Choosing the Right Security Certifications for You
The IT certification arena consists mainly of vendor-neutral and vendor-specific certifications. If your employer or primary customers use a certain vendor’s products, your choice is fairly easy: earn certifications that apply to that technology. For example, if your company supports Red Hat installations, pursue Red Hat Certified credentials. If you’re part of a predominantly IBM shop, go for the IBM certs. Deciding what to pursue on the vendor-neutral side is a bit more complicated, as is which combination of vendor-specific and vendor-neutral certs to obtain. To solve this dilemma, you need to understand where individual certs and cert programs fit in the overall scheme of coverage, and compare similar programs to decide which ones to pursue.
The Programs
Let’s start by looking at several vendor-specific and vendor-neutral certification programs, and then put them into perspective by job roles.
Some of the most popular vendor-specific security certs and programs include:
- Check Point offers a multi-level certification program to indicate knowledge of and skills using the company’s network protection products.
- Cisco offers many security certifications ranging from the entry-level Cisco Certified Network Associate (CCNA) Security, the intermediate Cisco Certified Network Professional (CCNP) Security, and the highly sought-after and advanced Cisco Certified Internetwork Expert (CCIE).
- Microsoft no longer offers specific security certifications, but many of its certs include security components. In addition, many security certifications include knowledge of certain Microsoft products as a requirement. Popular Microsoft certifications include the Microsoft Certified Technology Specialist (MCTS) and the Microsoft Certified IT Professional (MCITP).
- Red Hat has an impressive certification program, with its shining stars being the Red Hat Certified System Administrator (RHCSA), followed by the Red Hat Certified Engineer (RHCE), and finally the Red Hat Certified Security Specialist (RHCSS).
Other companies that maintain vendor-specific certification programs with a security angle include Guidance Software (EnCase forensics), Fortinet, IBM, Oracle, RSA, SAINT, Sourcefire (Snort), Symantec, and Websense. Brainbench offers a wide variety of both vendor-specific and vendor-neutral certifications.
On the vendor-specific side of security, some of the best-known and most widely followed IT security certification programs include:
- CompTIA’s well-rounded certification program includes the Security+, which stands out as one of the premier entry-level security certifications with over 45,000 certified individuals. It serves as a requirement or acceptable substitute in several other cert programs, such as those offered by EC-Council and mile2, among others.
- The EC-Council offers several certifications, on topics such as network security, security analyst, and even Voice over Internet Protocol. The organization is probably best known, however, for its Certified Ethical Hacker (CEH) and Licensed Penetration Tester (LPT) certs. EC-Council certs require background checks, ethics, and professionalism, in addition to training and exams.
- The venerable ISACA is an international professional association that focuses on IT governance. It offers the Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified in Risk and Information Systems Control (CRISC) certs. All ISACA certs have hefty experience requirements, so only seasoned IT professionals qualify to earn ISACA certifications.
- The (ISC)2 offers the well-known Systems Security Certified Practitioner (SSCP) and Certified Information Systems Security Professional (CISSP) certs, in addition to three CISSP concentrations (Architecture, Engineering, and Management) and a few others. The SSCP covers 7 of the 10 (ISC)2 Common Body of Knowledge (CBK) domains; the CISSP covers all domains. The CBK represents nearly every aspect of IT security, making both certs quite comprehensive.
- The SANS Global Information Assurance Certification (GIAC) program offers certifications geared toward security professionals responsible for designing, implementing, and maintaining a high-tech security infrastructure, which may include incident handling and emergency response team management. The GIAC Information Security Fundamentals (GISF) is the springboard to upper-level certs focused on firewalls, incident handling, intrusion analysis, Windows and Unix administration, information security officer, and systems and network auditor certifications. The GIAC Security Essentials Certification (GSEC) is also considered a leading foundational cert in the security industry.
Other certification organizations that offer vendor-neutral certs of note include Brainbench, CWNP (wireless networking credentials), CyberSecurity Institute, IACIS, Iowa-based training company mile2, and Security University (SU). ASIS International offers a small but esteemed program, which includes the most senior and prestigious IT security professional certification mentioned in this article, the Certified Protection Professional (CPP). You can also earn the Professional Certified Investigator (PCI) and Physical Security Professional (PSP) through ASIS, if you’ve got at least five years’ experience and meet other rigorous requirements.