After Security+?

SanjayCerts

Found this forum to be of great help. Could someone please let me know the security related certifications one can pursue after Security+?
I've passed Security+ fairly quickly with a good score--Darril Gibson's book was of tremendous help--and I'm looking at the next target. I hear that some of the other security certs require someone to refer/recommend you and so on? I've been working in the IT field for the last 10 years as a programmer/business analyst/project manager etc, but not with an official Security role and designation. Any pointers would be deeply appreciated.

Cheers!

ptilsen

SSCP is probably a logical next step if you want to get more into security implementation.

CISSP or GSEC would be also good choices, but are probably less technical (yet more valuable, in market terms) than SSCP.

It really depends on what, if anything, you want to do in security. If you don't want to eventually be in the security field, then Security+ is arguably a stopping point.

SanjayCerts

Thank you.

Valsacar

I asked the guys in our security shop the same question last year (and security is where I want to go, network defense specifically). Their answer was CISSP, because anything in between will just lead to people asking when you're getting CISSP.

N2IT

What about the CASP?

afcyung

CASP isn't a well know cert with little to no market recognition. Its going to require a shift in peoples mindset about comptia being entry level and moving them to a certification body that has multiple certs for beginner and advanced IT professionals. The CASP also recommends having 10 years of experience before sitting the exam, which to me is unreasonable and makes the cert look bad in my eyes.

Darril

Welcome to the forums.

I'd echo ptilsen that SSCP is a logical next step. It's also a good intermediate certification before the CISSP and as Valsacar points out, a good ultimate goal. JD Murray wrote a good blog entry on his experience (The SSCP Certification Experience - TechExams.net IT Certification Blogs) getting the SSCP.

Also, this site has an active forum for people seeking the SSCP and CISSP certifications.
(ISC)² SSCP and CISSP Forums.

HTH,

ptilsen

N2IT wrote: »

What about the CASP?

SSCP covers a lot of the same material, is more recognizable, and comes from a vendor with a better reputation. I don't see CASP fitting logically into any infosec or IT professional's career path.

sys_teck

@SanjayCerts: you may consider 2 options: Cisco security, or like guys in here have mentioned CISSP.

sys_teck

Darril what about Cisco security?

Darril

sys_teck wrote: »

Darril what about Cisco security?

I'm not sure if you're talking about CCNA Security or CCNP Security, but I don't see that either fit in with the original poster's "programmer/business analyst/project manager" experience. For someone that has a CCNA or has done a lot of work with routers and switches and enjoys the work and the concepts, adding security to CCNA or CCNP would be valuable.

From a broader perspective, most organizations are aware of current IT risks and often value employees that have a strong security awareness. Security certifications validate awareness and if they are related to an employee’s current or future job, they add value for the employee.

SanjayCerts

Thanks everyone for the feedback. I think I might go with SSCP. I talked to an agent of an official/authorized training center of (ISC)² here in India, and they suggested that I go with CSSLP (Certified Secure Software Lifecycle Professional) since that would fit my profile better. But I find a few problems with that,
1. CSSLP exam fees (~$500) and yearly maintenance fees (~$100) are much more expensive than SSCP
2. Searching at Amazon I do see an official CSSLP study guide, but I do not see any other guides that have good recommendations/reviews (The training center was trying to get me to sign up for their 5-day seminar. The fee was astronomical and, in any case, I prefer self-study and can't concentrate and sit through training classes)

I'm not really trying to enter the security domain. My objective is to demonstrate the fact that I've been involved and understand security related aspects in general. Security+ is a great cert, but since I have more than 10 yrs exp I'm having second thoughts about putting an entry-level cert in my resume. SSCP seems slightly better from that angle (I'm hoping that my Security+ preparation would reduce my preparation time for SSCP)

Cheers!

Darril

You will definitely find that the knowledge you gained while pursuing the Security+ certification will be helpful for the SSCP. Good luck.