Back in 2005, the US Department of Defense aka DoD, issued Directive 8570 entitled “Information Assurance Workforce Improvement Program.” In a nutshell, this document states workforce responsibilites and requirements for personnel tasked with “information assurance,” a locution that means more or less the same thing as “information security” outside military circles.
There’s a lot of interesting information in this document, but what many readers of this blog will find most interesting is a list of accepted and mandated infosec certifications required for tecnical and management level workers in this technical niche. Because many of these items come from the SANS GIAC program (all of which start with the letter “G” in the lists that follow), you’ll find a nice summary of this information on their Web site.
Here is the way things break down at a very high level.
Level 1: A+, Network+, ISC2 SSCP
Level 2: GSEC, Security+, SCNP, SSCP
Level 3: GSE, CISSP, SCNA, CISA
Level 1: GSLC, GISF
Level 2: GSLC, CISSP, CISM
Level 3: GSLC, CISSP, CISM
What’s interesting about this list is that nearly all of these certifications are well-recognized outside the DoD, and that many of them have considerable cachet on the current job market as well. What’s even more interesting is this recent story at CertCities.com, which indicates that the Office of Management and Budget (OMMB) is working on a similar set of requirments for professional certification for IT workers in civilian agencies inside the US Government (and hence also, any contractors that do business with same).
This certainly creates rampant opportunities for individuals who hold one or more of these credentials, and makes the already-valuable CISSP, CISA, CISM, and SANS GIAC certs into a sort of “gold standard” for doing infosec business with the feds.
Need I say more, to those looking for more and better ways to feather their nests?