Certification: Why You Should Consider Going Outside BCM

Being laid off earlier this year I was faced with some important decisions.  Recognizing that the Business Continuity Management profession was getting hit hard from the recession, I needed to find something else that would keep me employed.  Not wanting to turn my back on my profession of the last 20 years, I still wanted something that could generate consulting work or a full-time job.

Several years back I applied for the Certified Information Systems Auditor (CISA) exam but couldn’t attend due to a work-related situation.  Recent research on several job Web sites indicated a rather large demand for IT auditors.  So I reapplied for and recently took the CISA exam.  Despite a wealth of training and study materials available from ISACA, I opted for the minimum study guides due to a limited budget.  Figure a budget of about $700 to register for the exam, buy two study guides, and join ISACA.

Reviewing the materials every day for several months showed me how much has happened in the IT profession in the past 25+ years.  The good news is that two of the six areas of competency needed for the CISA are information security and business continuity.  I’ve been involved in both for several years, and the two areas make up almost 50 percent of the test questions.  The exam has 200 multiple-choice questions, and the test is set for four hours.  Assuming you pass the exam, the next step is to apply for the CISA certification by completing an application.  Be sure to have reliable references available to validate your previous work experience.

So why all this for yet another certification?  Despite having two BCM certs, the job market for BCM just isn’t there at this time.  By contrast, the demand for CISA and CISSP (information security) credentials is huge and growing.  Coupling BCM certs with audit and security appears to be a powerful combination.  And given my current age, I believe this combination can also help me compete against younger candidates for key opportunities.  Another important point is that a lot of  the work we do in BCM has an audit slant. The British standard, BS 25999, calls for auditing as a key part of the business continuity management system (BCMS) model advocated by BS 25999.  So it seemed to make sense to “reinvent” myself as perhaps an IT auditor who specializes in BCM and security.  The key is that “IT auditor” generates more employer interest than “BCM” and “security.”

Another important aspect of the above strategy is that BCM is a key knowledge element in both CISA and CISP certifications.  Your existing knowledge of BCM is not wasted; if anything, it can enhance your chances of passing the exam.

With only a few undergraduate and graduate-level degrees in BCM available, certifications are still the best option for professionals.  If you are concerned about your long-term prospects in BCM, given the economy and job market, consider adding CISA and/or CISSP credentials.

Tags: Business Continuity, certifications, information security, IT audit