I'm working as a network security engineer for two years now. I would like to go for some security management courses. Should I go for a CISSP or BS7799? Also in the BS7799 should I do the implementation or auditor course?
I am WatchGuard-certified -- will a certification on Check Point help?
The route you take in training should reflect the direction that you want your working life to take. The BS7799/ISO17799 has rather more to do with standard compliance evaluation, planning, and implementation whereas the CISSP is more a credential for working security practitioners who can cover the whole range of security topics and activities.
Thus, if you'd prefer to focus on BS7799/ISO17799 stuff, do the implementation training to make that happen or the auditing stuff to evaluate the work of others in implementing those standards. This seems to lead one into large corporations or government agencies where such efforts would be ongoing and constant, or into consulting work where one would help (or evaluate) customers to come into compliance.
On the other hand, the CISSP appears (at least to me) to offer a broader entry into the field and would support working as a full- or part-time security professional, along with network engineering. It could also permit a move into security management, development work, planning, auditing, risk assessment, and all kinds of other fields.
Though, in the end only you can decide what fits your interests and abilities best.
This was first published in September 2004