What is the first certification I should get if I want to get into information security?
A wise man once told me that the answer to any really good question always start with the same two words: "That depends..." In your case, the answer depends on whether your goal in getting certified is to start learning more about security or to actively begin looking for employment in the security field. If it's the former (to start learning), the BrainBench network and Internet security exams/certs would be great places to start. From there, you could work up fairly easily to the more common entry-level certifications for those who want to work in the field sooner rather than later. These include the following:
- The Systems Administration and Network Security(SANS) Institute's Global Information Assurance Certification (GIAC) Program's General Security Essentials Certification (GSEC), known more compactly as the SANS GSEC. Visit www.giac.org for more information on this and other SANS security certs. This has the reputation of being the most hands-on, nuts-and-bolts entry-level security certification and is catching a lot of interest for that reason.
- The ISC-squared is the International Information Systems Security Certification Consortium (IISSCC or ISC-squared, get it?). Their entry-level credential is called the Systems Security Certified Practitioner or SSCP. Because it leads pretty directly to the most popular and best recognized middle-tier certification -- the ISC-squared's CISSP -- it's reasonably popular and well-regarded. Visit www.isc2.org for more information on CISSP and SSCP.
- In November 2002 or thereabouts, CompTIA will release its Security+ certification, but it's already generated a lot of buzz. CompTIA's unusually adept at creating broad, general, entry-level certs that become industry standards (like A+ and Network+). Many security experts and afficionados are hopeful that Security+ will enjoy the same kind of success. Visit www.comptia.org for more information.
- TruSecure, Inc. is a long-time security technology, consulting and research company that also publishes the highly regarded Information Security magazine. Their TruSecure International Computer Security Association Computer Security Associate (TICSA) certification is gathering momentum and interest in the marketplace. Visit their Web page for more information on this credential.
For more information on this topic, visit these other SearchSecurity.com resources:
Careers & Certification Tip: Revisiting the vendor-neutral security certification landscape -- again!
Ask the Expert: The benefits of security certification
Ask the Expert: Can I learn enough through self-study to pass most cert exams?
This was first published in September 2002