpreneurs’ low barrier and high impact model can help you increase revenue and save costs.

About the author

Mirosław Dąbrowski
C-level IT advisor, CEO, Agile ICF Coach, Speaker

15 years in IT and management; 13 in consulting/coaching/training; 8 in DevOps/SRE (multiple roles); 6 in C-level and executive board positions. Together with the team of experienced professionals our current focus is on Agile/Digital transformations of enterprises (consulting/coaching/mentoring) from multiple domains like PMO, IT, Business, DevOps, Automatization, HR, Legal, Procurement Management, Vendor Management and many more. We are experienced in large scale transformations, departments of 500+ people. Experience is based on 100+ clients in Europe/Poland (major sectors: banking, eCommerce, finance, gaming, pharma, retail); Over 5000+ people trained/coached personally.

Discover More

Customizable dashboard ITP

New in Talent Academy for February: Self-discovery, Messaging UI Improvements, Archive State and Customizable Dashboard

Learners report

New in Talent Academy for November: Assignment Content Type, Learner Progress Report, UI Track Navigation Optimization

How to Apply Different Teaching Models in an Online World

How to Apply Different Teaching Models in an Online World