--Originally published at Mental Droppings of a Tired Student
In Computer security there are a number of measures a professional can take to demonstrate his or her qualifications. Of course a university degree is a primary form of qualification, there are also credentials sponsored by companies such as Cisco or Microsoft. Additionally, certifications or qualifications given by an organization or the government can be valid forms of demonstrating your security prowess.
Quality and acceptance of these qualifications vary worldwide for IT security credentials, there are many to choose from; Acquiring a master’s degree in the field from a prestigious university can be a form of certification, but there is a long list of credentials offered by different institutions and organizations that might interest someone looking to develop a more specific skill set. You can also gain award certificates for winning government, university or industry sponsored competitions, including team competitions and contests. Such as Intel Cup, Freescale cup, amongst others.
Here is a list of certifications to consider, if you want to be the very best, like no one ever was.
CISSP
The Certified Information Systems Security Professional (CISSP) is a hardcore technically oriented, advanced-level certification and relates to some of the more complex topics like cryptography, network security, authentication and authorization. I think it’s safe to say it’s meant for IT pros who are very serious about careers in information security, since there is an annual fee of $85 is required to maintain the CISSP credential. Going back for Recertification is required every three years. To recertify, candidates must earn 40 Continuing Professional Education (CPE) credits each year for a total of 120 CPEs within the three-year cycle.
This credential continues to be highly sought-after by IT professionals and well recognized by IT organizations, it has a 40% market demand as of 2016. It is a regular fixture on most-wanted or must-have security
If you want to become a security beast, this is a must have according to many professionals in the field.
CISM
The Certified Information Security Manager (CISM) is a business oriented certification focusing on management, design and risk. So it’s more fore people interested in the business side of things or the management areas of IT security. The CISM credential was introduced to security professionals in 2003 by the Information Systems Audit and Control Association (ISACA).
Credential holders must agree to ISACA’s Code of Professional Ethics, pass a comprehensive examination, possess at least five years of security experience, comply with the Continuing Education Policy and submit a written application.
ISACA members who register early pay $440 for the exam; non-members pay $625 for early registration. Regular registration fee for members is $490 and for non-members is $675. The CISM credential is valid for three years, and credential holders must pay an annual maintenance fee of $45 (ISACA members) or $85 (non-members). Credential holders are also required to obtain a minimum of 120 continuing professional education (CPE) credits over the three-year term to maintain the credential. At least 20 CPEs must be earned every year. CISM has a 14% market demand and a median salary of 102 000 USD.
OSCE
The Offensive Security Certified Expert (OSCE) is obtained through a legendary exam that challenges the students to prove that they have a clear and practical understanding of advanced penetration testing skills through an arduous forty-eight hour certification exam.
The OSCE exam consists of a dedicated vulnerable network, which is designed to be compromised within a 48-hour time period. The exam is entirely hands-on and is completed with the examinee submitting an in-depth penetration test report of the OSCE examination network. The coveted OSCE certification is awarded to students who successfully gain administrative access to systems on the target network.
Taking this exam is the ultimate security nerd fantasy and will fulfill all your movie hacker dreams. It is considered a cult certification, not many people get it.
CompTIA’s Security+
CompTIA’s Security+ is a well-respected, vendor-neutral security certification. It’s definitely a good credential to start your security guru career. Security+ credential holders are recognized as possessing superior technical skills, broad knowledge and expertise in multiple security-related disciplines.
Successful candidates should possess at least two years of experience working in the area of network security and should consider first obtaining the Network+ certification. Those who obtain the cert possess expertise in areas such as cryptography, identity management, security systems, organizational systems, security risk identification and mitigation, network access control, security infrastructure and more.
The CompTIA Security+ credential is also approved by the U.S. Department of Defense to meet requirements for the information assurance (IA) technical and management certifications.
The cert requires a single exam, currently priced at $302 USD (discounts apply to those who work for CompTIA member companies, and to full-time students). Training is available but is not required. To renew, candidates are required to pass the most current Security+ exam, pass a higher level CompTIA exam or complete 50 continuing education units (CEUs) prior to the expiration of the three-year period. CEUs can be obtained by engaging in a variety of activities ranging from teaching, blogging, publishing articles or white papers, participating in professional conferences and similar activities.
GIAC Security Essentials
A fine entry-level credential, must have for all security professionals, given that you can afford it, is the GIAC Security Essentials (GSEC). Designed for professionals seeking to demonstrate that they not only understand information security terminology and concepts, but also possess the skills and technical expertise necessary for “hands-on” security roles.
GSEC credential holders demonstrate knowledge and technical skills in areas such as Wi-Fi protocols, identifying and preventing common and wireless attacks, network mapping, public switched telephony networks, access controls, authentication, password management, DNS, cryptography fundamentals, ICMP, IPv6, public key infrastructure, Linux, network mapping, network protocols and much more.
Currently priced at $1,099, the GIAC Security Essentials exam is quite a bit more expensive than the Security+ exam. While a training program is not required, credential seekers may take a “boot camp” course that includes the cost of the exam. GSEC certifications must be renewed every four years. To renew, candidates must accumulate 36 Continuing Professional Education credits (CPEs), all of which must be obtained in the two-year period immediately preceding certification expiration.
In light of all the requirements needed to acquire these certifications, deciding to go for one can be a big deal. I think you have to be able to afford it obviously, and have a clear enough vision of how you want to build your career. It’s important to have a clear idea of what area you want to focus on since computer security has a wide spectrum of areas you can specialise in. It’s definitely an investment you wouldn’t take lightly.
References:
https://www.linkedin.com/pulse/top-10-cyber-security-certifications-2015-sid-vanderloot
https://www.linkedin.com/pulse/top-10-security-certifications-2016-sid-vanderloot
http://www.tomsitpro.com/articles/information-security-certifications,2-205.html
