Complementing Your Cisco Security Certifications with Vendor-Neutral Security Certifications

Date: Feb 9, 2011

Many Cisco security certification holders will find it worthwhile to add vendor-neutral certifications to their credentials portfolios. With so many good vendor-neutral security certifications available at various levels of difficulty, sifting through those choices can take some serious time and effort. Here, we take a look at select vendor-neutral information security certifications that make great counterparts to Cisco security certs.

Whether you’re just entering the IT field or are a seasoned IT professional, chances are you’ve discovered and understand the value and power that certifications can add to your career in terms of financial gain, career advancement, and prestige. When it comes to security, Cisco certifications remain some of the best-known, prestigious, and sought-after credentials in the IT industry. Cisco security certifications range from the entry-level Cisco Certified Network Associate (CCNA) Security, to the intermediate Cisco Certified Network Professional (CCNP) Security, to the advanced Cisco Certified Internetwork Expert (CCIE).

Vendor-specific certification programs such as those from Cisco offer in-depth, platform- and product-specific credentials. While Cisco’s security certifications also recognize deep knowledge of security issues in general, their focus is obviously on how to deal with such issues as they relate to Cisco platforms, tools, and technologies.

Many IT professionals balance their certification portfolios with a mix of vendor-specific and vendor-neutral certifications. Vendor-neutral certifications tend to cover the “big” picture for their respective topics, rather than focusing on vendor products and services.

With hundreds of information security certifications to choose from, finding the right mix of certifications that best fit your needs and interests can be challenging. Here, we take a look at Cisco’s top security certifications—the CCNA Security, CCNP Security, and CCIE— and match them up with some great complementary vendor-neutral certifications that we think you’ll find worth exploring—and possibly even earning.

Cisco Certified Network Associate (CCNA) Security

Designed to provide IT professionals with the skills necessary to develop Cisco security infrastructures, manage and mitigate security risks, and recognize security threats, this entry-level certification lays the foundation for the Cisco security certification path. This credential is a prerequisite for the CCNP Security cert. Candidates must pass a written exam that costs $250. Recertification is required every three years. For more information, visit the CCNA Security website.

Complementary Vendor-Neutral Certs for CCNA Security

While many entry-level vendor-neutral certifications are available, the following are our top three picks that we think match particularly well to CCNA Security:

Global Information Assurance Certification Program (GIAC)—Security Essentials Certification (GSEC): Security professionals seeking this certification must understand security terminology and possess hard security skills. The cost of GSEC certification is about $900. Renewal is required every four years by passing one exam, attending or teaching an ISO 17024 course, and publishing a technical research paper. For more information, visit the GSEC website.
CompTIA’s Security+: Focusing on fundamentals (theory and operational practices), Security+ is one of the best-known entry-level security certifications available. Over 45,000 people have earned this credential; IBM, the Security Certified Program (CSP), EC-Council, Security University (SU), and mile2 use Security+ in their programs. The Security+ exam costs $258. The certification must be renewed every three years, unless you earned the credential before January 1, 2011. For more information, visit the CompTIA certification page.
(ISC)² Systems Security Certified Practitioner (SSCP): This entry-level certification recognizes well-rounded knowledge of security issues across the enterprise, from access controls to network monitoring to risk analysis and recovery. It’s also great preparation for the more advanced Certified Information Systems Security Professional (CISSP) certification. The cost of the SSCP certification exam is $250 (early registration, otherwise it’s $300). An annual fee ($65) is required to maintain this certification, and candidates must recertify every three years. For more information, visit the (ISC)² website.

Cisco Certified Network Professional (CCNP) Security

The CCNP Security is the next iteration of the Cisco Certified Security Professional (CCSP). After October 2011, Cisco will no longer offer CCSP certification. The CCNP Security is suited to network security engineers who support, deploy, and maintain the security of Cisco routers, switches, firewalls, and other internetworking devices. Four exams are required for a total cost of about $600. Recertification is required every three years. For more information, see the CCNP Security certification page.

Complementary Vendor-Neutral Certs for CCNP Security

There are many great intermediate and advanced-level certifications to choose from, too. While we can’t cover all of them here, we think you’ll find the following of particular interest:

Certified Information Systems Security Professional (CISSP): Designed for more experienced professionals, CISSP candidates must possess at least five years of experience in two or more of the (ISC)² domains, or a combination of education and experience to meet its requirements. This credential focuses on those working in professional security positions. The exam costs $600 plus an annual maintenance fee. Credential holders must recertify every three years. For more information, visit the (ISC)² website.
Certified Information Systems Auditor (CISA): Offered by the Information Systems Audit and Control Association (ISACA), CISA is a credential that will benefit IT security professionals who regularly work with information systems control and auditing. Examination fees range from $425 (ISACA member, early registration) to $615 (non-member, standard registration) and five years of experience is required to apply. Recertification is required every three years.
Certified Information Security Manager (CISM): For those who responsible for organizational security (technology, best practices, policies, networks, and so forth), the CISM is a must-have certification. The cost for the exam ranges from $425 (ISACA member, early registration) to $615 (non-member, standard registration). Five years of professional security experience is required to apply. Renewal is required every three years.

Cisco Certified Internetwork Expert (CCIE) Security

For those who are serious about their craft, the CCIE Security is one of the most well-recognized and highly sought-after credentials available to IT security professionals. Since its introduction in 2002, it’s become the sine qua non for those working with Cisco networks, technologies, and security issues. Obtaining the credential isn’t easy but is well worth the effort. Candidates must take a written examination, and then pass a hands-on lab exam within three years. The certification is costly, running more than $1,700. For more information on the CCIE, visit the CCIE Security Track certification page.

Complementary Vendor-Neutral Certifications for the CCIE

If you have earned a pinnacle cert—such as the CCIE Security—where do you go from there? The (ISC)² CISSP concentrations in architecture, engineering, and management, along with the ASIS Certified Protection Professional, are good places to start:

CISSP-Information Systems Security Architecture Professional (CISSP-ISSAP): Focused on architecture, this credential is geared towards security architects, analysts, and consultants who design security plans. Candidates must pass a three-hour exam that costs $399 (early registration) or $449 (standard registration). For more information, view the (ISC)² website.
CISSP-Information Systems Security Engineering Professional (CISSP - ISSEP): The CISSP-ISSEP provides IT professionals working in the field of national security skills in the areas of systems security engineering, technical management, regulations, and certifications and accreditations. As with the ISSAP, an exam is required. Visit the (ISC)² website for more information.
CISSP-Information Systems Security Management Professional (CISSP-ISSMP): IT professionals working with enterprise systems will benefit from the CISSP-ISSMP. This certification focuses on security management of enterprise systems, continuity of operations planning (COOP), forensics, ethics, and legal issues. For more information, visit the (ISC)² website.
Certified Protection Professional (CPP): The CPP is a senior-level security certification offered by ASIS International. Credential holders must possess an in-depth knowledge of security principles, practices, procedures, and technologies. Credential seekers must have nine years of experience or an equivalent combination of education and experience. The fee is $300 for ASIS International members and $450 for non-members. Visit the ASIS website for more information.

For more options and offerings in the area of information security certification please consult “The Vendor Neutral Information Security Certification Landscape,” by Ed Tittel and Kim Lindros, at SearchSecurity.com. While we believe that the certs recommended in this article represent the best choices for certified Cisco professionals seeking to up their security smarts, a quick perusal of this survey will illustrate quite clearly that they are only a small subset of the total choices available.