Security certification Q&A

Here's a sampling of questions drawn from a Live Expert Q&A with certification guru Ed Tittel. Access the complete transcript or read more about this topic in a SearchSecurity

    Requires Free Membership to View


Q: How much does a security certification cost?

A: The costs depend on how you approach these various programs. At the low end of the scale, a purely self-study approach will run you around $300, counting about $100- $150 for the exam, and the remainder for study guides and practice exams to help get you ready. At the high end of the scale, you can take 5 to 15 days of training at about $500, then spend another $100-$150 for the exam, and as much as you like for study guides and practice tests. Call a practical high-end range $2,800 to $8,500.

Q: What's a good combination of security certifications, if I want to start with something easier and then move on to more difficult subjects?

A: The Prosoft CIW Security Professional is a good single-exam certification that provides a strong general background and can lead to other certifications like the SANS-GIAC or the CISSP. TruSecure is building its own certification ladder, starting with the ICSA, moving on to the ICSE and even continuing on to the ICSP for those who may want to teach others to become security professionals.

Q: Do you recommend people take vendor-specific certification classes or vendor-neutral certification classes?

A: The answer depends in large part on what kind of environment you work in. If it's mostly homogeneous and focused on a single vendor's offerings, then a vendor-specific certification won't hurt you. If you work in a heterogeneous environment and have to manage cross-platform security, a vendor-neutral program will not only provide the training you need, it will probably do a better job of addressing cross-platform issues than typical vendor exams or programs would do.

Q: How much money do IT security professionals make?

A: As with all averages, wages need to be adjusted for location and related factors, like cost of living. Other important factors include years of experience, education and whether or not a job includes management responsibilities. According to the SANS Salary Survey Summary for 2000, here is what things look like by job function: "Security consultants earned an average of $79,395. Security auditors were next in line at $71,404. Security administrators earned $63,598. System administrators earned an average of $61,440, while network administrators earned an average of $58,399." (See: SANS .) In general, security professionals make more money than their purely operations-focused brethren and often do more interesting work.

Q: What is the corporate view of these security certifications? Do you see organizations sending their own personnel to get trained, or do you see organizations outsourcing consulting work to various firms who have certified employees?

A: Great questions! The field is new enough that many bigger corporations are following both strategies at the same time (buying certified expertise on the outside while "training up" their inside staff). I see this dilemma as mostly a matter of scale: organizations big enough to grow their own in-house security teams will normally want to do so, to avoid vesting that kind of knowledge in outsiders. Those too small to afford full-time expertise in security will normally outsource it. Both kinds of organizations should create strong demand for more certified professionals.

This was first published in February 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.