Ask the Expert

Security certification choices

In the field of computer security, there are new certifications popping up all over the place. It used to be that there were two certifications -- CISSP and CISA. Now SANS, Truesecure, and a host of other companies have started their own -- and in some case multiple certifications. If you read the marketing claims of each vendor/organization, their certification is the best and most important. Can you help us understand which certifications carry the most weight in the industry and which specialized certifications might be most appropriate?

    Requires Free Membership to View

    Login

You are correct in observing that the security certification space is growing increasing fragmented, and therefore "fraught with choice," you might even say. Despite those many, many choices, my top three picks are as follows (with reasons to explain why I tend to focus most on the programs mentioned):

  • The CISSP remains the security cert most often specified by name in security classifieds and job postings. This makes it a favorite target for would-be security mavens to this day. It requires 3 years of "relevant" work experience, though, so it may take a while for you to qualify for this program. You might want to consider the ISC-squared's System Security Certified Professional (SSCP) cert as an initial stepping stone to CISSP, if you can't meet their experience requirements right off the bat.
  • The numerous SANS certifications define a three-tiered security certification program at entry, mid, and senior levels. This program has a lot of cachet and a great reputation in the industry, but SANS still hasn't made it terribly easy or affordable for candidates to get tested (they don't have a relationship with Prometric or VUE for widespread test access, and many of their senior-level certs require taking fairly expensive online or conference-based classroom classes to qualify to sit for the exams). I like this program and its topics a lot, but SANS is struggling to become a real global certification program at present. If you've got the time and money to work through their current structure, though, you will be rewarded for your efforts.
  • The TruSecure ICSA and forthcoming ICSE credentials originate with a well-known and highly-regarded international security services/professional association, are driven by a pretty elite group of technical and industry advisors, and are making all the right moves in terms of moving into the mass market, mainstream certification landscape. It's still a little too early to tell how these programs will fare in the marketplace, but they certainly have the right pedigree and content to become successful in the future. In fact, I'd recommend the entry-level TICSA cert as a stepping stone to any of the programs mentioned here.

If you have specific questions or comments about these or other security certification programs, feel free to e-mail me directly at etittel@lanw.com. I'd be glad to field any follow-up items you might wish to raise.

Thanks for sharing some intelligent, worthwhile questions with me and the rest of our readership. Good luck as you pursue your future certifications.

--Ed--

This was first published in January 2002

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top