Security certification choices |
 |
EXPERT RESPONSE FROM: Ed Tittel
|
|
|
|
| > |
QUESTION POSED ON: 09 January 2002
In the field of computer security, there are new certifications popping up
all over the place. It used to be that there were two certifications --
CISSP and CISA. Now SANS, Truesecure, and a host of other companies have
started their own -- and in some case multiple certifications. If you read
the marketing claims of each vendor/organization, their certification is the
best and most important. Can you help us understand which certifications
carry the most weight in the industry and which specialized certifications
might be most appropriate?
|
|
| > |
You are correct in observing that the security certification space is
growing increasing fragmented, and therefore "fraught with choice," you
might even say. Despite those many, many choices, my top three picks are as
follows (with reasons to explain why I tend to focus most on the programs
mentioned):
- The CISSP remains the security cert most often specified by name in
security classifieds and job postings. This makes it a favorite target for
would-be security mavens to this day. It requires 3 years of "relevant" work
experience, though, so it may take a while for you to qualify for this
program. You might want to consider the ISC-squared's System Security
Certified Professional (SSCP) cert as an initial stepping stone to CISSP, if
you can't meet their experience requirements right off the bat.
- The numerous SANS certifications define a three-tiered security
certification program at entry, mid, and senior levels. This program has a
lot of cachet and a great reputation in the industry, but SANS still hasn't
made it terribly easy or affordable for candidates to get tested (they don't
have a relationship with Prometric or VUE for widespread test access, and
many of their senior-level certs require taking fairly expensive online or
conference-based classroom classes to qualify to sit for the exams). I
like this program and its topics a lot, but SANS is struggling to become a
real global certification program at present. If you've got the time and
money to work through their current structure, though, you will be rewarded
for your efforts.
- The TruSecure ICSA and forthcoming ICSE credentials originate with a
well-known and highly-regarded international security services/professional
association, are driven by a pretty elite group of technical and industry
advisors, and are making all the right moves in terms of moving into the
mass market, mainstream certification landscape. It's still a little too
early to tell how these programs will fare in the marketplace, but they
certainly have the right pedigree and content to become successful in the
future. In fact, I'd recommend the entry-level TICSA cert as a stepping
stone to any of the programs mentioned here.
If you have specific questions or comments about these or other security
certification programs, feel free to e-mail me directly at etittel@lanw.com. I'd be glad to field any follow-up items you might wish to raise.
Thanks for sharing some intelligent, worthwhile questions with me and the rest of our readership. Good luck as you pursue your future certifications.
--Ed--
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
