SCNP

Need a guide to infosec certs? Check out this (our) survey!

One continuing bright spot in the IT specialization/employment world is information security. More and more companies and organizations are devoting personnel to this area, and more and more IT professionals are finding it worthwhile to obtain or demonstrate expertise in information security subjects, tools, and technologies. But with hundreds of options to choose from, what’s a savvy IT person to do when it comes to narrowing her or his selections? Why, consult our survey at SearchSecurity.com, of course!

Every year, my partner in grime, Kim Lindros, and I compile a survey of all the certification programs we can find in the area of information security. It’s called the “SearchSecurity.com guide to information security certifications” and covers 71 vendor-neutral and 36 vendor-specific credentials. It also includes analyses of these various offerings, and identifies the most popular and/or useful credentials across the various categories used to break the surveys up into manageable chunks.

Putting this survey together each year is a big job, and requires an enormous amount of checking (for existing certs, which come and go with amazing frequency) and surfing (to find new infosec certs, which pop up like mushrooms after the rain). As you look this material over, please e-mail me [mailto:etittel at techtarget dot com] or post here if you can point me at any credentials we’ve somehow managed to miss. There are so many of them, I’m sure we missed at least one or two. We’ll be updating this survey again in Q109 so I hope to hear from you on this score sooner, rather than later.

Thanks a bunch in advance for your help and support with this project. Those pondering infosec certs will also surely find it useful (our lowest reader ranking for any of this survey’s many parts is 4.68 out of 5.00, so I know we must be doing OK).

–Ed–

DoD Directive 8570 and the OMB Follow-up

Back in 2005, the US Department of Defense aka DoD, issued Directive 8570 entitled “Information Assurance Workforce Improvement Program.” In a nutshell, this document states workforce responsibilites and requirements for personnel tasked with “information assurance,” a locution that means more or less the same thing as “information security” outside military circles.

There’s a lot of interesting information in this document, but what many readers of this blog will find most interesting is a list of accepted and mandated infosec certifications required for tecnical and management level workers in this technical niche. Because many of these items come from the SANS GIAC program (all of which start with the letter “G” in the lists that follow), you’ll find a nice summary of this information on their Web site.

Here is the way things break down at a very high level.

Technical Track
Level 1: A+, Network+, ISC² SSCP
Level 2: GSEC, Security+, SCNP, SSCP
Level 3: GSE, CISSP, SCNA, CISA

Management Track
Level 1: GSLC, GISF
Level 2: GSLC, CISSP, CISM
Level 3: GSLC, CISSP, CISM

What’s interesting about this list is that nearly all of these certifications are well-recognized outside the DoD, and that many of them have considerable cachet on the current job market as well. What’s even more interesting is this recent story at CertCities.com, which indicates that the Office of Management and Budget (OMMB) is working on a similar set of requirments for professional certification for IT workers in civilian agencies inside the US Government (and hence also, any contractors that do business with same).

This certainly creates rampant opportunities for individuals who hold one or more of these credentials, and makes the already-valuable CISSP, CISA, CISM, and SANS GIAC certs into a sort of “gold standard” for doing infosec business with the feds.

Need I say more, to those looking for more and better ways to feather their nests?