InfoSec professionals who want to set themselves apart as leaders in IT security should seriously consider one of these top five information security certifications for 2016.
CompTIA Security +
With more than 250,000 credential holders, CompTIA's Security+ is a well-respected, vendor-neutral security certification. Security+ credential holders are recognized as possessing superior technical skills, broad knowledge and expertise in multiple security-related disciplines.
While Security+ is an entry-level certification, successful candidates should possess at least two years of experience working in the area of network security and should consider first obtaining the Network+ certification. IT pros who obtain the cert possess expertise in knowledge areas such as cryptography, identity management, security systems, organizational systems, security risk identification and mitigation, network access control, security infrastructure and more.
The CompTIA Security+ credential is also approved by the U.S. Department of Defense to meet requirements for the information assurance (IA) technical and management certifications.
CEH: Certified Ethical Hacker
Hackers are innovators and constantly find new ways to attack information networks, systems and exploit system vulnerabilities. Savvy businesses proactively protect their information systems by engaging the services and expertise of IT professionals skilled in beating hackers at their own game (often called "white hat hackers" or simply "white hats"). Such professionals use the same skills and techniques used by hackers to identify system vulnerabilities, access points for penetration and prevent unwanted access to network and information systems.
The Certified Ethical Hacker (CEH) is an intermediate-level credential offered by the International Council of Electronic Commerce Consultants (EC-Council). It's a must-have for IT professionals pursuing careers in ethical hacking. CEH credential holders possess skills and knowledge on hacking practices in areas such as footprinting and reconnaissance, scanning networks, enumeration, system hacking, Trojans, worms and viruses, sniffers, denial of service attacks, social engineering, session hijacking, hacking web servers, wireless networks and web applications, SQL injection, cryptography, penetration testing, evading IDS, firewalls and honeypots and more.
GSEC: SANS GIAC Security Essentials
Another fine entry-level credential is the GIAC Security Essentials (GSEC), designed for professionals seeking to demonstrate that they not only understand information security terminology and concepts, but also possess the skills and technical expertise necessary for "hands-on" security roles. GSEC credential holders demonstrate knowledge and technical skills in areas such as Wi-Fi protocols, identifying and preventing common and wireless attacks, network mapping, public switched telephony networks, access controls, authentication, password management, DNS, cryptography fundamentals, ICMP, IPv6, public key infrastructure, Linux, network mapping, network protocols and much more.
GSEC certifications must be renewed every four years. To renew, candidates must accumulate 36 Continuing Professional Education credits (CPEs), all of which must be obtained in the two-year period immediately preceding certification expiration. GIAC offers three ways to meet the 36 CPE requirement, including passing the current certification exam (worth 36 CPEs), attending or teaching ISO 17024 related courses, or publishing books, articles or research papers.
CISSP: Certified Information Systems Security Professional
The Certified Information Systems Security Professional (CISSP) is an advanced-level certification for IT pros serious about careers in information security. Offered by the International Information Systems Security Certification Consortium, known as (ISC)2 and pronounced ISC-squared, this vendor-neutral credential is recognized worldwide for its standards of excellence.
CISSP credential holders are decision makers who possess expert knowledge and technical skills necessary to develop, guide and then manage security standards, policies and procedures within their organizations. The CISSP continues to be highly sought-after by IT professionals and well recognized by IT organizations. It is a regular fixture on most-wanted or must-have security certification surveys.
CISSP is designed for experienced security professionals. A minimum of five years of experience in at least two of (ISC)2's eight common body of knowledge (CBK) domains or four years of experience in at least two of the (ISC)2's CBK domains and a college degree is required for this certification. CBK domains include Asset Security, Security Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations and Software Development Security.
(ISC)2also offers three CISSP concentrations targeting specific areas of interest in IT security:
- Architecture (CISSP-ISSAP)
- Engineering (CISSP-ISSEP)
- Management (CISSP-ISSMP)
CISM: Certified Information Security Manager
The Certified Information Security Manager (CISM) is a top credential for IT professionals responsible for managing, developing and overseeing information security systems in enterprise-level applications, or for developing best organizational security practices. The CISM credential was introduced to security professionals in 2003 by the Information Systems Audit and Control Association (ISACA).
ISACA's organizational goals are specifically geared to IT professionals interested in the highest quality standards with respect to audit, control and security of information systems. The CISM credential targets the needs of IT security professionals with enterprise-level security management responsibilities. Credential holders possess advanced and proven skills in security risk management, program development and management, governance, and incident management and response.
Designed for experienced security professionals, CISM credential holders must agree to ISACA's Code of Professional Ethics, pass a comprehensive examination, possess at least five years of security experience, comply with the Continuing Education Policy and submit a written application. Some combinations of education and experience may be substituted to meet the experience requirement.