- The CISSP remains the security cert most often specified by name in security classifieds and job postings. This makes it a favorite target for would-be security mavens to this day. It requires 3 years of "relevant" work experience, though, so it may take a while for you to qualify for this program. You might want to consider the ISC-squared's System Security Certified Professional (SSCP) cert as an initial stepping stone to CISSP, if you can't meet their experience requirements right off the bat.
- The numerous SANS certifications define a three-tiered security certification program at entry, mid, and senior levels. This program has a lot of cachet and a great reputation in the industry, but SANS still hasn't made it terribly easy or affordable for candidates to get tested (they don't have a relationship with Prometric or VUE for widespread test access, and many of their senior-level certs require taking fairly expensive online or conference-based classroom classes to qualify to sit for the exams). I like this program and its topics a lot, but SANS is struggling to become a real global certification program at present. If you've got the time and money to work through their current structure, though, you will be rewarded for your efforts.
- The TruSecure ICSA and forthcoming ICSE credentials originate with a well-known and highly-regarded international security services/professional association, are driven by a pretty elite group of technical and industry advisors, and are making all the right moves in terms of moving into the mass market, mainstream certification landscape. It's still a little too early to tell how these programs will fare in the marketplace, but they certainly have the right pedigree and content to become successful in the future. In fact, I'd recommend the entry-level TICSA cert as a stepping stone to any of the programs mentioned here.
This was first published in January 2002