Considering a security certification? Know your options

If you decide that you want to earn some certifications, how do you know which certifications are the right ones to pursue? Mike Mullins explains.

Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

The value of technical certifications has consistently been a hot debate topic among IT professionals. Some say they're worthless without the experience to back them up; others argue that experience alone should suffice.

Regardless of whether technical certifications really do or do not offer value, many organizations and hiring managers believe they do—and that can be all that matters. If you already have the experience and knowledge from working in the security arena, a certification can only serve to enhance your resume.

So, if you decide that you want to earn some certifications, how do you know which certifications are the right ones to pursue?

In my opinion, you should earn certifications for every security device under your control. This includes firewalls, antivirus solutions, and intrusion detection devices. If one of these devices doesn't have its own certification, create your own training plan, and pitch the idea to your boss.

If your company uses routers and reverse proxies as security devices, you should also seek these certifications as well. You don't need to be a Cisco Certified Internetwork Expert (CCIE), but you should at least have your Cisco Certified Network Associate (CCNA). This entry-level certification provides an excellent foundation for using routers and switches as boundary-layer security devices.

Earning the basic certifications on the equipment your organization uses will qualify you to administer your security domain. However, there are additional certifications that demonstrate you have a broad knowledge of security principles and that you know how to apply them in the planning, design, and daily operations of a secure network.

Let's look at some of these additional certifications.

  • Global Information Assurance Certification (GIAC): Founded by the SANS Institute, this certification addresses a broad range of skills, including security essentials, auditing, intrusion detection, incident handling, firewalls and perimeter protection, forensics, hacker techniques, and more.
  • CompTIA Security+: This certification tests for security knowledge mastery of industry-wide topics, including communication security, infrastructure security, cryptography, access control, authentication, and operational and organization security.
  • TruSecure ICSA Certified Security Associate (TICSA): This certification is a vendor-neutral measurement of proficiency and growth designed to validate and improve foundation-level IT security skills for network and computer systems administrators, audit personnel, and other IT professionals.
  • Security Certified Program: This program offers two certifications. The Security Certified Network Professional (SCNP) certification focuses on defensive security technologies, such as firewalls and intrusion detection. The Security Certified Network Architect (SCNA) concentrates on the advanced security skills and technologies of building trusted networks.
  • Systems Security Certified Practitioner (SSCP): This certification focuses on practices, roles, and responsibilities as defined by experts from major IS industries. The exam measures understanding of seven main areas of security.
  • Certified Information Systems Security Professional (CISSP): This certification denotes a recognized mastery of an international standard for information security. The exam measures understanding of 10 main security areas.

Final thoughts

Earning a security certification can enhance your prospects for finding a job in the security field and help you obtain the raises you deserve. Vendor-neutral certifications demonstrate an understanding and mastery of your skills across the security arena.

Before taking an exam, make sure that you acquire the knowledge and experience necessary to pass—and don't forget to study! Sporting a certification without the knowledge and experience that it stands for makes you a "paper cert," and that just lowers the standard for the rest of us.

Editor's Picks

Free Newsletters, In your Inbox