Best 5 IT Security Certifications

12
Best 5 IT Security Certifications

Top 5 IT Security Certifications To Enhance Your Career

While not having an IT security certification doesn’t disqualify you from getting a job offer or promotion, but prospective employers looking for industry-leading credentials look at it as one measure of qualifications and commitment to quality. As the market for information security talent heats up and the skills shortage continues, infosec experts who have the right combination of credentials and experience are in remarkably high demand.

“A certification today is like a college degree,” says Grady Summers, America’s leader for information security program management services at Ernst & Young. “You may not hire a candidate just because they have one, but it is something that you come to expect in this field.”

“There is no replacement for real-world experience,” Summers says. “However, certifications are important and have become de facto minimum criteria when screening resumes.”

Here is a list of top five security certifications, which are based on review of job boards and interviews with IT security recruiters and employers:

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) is gaining popularity as organizations concentrate on securing their IT infrastructure and networks from internal and external attacks. Some employers aggressively look to hire candidates with CEH validation for hands-on security operations and intelligence activities.

CEH is a comprehensive Ethical Hacking and Information Systems Security Auditing program offered by EC-Council, suitable for candidates who want to acquaint themselves with the latest security threats, advanced attack vectors, and practical real time demonstrations of the latest hacking techniques, tools, tricks, methodologies, and security measures.

The goal of the CEH is to certify security practitioners in the methodology of ethical hacking. This vendor-neutral certification covers the standards and language involved in exploiting system vulnerabilities, weaknesses and countermeasures. Basically, CEH shows candidates how the attacks are committed. It also makes efforts to define the legal role of ethical hacking in enterprise organizations.

Global Information Assurance Certification (GIAC)

Global Information Assurance Certification (GIAC) is the leading provider and developer of Cyber Security Certifications, globally recognized by government, military and industry leaders. As a result, its demand is rising in specific disciplines such as security operations, digital forensics, incident handling, intrusion detection, and application software security.

This certification is designed for candidates who want to demonstrate skills in IT systems roles with respect to security tasks. Ideal candidates for this certification possess an understanding of information security beyond simple terminology and concepts.

“GIAC’s focus on open source tools and its aggressive in-depth training is very useful,” says Daryl Pfeil, CEO of Digital Forensics Solutions, a computer security and digital forensics firm. She finds GIAC certified candidates highly skilled and talented to handle the dynamic demands of the real-world job environment.

Similarly, employers and recruiters are gradually finding the GIAC credential as a requirement for hands-on technical positions.

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) is significantly in demand as the profession concentrates on the business side of security. Offered by Information Systems Audit and Control Association (ISACA), CISM addresses the connection between business needs and IT security by concentrating on security organizational issues and risk management.

This certification is for candidates who have an inclination towards organizational security and want to demonstrate the ability to create a relationship between an information security program and broader business goals and objectives. Basically, CISM is perfect for IT security professionals looking to grow and build their career into mid-level and senior management positions. This certification ensures knowledge of information security, as well as development and management of an information security program.

Certified Information Systems Security Professional (CISSP)

Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information System Security Certification Consortium, also known as (ISC)², the not-for-profit consortium that offers IT security certifications and training.

CISSP is viewed as the baseline standard for information security professions in government and industry. Companies have started to require CISSP certification for their technical, mid-management and senior management IT security positions. This certification is designed for candidates who are interested in the field of information security. The ideal candidates are those who are information assurance professionals and know how to define the design, information system architecture, management and control that can guarantee the security of business environments.

The CISSP is widely popular within the IT security community, as it provides the basis of security knowledge. “We feel safe hiring candidates carrying this validation,” says Ellis Belvins, division director at Robert Half International, a professional staffing consultancy. The certification validates the security professionals’ high proficiency, principles and methodologies, commitment and deeper understanding of security concepts.

Vendor Certifications

The increasing need for hands-on network engineers, along with social computing and web technology, has pushed network security even further. Vendor certifications including Microsoft’s Certified Systems Engineer (MCSE) with focus on security, Cisco’s Certified Network Associate Certification (CCNA), and Check Point’s Certified Security Expert (CCSE) top the list as organizations within government, banking and healthcare that look to fill open positions including system administrators, network and architects.

“We look for completion of these certificates in potential network security candidates,” Summers says, “as having those on their resume says a lot about someone’s depth of knowledge.”

12 COMMENTS

    • Indeed! CEH is the lamest multiple choice certification there is… OSCP is hands on the best hands on (pun intended) qualification there is to show you understand how hackers work. Trying harder is the key to success. 24 hours for 5 machines to root… That’s not an easy task.

      Let alone the OSCE, which needs 48 hours for 4 machines… The hardest thing I’ve ever done !

  1. Meh, an article from someone who doesn’t actually know the industry, just eats up the HR lingo. Terrible list of certs. Only good to pass the HR firewall otherwise there are several better certs out there…

    I’ll never take any articles seriously from this website again.

  2. I think that the CEH by EC-Coucil issimply overrated. Just because you know the tools used by a pentester/ethical hacker doesn’ t mean that you are one. To be a penetration tester, you have to prove yourself. I think a good starting point are the certifications that offensive security offers. Their classes (PWK,CTP) make the student work to acquire the certification. The student has to practice compromising different boxes and then he must pass a grueling 24/48 hours exam. The only acceptable way is to demonstrate the exploit to prove it. There is no place for multiple choice and drag and drop. That is why I believe that HR and managers should value these hands on certifications more that the multiple choice format certifications.

  3. OSCP by Offensive Security beats the C|EH hands down morning, noon and night in terms of practical education. Even Mile2’s version is far superior to the C|EH.

    Global Information Assurance Certification (GIAC) is a certification provider, not a certification.

    CISM is more or less a subset of CISSP, same with CRISC.

    “Vendor certifications” basically covers almost every other certification out there.

    I seriously doubt the writers understanding of the subject matter.

  4. People…people. The object of this post is basic, for someone who wishes to get into security. Yes for a professional security these qualifications or certs would be irrelevant or of no use (in a nice way).

    • I disagree. The title states “Best 5” and the paragraph preceding the list mentions, “based on review of job boards and interviews with IT security recruiters and employers”.

      I’m not sure if basic is the best way to describe this post. It provides a list of what the recruiters and employers expect and probably recognize the most. Unfortunately, there’s no telling who was interviewed that prefers CEH over more rigorous standards.

  5. New but Solid Certification List From Hack2Secure exclusively for IT Security Professionals.

    1.SWADLP -SECURE WEB APPLICATION DEVELOPMENT LIFE-CYCLE PRACTITIONER.
    2.WASD – WEB APPLICATION SECURITY DEFENDER .
    3.SSDA – SECURE SOFTWARE DESIGN ARCHITECT.

LEAVE A REPLY

Please enter your comment!
Please enter your name here