When it comes to information security, you need only read the headlines to observe that those with malicious intent constantly find new and scary ways to access and misuse privileged information for criminal, unscrupulous or questionable purposes. As a result, IT professionals skilled in information security remain in very high demand and should do so for the foreseeable future.
Reasons to get certified:
- You will make more money. The 682 IT security professionals responding to the security cut of InformationWeek’s 2013 U.S. IT Salary Survey are unequivocal: Security staffers holding any security certification (CISSP, CISA, CISM) average $101,000 in total compensation vs. $87,000 for those with no certs. For managers, the spread is $130,000 vs. $121,000.
- Certs show your commitment to the security field. Just 44% of security staffers and 49% of managers in the salary survey expected to get certification reimbursement.
- Certs make you more attractive to potential employers. Building on the above, obtaining a security certification shows you respect in the industry and take pride in your profession. In a side-by-side comparison of otherwise equal candidates, most prefer the one with certs. Check out the ISC2 Global Information Security Workforce Study. It concluded that almost 70% of respondents view certs as a reliable indicator of competency when hiring, and almost half require certification.
- Certs jump out when robots and spiders crawl resumes. Most, if not all, resume reviews begin with an electronic search. The HR pro types in some keywords and voila. I know from experience that people conducting keyword searches typically begin narrowly and expand only if early results fail. “Narrowly” means entering in a comprehensive (read: long) list of keywords, and I guarantee that at least one certification will be among them. If your resume includes those magic letters, it will always help you get on the fast-track through the electronic screening process.
- You become a member of a club. Earning a certification grants you membership to an exclusive club that affords you the opportunity to network with like-minded individuals, share information, and gain ongoing knowledge. You can attend conferences, webinars, and have access to information provided only to members.
Top Security Certifications:
With more than 250,000 credential holders, CompTIA's Security+ is a well-respected, vendor-neutral security certification. Security+ credential holders are recognized as possessing superior technical skills, broad knowledge and expertise in multiple security-related disciplines.
CEH (Certified Ethical Hacker):
The Certified Ethical Hacker (CEH) is an intermediate-level credential offered by the International Council of Electronic Commerce Consultants (EC-Council). It's a must-have for IT professionals pursuing careers in ethical hacking. CEH credential holders possess skills and knowledge on hacking practices in areas such as footprinting and reconnaissance, scanning networks, enumeration, system hacking, Trojans, worms and viruses, sniffers, denial of service attacks, social engineering, session hijacking, hacking web servers, wireless networks and web applications, SQL injection, cryptography, penetration testing, evading IDS, firewalls and honeypots and more.
CISSP (Certified Information Systems Security Professional):
CISSP is designed for experienced security professionals. A minimum of five years of experience in at least two of (ISC)2's eight common body of knowledge (CBK) domains or four years of experience in at least two of the (ISC)2's CBK domains and a college degree is required for this certification. CBK domains include Asset Security, Security Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations and Software Development Security.
CISM (Certified Information Security Manager):
Designed for experienced security professionals, CISM credential holders must agree to ISACA's Code of Professional Ethics, pass a comprehensive examination, possess at least five years of security experience, comply with the Continuing Education Policy and submit a written application. Some combinations of education and experience may be substituted to meet the experience requirement.
CPTE (Certified Penetration Testing Engineer):
Certified Penetration Testing Engineer graduates will obtain real world security knowledge enabling them to recognize vulnerabilities, exploit system weaknesses, and safeguard organizations against threats. Graduates will learn the art of Ethical Hacking with a professional edge (Penetration Testing).