But if you have your heart set on having some random letters behind your name on a business card, the differences between the certifications are rather minimal. You can compare the certifications across a number of characteristics, like how respected the certification is and whether the certification has a well-known brand. Security+ is often considered a beginner's certification, though it is pretty well-known. The test is fair, though not overly difficult, and it doesn't really require any prior experience in the field – which makes it appropriate for folks just entering it. At $225, it's reasonably priced as far as certifications go.
The CISSP is the granddaddy of security certifications, but as the number of certified practitioners has grown, the value of the CISSP has been watered down a bit.
The test is as much about stamina as anything else. It's not overly technical, but it is extensive. To prepare for the test, many folks take a week-long boot camp, and many pass. Yet in order to get your CISSP, you need to have 4 years of verifiable experience in the space. At $500 (plus an annual renewal), it ain't cheap – but if you've been doing security for a while and you want to get some letters, the CISSP is probably the best known.
This was first published in April 2007