Security
certifications have become big business over the last 5 years
or so and, for the foreseeable future at least, look certain to
continue their growth in both demand and popularity. For anyone
wishing to add security skills to their existing skill set, or
if you are wishing to specialise in the infosec field, then the
number of options available to pursue security training and obtain
a security certification are plenty. While, for the most part,
this is a boon to those wishing to undertake security certifications,
the down-side to the number of certifications on offer must be
choosing which certification aligns itself best with the direction
you wish to pursue in your career. The infosec field is as broad
as it is deep, so choosing the correct path is a task in and of
itself.
Perhaps
a good place to start when deciding which security certification
to choose is to become familiar with what’s available in
terms of security certifications and training. From there you
can reflect on your career to date and the direction in which
you wish to take it. Obviously your level of experience in matters
infosec will dictate to a large degree where you start your security
certification path. The CISSP certification, for example, only
permits those who have sufficient security hands-on experience
to take their exams and become certified, while CompTIA Security+
on the other hand acts more as an introductory security certification
that can be taken by anyone. In addition to determining the level
of the security certification that you should choose, there is
also the matter between vendor-neutral and vendor-specific certifications.
While some would argue that vendor-neutral certifications test
a wider spectrum of skills and knowledge, vendor-specific security
certifications demonstrate a specific knowledge of a particular
product or system which could greatly assist you in the job market.
As
with any certification, carefully analysing the exam objectives
of each security certification should give you a good insight
to the range of skills that are tested. You can then determine
which, if any, of the certifications are right for you.
Things to consider when choosing a security certification:
One
important aspect to keep in mind regarding security certifications
is the requirement to keep updated and current. While many other
types of certification are not so strict on re-certification,
the security field is one where the challenges to the industry
can change rapidly - so the re-certification interval is definitely
something to keep in mind if not for any other reason than the
cost of updating.
Another
thing worth remembering is that this is big business for the providers
of these certifications. By the time you factor in exam fees,
training courses, study material, licencing factors etc., you
can see that there is big money to be made by the respective parties.
To that end you’re likely to come across a lot of marketing
information promoting the various benefits of each certification.
Each will claim theirs is the best and offers the best market
opportunities. Take their claims with a pinch of salt and do your
own research into what each exam focuses on. Take your time to
decide what the market is looking for (research job boards, talk
to I.T. managers, etc.) and look through the exam objectives of
each offering to see if it compliments the direction you wish
to take. Do your homework first and you’ll undoubtedly save
yourself time, money and perhaps a little sanity.
