Matching Certifications to Job Roles
This part of the article recommends security certification paths, or “ladders,” for job roles like general security, networking, forensics, and so on. Remember, these are just recommendationsguidelines to help you see logical progressions from entry-level to advanced certs.
For any job role, you can start with the Security+, SSCP, or GSEC as the foundational certification. All three certs are widely known and respected, although the Security+ may edge out the others as far as instant recognition by employers and certification seekers alike.
If you plan to stick with general security, focus on the CISSP or any of the intermediate-level GIAC certifications. Eventually round out your portfolio with one or more advanced-level certs, such as a CISSP concentration (Architecture, Engineering, or Management), the CISM, the CPP, or the GIAC Security Expert (GSE).
For networking security, start with the Security+, SSCP, GSEC, or the Brainbench Network Security (BNS). From there, specialize in a vendor-specific technology, such as the Cisco CCNP Security and eventually the CCIE, or the Check Point certs (Certified Security Administrator, Certified Security Expert, Certified Managed Security Expert). To maintain a more general networking portfolio, obtain the Brainbench Information Security Administrator (BISA), the CWNP’s Certified Wireless Security Professional (CWSP), or any of the intermediate-level GIAC certifications:
- GIAC Certified Firewall Analyst (GCFW)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified UNIX Security Administrator (GCUX)
- GIAC Certified Windows Security Administrator (GCWN)
- GIAC Certified Enterprise Defender (GCED)
If you plan to go into security auditing and compliance, (ISC)2 offers the Certified Authorization Professional (CAP), which works well as an intermediate-level cert. Consider the CISA or CISM (from ISACA), or the GIAC Systems and Network Auditor (GSNA) from SANS as your senior-level goals.
For those of you more interested in counter-hacking and penetration testing, focus on EC-Council and/or SANS certs. EC-Council offers the Certified Ethical Hacker, or CEH, along with a Certified Pen Testing Consultant credential. On the SANS side, pick from the GIAC Certified Penetration Tester (GPEN) or the GIAC Web Application Penetration Tester (GWAPT). All of these are terrific intermediate-level certs. Move up to the EC-Council Licensed Penetration Tester or Certified Pen Testing Engineer by mile2.
Finally, individuals seeking computer and network forensics certification may focus on one or more of these intermediate-level certs:
- Computer Forensic Computer Examiner (CFCE), by IACIS
- Computer Hacking Forensic Investigator (CHFI), by EC-Council
- CyberSecurity Forensic Analyst (CSFA), by the CyberSecurity Institute
- GIAC Certified Forensics Analyst (GCFA)
- EnCase Certified Examiner (EnCE)
The High Tech Crime Network offers advanced Certified Computer Crime Investigator (CCCI) and Certified Computer Forensic Technician (CCFT) certifications, as does ASIS with its Professional Certified Investigator credential.