There are many security certificates available, from entry level to advanced and from very general to very focused. Picking the top three is bound to be controversial, and specifically feedback on my choices of the top three security certificates is invited.
I used the following criteria to pick the top three information security certificates:
* Well known – A certification needed to be well known to be considered. That leaves out new security certifications, as security certificates that have been around longer are naturally better known.
* Popular – I also considered the popularity of the various security certificates; the actual number of people who have been certified. This also favors the older and more established security certificates.
* General Purpose – Only general purpose, vendor neutral security certificates, were considered. This automatically removed many security certificates from consideration.
Note that this is not an ordered list of certificates: I make no attempt to claim one is better than the other. In fact which certification, if any, is most valuable will vary from individual to individual.
The top three are:
The Certified Information Systems Security Professional (CISSP)
The CISSP certification is the oldest security certification around and the best known. There are over 60,000 CISSPs.
The CISSP exam covers a wide array of topics, many not traditionally associated with information security. No attempt to made be cutting edge nor is there any hands on type information.
The CISSP exam is multiple choice, consisting of 250 questions over six hours. It’s taken using paper and pencil.
The certification lasts for three years, and you can renew by retaking the exam, something almost no one ever does, or by attending the correct number and types of continuing professional education (CPE) credits.
Security Essentials Certification (GSEC)
The SANS GIAC GSEC certification is a very popular certification comparable in difficulty to the CISSP. Unlike the CISSP, it emphasizes skills that are immediately useful in the workplace, including hands on skills.
The GSEC exam consists of 180 multiple choice questions with a 5 hour time limit, and the test is open book. The GSEC certification exam needs to be retaken every 4 years. There is no need for continuing education, just a solid understanding of the material.
The Security + certification is an entry level security certification. There are 50,000 certified professionals, however as it’s entry level and much easier than CISSP or GSEC, not nearly as well as the test consist of 100 multiple choice questions with a 90 minute time limit. Security + is a “certification for life” – no renewal ever required.