I'm an Information Security Manager. I oversee security policy and risk, and I make sure the controls we have on paper actually protect our real systems in practice. I came from a compliance background, so bridging policy and practice is exactly the role I always wanted. I get to connect the rules to the technology they're meant to govern. It's a job that genuinely uses everything I've learned over my whole career.
I started out as a compliance clerk. I knew the rules, the frameworks, and the paperwork thoroughly, but I couldn't always connect them to the actual systems they were meant to protect. I understood security in theory but not really in practice, and that bothered me. I could audit a policy but not always explain the technology behind it. Closing that gap between governance and real systems is what drove me forward.
I wanted to move from simply documenting security to genuinely managing it. Compliance gave me a strong grasp of governance, but I wanted real technical understanding sitting behind it. Security management sits right at the intersection of policy and practice, which is exactly where I felt I belonged. The blend of the two is what drew me in. I didn't want to choose between the business side and the technical side, and management let me have both.
CertLabz let me connect policy to real systems in a way nothing else had. I practiced access controls, risk scenarios, and security concepts in hands-on labs rather than abstract checklists. The performance-based questions made me apply governance to realistic situations, and SkillTracker kept me focused on what I actually needed. It gave the frameworks I already knew a practical, technical grounding. Suddenly the rules I'd memorized had real systems attached to them.
"CertLabz gave the frameworks I knew a practical, technical grounding. CISM did the rest."
Katalina Heymans, Information Security ManagerI kept all my compliance strengths and added real technical depth on top of them. That combination is exactly what security management roles need.
Earning my CISM was the credential that changed everything for me. It proved I could manage and govern information security at a professional level, not just administer small pieces of it. With my compliance background and CISM together, I stepped into a management role. It signalled clearly that I could lead a security function, not just document one. That recognition is what employers were waiting to see.
What I valued most was finally connecting the worlds I'd always kept separate. Governance and technology had felt like two different languages, and CertLabz helped me speak both. The hands-on practice gave the frameworks real meaning. I also valued how focused the study was, which mattered while I was working full time. It made an ambitious move feel realistic and achievable.
If you come from compliance or policy, don't underestimate how valuable that foundation really is. Add genuine, hands-on technical understanding so you can connect the rules to the systems they protect. A management credential like CISM proves you can lead security, not just follow it. The intersection of policy and practice is where the best and most senior roles live. Aim for both, and you'll stand out.
Next, I'm working toward broadening my security leadership, with an eye on more senior management responsibility. I'd like to help shape security strategy at a higher level, not just manage the day-to-day controls. My blend of compliance knowledge and technical understanding gives me a genuinely useful perspective for that. I'm also mentoring colleagues moving from policy roles into hands-on security. The field keeps changing, so staying current is simply part of the work. I'm committed to keep growing both my technical depth and my leadership skills over time.
