IT Security Certifications?

certifiedSecurely asks: "Network security seems to be a hot topic these days, but I have seen very little on Security Certifications. Searching the web has turned up several offerings: http://www.securitycertified.net/ and http://www.isc2.org/ are two examples. I was wondering if any of the readers had any insight into the various security certifications and their respective market value and dominance, future longevity, etc."

certifications in general

[BRO_HAM]

I think your experience and what you have on your resume is what matters most, but if you're looking for something to get you in the door as an entry level network-security guy - you might want to check out one of the various cisco certifications. Might not be specifically catered to security, but as most will tell you - setting the network up properly is the first step in securing the beast. Plus, cisco certs still hold up fairly well with managerial types and big companies.

Re:certifications in general

[netsplit]

I remember reading about the five day CCNA+S (cisco certified network associate + security?) course SANS provides at their security conferance. This seems as the logical place to start, not to mention the networking potention of a SANS event.

CISSP for me...

[Ocelot+Wreak]

HI, I have a CISSP designation, and have found it to be VERY useful, both professionally and as a practical job door opener for consulting gigs. It covers a wide base of security knowledge, and also requires some dedication to "real" security work for a few years first, rather than just passing a test based on some memory work.

The "Certified Information Systems Security Professional" ® (CISSP) designation is a recently developed international designation for people involved in information security work. It is handled by the non-profit organization called "(ISC)2", the "International Information Systems Security Certification Consortium, Inc." They administer, test, and have a trademark on CISSP®.

The first CISSP designations were conferred in 1994, and its numbers are increase rapidly.

With certification of computer professionals becoming more important, and the incursion of the Engineering field into computer-related work areas, it's a good idea to consider getting a formal designation.

The ISSA and CIPS organizations have also been very supportive in promoting professional certification among their members. I've discovered that certification makes a difference in getting consulting contracts, and provides a higher level of trust, ethics, and expected professionalism in client relations. Recently, an incresing number of government RFP's for INFOSEC-related services have requested that consultants preferably have CISSP accreditation.

Applicants must subscribe to a formal code of ethics, and must have at least three years of direct work experience in one or more of the ten information security domains of the information systems security Common Body of Knowledge, in order to sit for the examination.

The ten domain areas are:

• Access Control;
  
• Communications Security;
  
• Risk Management & Business Continuity Planning;
  
• Policy, Standards, and Organization;
  
• Computer Architecture & Systems Security;
  
• Law, Investigation, & Ethics;
  
• Application Program Security;
  
• Cryptography;
  
• Computer Operations Security; and
  
• Physical Security.

The exam questions are multiple choice, and are oriented towards knowledge gathered by experience. Someone who just read some text books would have a very hard time passing the exam. Exam preparation training seminars, and a study guide with sample questions are available from (ISC)2.

For more details, see (ISC)2's new WWW site at: http://www.isc2.org/

Regards,
-wjc.

I found this book to be fairly helpful

[dfelznic]

I got started but never finished it. I found this book to be pretty helpful:
The CISSP Prep Guide: Mastering the Ten Domains of Computer Security
Good luck. From what I hear this book is also useful but somewhat over kill for the junior CISSP cert...