What’s The Right It/information Security Certification For Me? Part II
What’s my current level of knowledge in the field?
If you are taking your first steps in the field with a basic knowledge of information security, a good option to start with is the SANS GISF certification, which doesn’t require previous (although recommended) security experience and consists of a 150-question, 4 hours examination. The GISF in my opinion is one of the best certifications for newcomers, since you’ll not learn “HOW” to create a firewall rule, but “WHY” instead. Every Security professional, regardless of whether Technical or Management focused, should have intrinsic understanding of why information needs to be protected.
On the other hand if you’re a seasoned Information Security professional, I recommend you to sit for a Certified Information Systems Security Professional (CISSP) exam. To become a CISSP you are required to have a minimum of five years of direct full-time security professional work experience in two or more of the ten domains of the (ISC)2® CISSP CBK®, or four years of direct full-time security professional work experience in two or more of the ten domains of the CISSP CBK with a college degree. Alternatively there is a one-year waiver of the professional experience requirement for holding an additional credential on the (ISC)2-approved list. Let me stress out something here: DO NOT START YOUR INFORMATION SECURITY BY PURSUING/ACHIEVING CISSP. If you want to become a successful professional, do it right: get yourself some entry level certifications, land a security job, get experienced, and only after go for CISSP.
For the technical professionals out there, most of the domains have specific certifications to be achieved, always starting from a basic, introductory level to more complex topics. The higher you go, the more prestigious your career becomes. Needless to say that memorizing questions for the certification exam doesn’t bring any value to your career. A certification should be seen as a mean, not as an end.
Do I hold any other certification?
Since every career path is different, let me give you how I have chosen to build up my own:
When I was non-certified technical professional working in operations, I analyzed my career at that very moment, and chose the certification which I could ripe the benefits as early as possible. Achieving vendor-specific certifications rewarded me with salary raises every time I added an acronym to my signature. That’s a fact: being certified gives you a stronger position to bargain for better conditions with your current employee, and also demonstrates your commitment to your career. As for which one to run for, I can’t give you precise directions since there are many specializations in the Infosec field, but you might be able to figure out the best one for you without much effort. Some options would be CCSA, SSCP, Security+, GISF, GSEC, and so on.
PS: I know some certifications I’ve mentioned here are not vendor-specific. They are listed here due to their entry-level nature instead.