Slashdot Mirror

← Back to Stories (view on slashdot.org)

IT Security Certifications?

Posted by Cliff on from the securely-certified dept.

certifiedSecurely asks: "Network security seems to be a hot topic these days, but I have seen very little on Security Certifications. Searching the web has turned up several offerings: http://www.securitycertified.net/ and http://www.isc2.org/ are two examples. I was wondering if any of the readers had any insight into the various security certifications and their respective market value and dominance, future longevity, etc."

1 of 17 comments (clear)

  1. The basic run down by eldub1999 · · Score: 5, Insightful

    There are basically four security certification that merit mention when someone asks about it.

    CISSP - Focuses on policy and practice. The most recognized out of the certifications (meaning people have heard of it. No comment on quality). Sponsored by ISC2 (www.isc2.org).

    CISA - Certification for IT auditors. Accountants are probably the primary audience, but anyone can take it. Probably the second most recognized. Sponsored by ISACA (www.isaca.org/cert1.htm).

    GIAC - The new kid on the block. Balances policy and technical knowledge. Third most recognized. Sponsored by SANS (www.giac.org).

    SSCP - ISC2's more "technical" oriented certification. Few people have heard of this yet. Sponsored by ISC2 (www.isc2.org).

    *Hard dose of truth follows*
    Knowledge is only useful if a person can apply it. In cognative theory there is the concept of "transfer". This is the ability of a person to apply knowledge gained to real world situations. Cognative theorists would argue that without transfer you haven't really learned anything. *None* of these exams test for anything more that your ability to memorize large amounts of data. To that end, you will find many people with security certifications who have absolutely no ability to solve simple real-world, security-oriented business problems. Do not mistake certification for experience and the ability to solve problems.

    *Cynical reality follows*
    At this moment in time, the CISSP has the most value in the job market, and arguably in the industry. This is because it is the most recognized certification. It is also the certification that is easiest to gain through rote memorization. One of life's great catch-22s.

    I won't comment as to which is the "best" as this is highly subjective. Do your homework. Figure out which one has the buzz in your specific area of knowledge/expertise and memorize on!

    -Laudon