On the NDA, I say save the company $50. The NDA is an antiquated idea, and I dont think any employers look for it over the CEH, and any manager worth his salt will find out that you are "double dipping". The NDA should only be listed instead of the CEH, not with it.

Personally, I am all with you on the CISSP, I am very much against it. I am not personally familiar however with the CISA or CISM. Sorry.

Define "better". What is your job role? CISM is a management cert and is an excellent program but if you are primarily a techie it may hold little value for you.

The CISSP is a somewhat painful experience and is also somewhat of a management cert but I tell every infosec professional I know (except those that can get by on name recognition alone) to get their CISSP. Not because it will hold any particular value for you or teach you useful skills (although it may) but because that's the cert HR departments everywhere seem to filter on more than any other cert. Just suck it up and get it done. If you don't have it, you may stand out in ways you don't wish to with ignorant HR folks.

This kind of reminds me of the people with an MCSE + Security and/or Messaging specialization who write this after their name:

MCP,MCSA,MCSA:S,MCSA:M,MCSE,MCSE:S,MCSE:M

Unless they already have the CEH, or take the CEH exam anyway, and work for the government as an employee or contractor...


Like I said, I don't know why this is still available.