Worried about security issues? Who isn’t? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems.

The value of technical certifications has
consistently been a hot debate topic among IT professionals. Some
say they’re worthless without the experience to back them up;
others argue that experience alone should suffice.

Regardless of whether technical certifications
really do or do not offer value, many organizations and hiring
managers believe they do–and that can be all that matters. If you
already have the experience and knowledge from working in the
security arena, a certification can only serve to enhance your
resume.

So, if you decide that you want to earn some
certifications, how do you know which certifications are the right
ones to pursue?

In my opinion, you should earn certifications
for every security device under your control. This includes
firewalls, antivirus solutions, and intrusion detection devices. If
one of these devices doesn’t have its own certification, create
your own training plan, and pitch the idea to your boss.

If your company uses routers and reverse
proxies as security devices, you should also seek these
certifications as well. You don’t need to be a Cisco Certified
Internetwork Expert (CCIE), but you should at least have your Cisco
Certified Network Associate (CCNA). This entry-level certification
provides an excellent foundation for using routers and switches as
boundary-layer security devices.

Earning the basic certifications on the
equipment your organization uses will qualify you to administer
your security domain. However, there are additional certifications
that demonstrate you have a broad knowledge of security principles
and that you know how to apply them in the planning, design, and
daily operations of a secure network.

Let’s look at some of these additional
certifications.

  • Global
    Information Assurance Certification (GIAC)    : Founded by the SANS
    Institute, this certification addresses a broad range of skills,
    including security essentials, auditing, intrusion detection,
    incident handling, firewalls and perimeter protection, forensics,
    hacker techniques, and more.
  • CompTIA
    Security+    : This certification tests for security knowledge
    mastery of industry-wide topics, including communication security,
    infrastructure security, cryptography, access control,
    authentication, and operational and organization security.
  • TruSecure ICSA Certified
    Security Associate (TICSA)    : This certification is a
    vendor-neutral measurement of proficiency and growth designed to
    validate and improve foundation-level IT security skills for
    network and computer systems administrators, audit personnel, and
    other IT professionals.
  • Security
    Certified Program    : This program offers two certifications. The
    Security Certified Network Professional (SCNP) certification
    focuses on defensive security technologies, such as firewalls and
    intrusion detection. The Security Certified Network Architect
    (SCNA) concentrates on the advanced security skills and
    technologies of building trusted networks.
  • Systems
    Security Certified Practitioner (SSCP)    : This certification
    focuses on practices, roles, and responsibilities as defined by
    experts from major IS industries. The exam measures understanding
    of seven main areas of security.
  • Certified
    Information Systems Security Professional (CISSP)    : This
    certification denotes a recognized mastery of an international
    standard for information security. The exam measures understanding
    of 10 main security areas.

Final thoughts

Earning a security certification can enhance
your prospects for finding a job in the security field and help you
obtain the raises you deserve. Vendor-neutral certifications
demonstrate an understanding and mastery of your skills across the
security arena.

Before taking an exam, make sure that you
acquire the knowledge and experience necessary to pass–and don’t
forget to study! Sporting a certification without the knowledge and
experience that it stands for makes you a “paper cert,” and that
just lowers the standard for the rest of us.