The BrainBench Internet and network security exams. You'll find them listed at www.brainbench.com; this should take you 2-4 months.
Next, tackle the Certified Internet Webmaster (CIW) Security Professional exam.
After that, a broader, more formal, but still entry-level security cert is what you should tackle. This could be any of the following credentials, any of which will provide you with an excellent and thorough background in computer security theory, operations, practices, and policies:
TruSecure ICSA Computer Security Associate (TICSA) (http://www.trusecure.com/html/secsol/practitioner.shtml) The International Computer Security Association is well-known and highly regarded; their entry-level program requires a minimum of 2 years' work-related security experience or equivalent classroom training hours.
ISC-squared's System Security Certified Professional (http://www.isc2.org/cgi/content.cgi?category=20) the International Information Systems Security Certification Consortium is also home to the best-known senior level security certification (see below). If you're of a mind to go that route, the SSCP is a great way to prepare.
SANS GIAC Security Essentials Certification (GSEC) (http://www.giac.org) The System Administration and Network Security (SANS) Institute is a growing powerhouse in the security industry. Likewise, its certifications are gaining increased visibility and acceptance. The GSEC opens the door to other certifications in the SANS GIAC program.
Finally, you'll be ready to tackle a premium or senior-level security certification. Most such certifications require 3 or more years of relevant, on-the-job experience. Many require submitting papers or research results in addition to passing exams; some also require taking specific classes. Of these, three are particularly worthy of mention, and pick up where the previous three left off:
TruSecure ICSE Computer Security Expert (TICSE) (http://www.trusecure.com/html/secsol/practitioner.shtml) This is an expert-level computer security certification that builds on the platform of the TICSA. A relatively new program, this credential is well-conceived but does not yet enjoy the same clout or recognition as the other two senior-level credentials mentioned here.
ISC-squared's Certified Information Systems Security Professional (CISSP) (http://www.isc2.org/cgi/content.cgi?category=19) is the best-known senior-level security certification in North America, and the one most often requested by name in job postings and classified ads.
SANS GIAC Security Specialist Certifications (http://www.giac.org) The System Administration and Network Security (SANS) Institute offers numerous topical specializations that extend on the GSEC including firewalls, incident handling, intrusion analysis, windows and UNIX administration, information security officer, and systems and network auditor certs. A topical, timely, and highly technical program based on outstanding training online or at SANS conferences.
This was first published in May 2002