Every year, my partner in grime, Kim Lindros, and I compile a survey of all the certification programs we can find in the area of information security. It’s called the “SearchSecurity.com guide to information security certifications” and covers 71 vendor-neutral and 36 vendor-specific credentials. It also includes analyses of these various offerings, and identifies the most popular and/or useful credentials across the various categories used to break the surveys up into manageable chunks.

Putting this survey together each year is a big job, and requires an enormous amount of checking (for existing certs, which come and go with amazing frequency) and surfing (to find new infosec certs, which pop up like mushrooms after the rain). As you look this material over, please e-mail me [mailto:etittel at techtarget dot com] or post here if you can point me at any credentials we’ve somehow managed to miss. There are so many of them, I’m sure we missed at least one or two. We’ll be updating this survey again in Q109 so I hope to hear from you on this score sooner, rather than later.

Thanks a bunch in advance for your help and support with this project. Those pondering infosec certs will also surely find it useful (our lowest reader ranking for any of this survey’s many parts is 4.68 out of 5.00, so I know we must be doing OK).

–Ed–

There’s a lot of interesting information in this document, but what many readers of this blog will find most interesting is a list of accepted and mandated infosec certifications required for tecnical and management level workers in this technical niche. Because many of these items come from the SANS GIAC program (all of which start with the letter “G” in the lists that follow), you’ll find a nice summary of this information on their Web site.

Here is the way things break down at a very high level.

Technical Track
Level 1: A+, Network+, ISC² SSCP
Level 2: GSEC, Security+, SCNP, SSCP
Level 3: GSE, CISSP, SCNA, CISA

Management Track
Level 1: GSLC, GISF
Level 2: GSLC, CISSP, CISM
Level 3: GSLC, CISSP, CISM

What’s interesting about this list is that nearly all of these certifications are well-recognized outside the DoD, and that many of them have considerable cachet on the current job market as well. What’s even more interesting is this recent story at CertCities.com, which indicates that the Office of Management and Budget (OMMB) is working on a similar set of requirments for professional certification for IT workers in civilian agencies inside the US Government (and hence also, any contractors that do business with same).

This certainly creates rampant opportunities for individuals who hold one or more of these credentials, and makes the already-valuable CISSP, CISA, CISM, and SANS GIAC certs into a sort of “gold standard” for doing infosec business with the feds.

Need I say more, to those looking for more and better ways to feather their nests?