Which is the premier security certification?

Before today, i thought there were only two security certs...Security+ and CISSP. Now that i know that there are about 7, which is the premier cert recognized in the industry?

Find more posts tagged with

Comments

keatron

There is definantly more than 7. It would be diffcult to really give one of them the title of "perimeter cert". Now when you tallk about perimeter, it's hard not to be talking about Cisco in todays world, so I would say that Cisco Certified Security Professional is definantly worth mentioning, also look at some of the other vendor certs like the Checkpoint certs, etc.

determinedgerman

I would say it all depends what you are looking for. Something vendor neutral or vendor specific. If you are working alot with Cisco I would look at CCSP. If you just want to get some basics you might just want to look at the Security+ cert. Most other certifications are vendor specific so it depends what you are the most interested in and what you are most working with.

Webmaster

I vote CISSP.

lordy

I agree with Webmaster. CISSP it is... one of my long-term goals

JDMurray

I like to separate security certs into "those for working security professionals" and "those typically obtained by non-security pros." The CISSP, SSCP, CISM, CISA, and CCSP are for the working professionals, while the Security+, TICSA, CWSP, and SCNP are more for us "academic security professional wannabes." Some security certifications, like the 30+ from GIAC, seem to straddle the two categories by not needing or requiring work experience, but are prohibitively expensive for typical security professionals to obtain without financial help from an employer.

keatron

After studying for CISSP the last 4 months and taking it on yesterday (Oct. 1st), I can tell you that it's not remotely similar to CCSP. CCSP is definantly tons more technical and it's Cisco. CISSP is strongly slanted towards management. One of the canidates who sat next to me had zero experience with networks or anything technical, but he had 7 years of physical security experience and physical security management experience. Here's a requirement directly from ISC2

# Have a minimum of four years of direct full-time security professional work experience in one or more of the ten domains of the (ISC)² CISSP® CBK® or three years of direct full-time security professional work experience in one or more of the ten domains of the CISSP® CBK® with a college degree.

Notice it says one of the ten, here are three that aren't technical at all

# CISSP: Business Continuity Planning
CISSP: Law, Investigation, & Ethics
CISSP: Physical Security

I know of several practicing CISSP's who aren't qualified to plug a cat 5 cable into a router. They all three work for law firms. It should be understood that the "mile wide, inch deep" description of CISSP is pretty accurate. One lady who was there in the exam Saturday with me said that this was her second attempt. She said she spent most of her time learning the ins and outs of encryption and telecom and network security, but got slammed with a ton of law and ethics mixed with BCP questions on her first go round. Now with all that being said, when you really want to prove your technical expertise on the CISSP side, you look at concentrations which are....

ISSAP®, Concentration in Architecture

ISSEP®, Concentration in Engineering

ISSMP®, Concentration in Management

This will be my next step (if I passed saturday that is:D ).

I will tell anyone that this is the most difficult exam I've ever taken (Microsoft 70-214 and 70-220 were tough also). Concerning the CISSP, it's nothing like grilling your brain with back to back obscure questions on the specifics of attacking ciphertext then be hit with a judgement question on why a particular portion of an email is or is not usuable in court. We had 6 hours for 250 questions, I used 5 hours and 53 minutes!!!! (this counts going back to the ones I needed to double check).

So basically, I still think it boils down to what's required. If I want 20 Cisco Pix 560e locked down and loaded with complex rules, give me a CCSP over a CISSP any day. On the other hand, if I want someone to give me a good assesment and reccomendation for my entire security program, give me the CISSP. In my opinion from taking the exam and being involved in security for the last 8 years, I'd say that CISSP exam ensures that you know what should be done in a hundred different scenarios and technical implementations, but does not ensure that you can actually carry out all of what needs to be done, and I think that's how ISC2 intended it.

Keatron

crap I forgot my old pwd

hands down, best security cert is SANS GSE, there are only 5 people in the world that have it. But realistically, I like CISSP. It has lots of weight to its name.

mikeyoung

Keatron, that was an outstanding explanation and totally accurate. Thanks for the insight and wisdom.

I am testing in Dec for my CISSP. I study for it every day and when I pass the test and when I am "blessed," I will be very proud to have it.

Mike

Ten9t6

crap I forgot my old pwd wrote:

hands down, best security cert is SANS GSE, there are only 5 people in the world that have it. But realistically, I like CISSP. It has lots of weight to its name.

Haha..yes, your right. I read something about one of those 5 and he stated that it was easier to get his PhD than it was to earn that cert.

For management, I would say the CISSP is top. For having your hands dirty in the mix, I would have to say CCIE Security would be up there.

Kenny

crap I forgot my old pwd

yeah, that guy definately said that about the GSE, but not only that. He said each individual module of the test was harder than his Ph.D. and not only that, the test must be taken in a group, if no one else is ready to take it, you're stuck. hehe GSE #6 right here, oh yeah!

keatron

Cool, kenny and I can be numbers 7 and 8. Whadda ya say Kenny? Let's try to get it knocked out by Christmas

princess4peace

keatron wrote:

Cool, kenny and I can be numbers 7 and 8. Whadda ya say Kenny? Let's try to get it knocked out by Christmas

I like the contributions to this post, its very educative, i wish i could be the 10th

, but it will be a very long journey to attain, i have just failed my CISA in the last June exam marginally (though going for retake on 10th Dec) after which i wish to go for my Security+ and CISM or CISSP. Now to start thinking about been the 10th, i know is a wishful thinking. Thank you all.

mikeyoung

Princess,

Wishful thinking + hard work = SUCCESS.

There is only one question you have to answer: How bad do you want it?

princess4peace

mikeyoung wrote:

There is only one question you have to answer: How bad do you want it?

I quite agree with your assertion/equation for ACHIEVEMENT. but i still have a very long way to go in security. Not desperate to achive it in a non-professional manner, but i wish i do soonest.

Thanks