While not having an IT security
certification doesn’t disqualify you from getting a job offer or promotion, but prospective employers looking for industry-
leading credentials look at it as one
measure of qualifications and commitment to quality.
As the market for information security talent heats up and the skills shortage continues, infosec experts who have the right combination of credentials
and experience are in remarkably high demand.
“A certification today is like a college degree,” says Grady Summers, America’s leader for information security program
management services at Ernst & Young.“You may not hire a candidate just because they have one, but it is something that you come to expect in this field.”
“There is no replacement for real-world experience,” Summers says. “However, certifications are important and have become de facto minimum criteria when screening resumes.”
Here is a list of top five security certifications, which are based on
review of job boards and interviews with IT security recruiters and employers:
Certified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) is gaining popularity as organizations concentrate on securing their IT infrastructure and networks from internal and external attacks. Some employers aggressively look
to hire candidates with CEH validation for hands-on security operations and intelligence activities.
CEH is a comprehensive Ethical Hacking and Information Systems Security Auditing program offered by EC-Council, suitable for
candidates who want to acquaint
themselves with the latest security threats,advanced attack vectors, and practical real time demonstrations of the latest hacking techniques, tools, tricks, methodologies, and security measures.
The goal of the CEH is to certify security practitioners in the methodology of ethical hacking. This vendor-neutral certification
covers the standards and language involved in exploiting system vulnerabilities, weaknesses and countermeasures. Basically, CEH shows candidates how the attacks are committed. It also makes efforts to define the legal role of ethical hacking in enterprise organizations.
Global Information Assurance Certification (GIAC)
Global Information Assurance Certification (GIAC) is the leading provider and developer of Cyber Security Certifications,globally recognized by government, military
and industry leaders. As a result, its demand is rising in specific disciplines such as security operations, digital forensics, incident handling, intrusion
detection, and application software
security.
This certification is designed for
candidates who want to demonstrate skills in IT systems roles with respect to security
tasks. Ideal candidates for this certification possess an understanding of information
security beyond simple terminology and concepts.
“GIAC’s focus on open source tools and its aggressive in-depth training is very useful,” says Daryl Pfeil, CEO of Digital Forensics Solutions, a computer security and digital
forensics firm. She finds GIAC certified candidates highly skilled and talented to handle the dynamic demands of the real-
world job environment. Similarly, employers and recruiters are
gradually finding the GIAC credential as a requirement for hands-on technical positions.
Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM) is significantly in demand as the profession concentrates on the business side of security. Offered by Information
Systems Audit and Control Association (ISACA), CISM addresses the connection
between business needs and IT security by concentrating on security organizational
issues and risk management.
This certification is for candidates who have an inclination towards organizational security and want to demonstrate the ability to create a relationship between an information security program and broader business goals and objectives.
Basically, CISM is perfect for IT security professionals looking to grow and build their career into mid-level and senior management positions. This certification ensures knowledge of information security, as well as development and management
of an information security program.
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information System
Security Certification Consortium, also known as (ISC)², the not-for-profit consortium that offers IT security certifications and training.
CISSP is viewed as the baseline standard for information security professions in government and industry. Companies have
started to require CISSP certification for their technical, mid-management and
senior management IT security positions.
This certification is designed for
candidates who are interested in the field of information security. The ideal candidates are those who are information assurance professionals and know how to
define the design, information system architecture, management and control that can guarantee the security of business environments.
The CISSP is widely popular within the IT security community, as it provides the basis of security knowledge. “We feel safe
hiring candidates carrying this validation,” says Ellis Belvins, division director at Robert Half International, a professional
staffing consultancy. The certification validates the security professionals’ high proficiency, principles and methodologies,
commitment and deeper understanding of security concepts.
Vendor Certifications
The increasing need for hands-on network engineers, along with social computing and web technology, has pushed network
security even further. Vendor certifications including Microsoft’s Certified Systems Engineer (MCSE) with focus on security,Cisco’s Certified Network Associate
Certification (CCNA), and Check Point’s Certified Security Expert (CCSE) top the list as organizations within government,
banking and healthcare that look to fill open positions including system administrators, network and architects.
