I am the system security analyst for an IBM (390/zOS) system. I have been in information security since 1983 using CA-Top Secret. My question is, what is the best type of certification to start with for someone who has been doing security and who now needs to learn about other types of networks and operating systems?
You actually have several possible choices, which will in part be based on which types of OSes (and networks) you wish to learn about:
The ISC-squared's (www.isc2.org) CISSP is a good, general and mostly conceptual security cert that is highly regarded in the marketplace and pays equal attention to Windows and Unix platforms.
The SANS GIAC program (www.giac.org) has a number of mid-level certifications that focus specifically on Windows, Unix and other specific aspects of a security infrastructure.
The ISACA (www.isaca.org) has announced a new program, the Certified Information Security Manager (CISM) that looks interesting, but won't be available to the public until June, 2003. Worth keeping an eye on, though, because of the high popularity and visibility of the organization's CISA program (nearly 30,000 certified individuals in that program).
Check these out and pick whichever one fits your needs best. For a more conceptual, architectural take on security, go for the CISSP; for a more nuts-and-bolts, operational take on security go for the GIAC stuff. Good luck!
For more information on this topic, visit these other SearchSecurity.com resources:
Careers and Certification Tip: The vendor-neutral security certification landscape
News & Analysis: CISSPs 'know' security
Best Web Links: Security Training