Six Table-Setting Security Certs and One Main Course
Some of the hottest topics and professions today are in the field of IT Security. Every company need an experienced security professional to build and defend their existing infrastructure while following best practices and area standardizations.
Security experts need to be familiar with all kinds of systems and architectures in order to easily determine a system's weak points and implement the appropriate solution to protect it. As in most IT areas, one way to prove your knowledge and expertise to future employers and clients is by getting a certification in the field.
If you are new to IT security and wondering where to start, consider earning one or more of the following certifications. For beginners, these are the six most popular and searched certifications for IT Security.
CompTIA Security+
This is a great certification to help start your IT security education. Security+ is vendor neutral and covers all the basics you need to know, such as access control, identity management, cryptography, threat identification and security solutions implementation. It's also approved by the U.S. Department of Defense.
Prerequisites include a minimum of two years' experience in the IT administration field, and, of course, knowledge in the topics related to the exam. The length of the exam is 90 minutes, with a maximum of 90 questions, the passing score is approximately 75 percent.
You can find more information on the CompTIA website.
GIAC Security Essentials (GSEC)
Provided by GIAC (Global Information Assurance Certification), GSEC is a terrific entry-level security cert. GSEC covers a broad range of technologies, including Network, Wireless, Linux and Windows fundamentals. Candidates are required to understand the common attacks towards those infrastructures and how to prevent them.
No specific training is required for GSEC, or any of the GIAC certifications, but the candidate should be prepared for all the topics in the blueprint. The exam consists of 180 questions with a time limit of 5 hours. The minimum passing score is 73 percent.
For more information, and to see the exam topics, check out the GIAC website.
Certified Ethical Hacker (CEH)
One of the most popular security certs, CEH is mostly focused on ethical hacking — hacking tools, penetration testing tools, security tools, and so forth. The CEH is constantly evolving to meet the latest technologies and threats. It's also vendor neutral. In order to prepare to take the exam, you can attend an official instructor-led-training (ILT), or pursue your own computer-based training (CBT), whether via online live training or academic learning.
Candidates can also attempt the exam without official training. The prerequisites are at least two years in the Information Security area, as well as a similar educational background and paying a non-refundable eligibility application fee of $100. The exam takes four hours and consists of 125 questions. A score of 70 percent is required to pass.
You can find more information on the EC-Council website.
Certified Penetration Testing Engineer (CPTE) and Consultant (CPTC) - Mile2
CPTE is provided by the U.S.-based information security company Mile2. It is internationally recognized, and approved by the U.S. National Security Agency. CPTE focuses mainly on information security elements, penetration testing, data collection, scanning, enumeration, exploitation and reporting.
A similar certification administrated by Mile2 is Certified Penetration Testing Consultant (CPTC). The difference between these certs is that CPTE is more focused on the IT Security penetration testing and security, while the CPTC is better suited for and networking professionals interested in penetration testing of large network infrastructures.
More information regarding the CPTE and CPTC certification process and trainings can be found on the Mile2's website.
Cisco Certified Network Associate Security (CCNA Security)
Although vendor specific, CCNA Security by Cisco is one of the most popular, most attempted and most searched certificates in the areas of IT and network security. The knowledge that it provides meets the NSA and CNSS 4011 standards. CCNA Security holders are qualified to assist federal agencies and other organizations with implementing information security solutions and protecting against information and network security threats.
CCNA Security covers a wide range of topics, including identity management, cryptography, IPS/IDS, Firewalls, basics of Wireless, SAN, and VoIP security. Candidates are required to have a valid CCENT/CCNA R&S certification before taking the exam. The exam consists of 55-65 questions, for which you have 90 minutes. While no official passing score is mentioned, last month's was reported to be around 85-90 % by recent test takers.
You can find more information regarding the exam and the certificate official Cisco website.
When you're ready to attempt a true milestone security certification, set your sights here:
(ISC)2® Certified Information Systems Security Professional (CISSP)
CISSP is for IT Security veterans who have proven, deep technical skills and are broadly experienced in the design, implementation and management of security techniques in enterprise infrastructures.
CISSP is a great certification to have for security consultants, managers, auditors, architects, analysts and whoever wants to certify deep expertise in the field. The exam duration is six hours and consists of 250 questions. A passing score is 70 percent.
The official (ISC)2 website provides more information regarding the exam as well as links to purchase official certification guides.
Regardless of which security certification you choose, know that experience and knowledge both matter. Candidates should spend enough time on both areas in order to pass the exam. As a friend of mine said, "Don't panic." To that, I'll add, "Enjoy your certification preparation experience.
