The vendor-neutral information security certification landscape

For this update to our survey we added only one new certification overall, the GIAC Certified Incident Manager or GCIM. We dropped a total of 39 vendor-neutral credentials this time around, including various moribund items (TICSA and all the CIW credentials), 5 individual BrainBench courses, since they don't really produce certifications, and 23 GIAC certificate and tune-up course offerings, which also don't produce certifications; certificates rather.

This drops the overall count of vendor-neutral certifications to under 100 for this year, while the count of vendor-specific certifications jumps to around 40. As we indicate in our vendor-specific survey, it's pretty easy to decide which vendor-neutral certs to pursue -- either earn those that apply to what your employer or customer uses, or those that some employer or customer you'd like to work for uses. Deciding what to pursue on the vendor-neutral side involves understanding where they fit in the overall scheme of coverage, which explains why we divide things up in the survey the way that we do, but also requires comparing similar programs to decide which ones to pursue.

In fact, with about 60 vendor-neutral certifications comprising the security certification landscape, there's obviously no shortage of options for would-be computer security experts to choose from. The question is, how do you know which certification is right for you? Here's a brief analysis of the landscape and a suggested educational path you can pick up at any point of your career.

Today, the Certified Information Systems Security Professional (CISSP), the SANS Institute's Global Information Assurance Certification (GIAC) and the Certified Protection Professional (CPP) are probably the best known and most widely followed IT security certifications/programs. The number of certified individuals in these programs varies from a low of 9,000 to a high of over 60,000. Broader programs such as the Certified

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information (all fields required):

First Name:
Last Name:
Country: Select... Afghanistan Aland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of Cook Islands Costa Rica Cote D'Ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia, The Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, North Korea, South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Man, Isle of Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine Panama Panama Canal Zone Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu U.S. Minor Outlying Islands Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands Wallis and Futuna Islands Western Sahara Yemen Zambia Zimbabwe
Email Address:

I would like to receive a FREE subscription to Information Security magazine online.
YesNo

Do you manage, evaluate, recommend, implement, support or purchase security products, software or services?
YesNo

Please estimate the yearly security budget for your entire organization including all security products and services.
Please select... Over $10 Million $5 Million-$10 Million $1 Million-$4.9 Million $500,000-$999,999 $100,000-$499,999 $50,000-$99,999 $25,000-$49,999 $10,000-$24,999 Less than $10,000 None

What is your role in purchasing IT related products and services? (Check all that apply)
Technical decision maker
Financial decision maker
Recommend/Specify
Evaluate products
Implement Products/Services
Determine Needs
Create Security Strategy
None

By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

CompTIA's Security+ has changed the entry-level security certification landscape as it continues to attract strong interest and participation. Today the number of Security+ certifications is over 40,000. Microsoft and IBM have incorporated Security+ into some of their own certification programs. Security+ can also substitute for one year of job experience for the Certified Information Security Manager (CISM) certification. Security+ remains our leading choice as the best recognized and arguably the best entry-level information security certification currently available. Be warned, however, that this exam hasn't been updated in four years and several experts have publicly expressed issues with some of its coverage, question clarity and intelligibility.

Thus, the entry-level credentials with the most "oomph" are CompTIA's Security+, SANS GIAC Security Essentials Certification (GSEC) and the ISC²'s Systems Security Certified Practitioner (SSCP). Today, the CISSP and the SANS GIAC intermediate and senior credentials remain the best bets for those seeking more senior security credentials, with the Certified Ethical Hacker (CEH) coming on strong for those interested in current system penetration techniques and counter-hacks. The Certified Protection Professional (CPP), Professional Certified Investigator (PCI), Physical Security Professional (PSP) and the various CISSP concentrations are restricted to the most senior members of the security community, simply because they require five to nine years of work experience in the security field for candidates to qualify for the exam!

Given this landscape, we recommend the following security certification ladder that individuals can start and climb at any point depending on their current knowledge, skills and experience.

Kim Lindros has more than 15 years of experience in the computer industry, from technical support specialist to network administrator to book and course content manager. She has edited and developed more than 200 IT-related books and online courses, and co-authored two certification books and numerous online articles with Ed. Kim runs Gracie Editorial, a content development company.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Information Security Career Advisor,   Information Security Careers, Training and Certifications,   Security Industry Certifications,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Information Security Career Advisor SearchSecurity.com guide to information security certifications Guide to vendor-specific information security certifications Advice from the pros: What infosec newbies need to know How to break into security Spring 2004 update: Survey of vendor-specific security certs Information security in academia: Training options abound Choosing the right vendor-specific security cert Taking a closer look at a Homeland Security certification Security certification landscape: Vendor-neutral certs abound Security certification landscape, part 2: Climbing the certification ladder Security Industry Certifications Security jobs survey finds fewer budget cuts, lower security salaries IT security skills and certification pay Despite recession, pay climbs for top IT security certifications How do I transition to a career in IT security? Security skills pay increases despite economic downturn How do I get CPE credits? Getting the CEH certification to join an ethical hacking network What is the GISP certification and how does it compare to the CISSP certification? New certification targets software security Security certifications RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.