Navigating the maze of security certifications: Which is right for you?

Ron Baklarz is a big fan of security certification. In fact, Baklarz, chief information security officer (CISO) of the American Red Cross in Falls Church, Va., has his staff studying for the same two security certifications that he holds, the Certified Information Systems Security Professional (CISSP) certification and GIAC Security Essentials Certification (GSEC). "It's very important these days," he says. "It's a differentiator — it gives some indication that a person has some sort of knowledge and cares enough to go out and get the certification."

Interest in security certifications has soared in the past year or so, and employers increasingly look for that telltale string of letters on candidates' resumes when they hire. Companies scan resumes for certifications and screen accordingly, says David Foote, president of Foote Partners LLC, a research company based in New Canaan, Conn. "Certifications have become a way to get interviewed and can eliminate you from consideration if you don't have them," he says.

IS has always been a certification-mad kingdom, and the fiefdom of security is no exception.

In fact, security certifications and certifying bodies are growing at such a rate that Deb Peinert, vice president of education at the International Systems Security Association (ISSA), expresses concern that chaos could result. "Proliferation of certifications could dilute their value," she says. "It could be difficult to figure out which certifications hold the same values."

When you're faced with a bewildering array of security certifications in a slow economy, it's sensible to identify the courses that will deliver the most value for the money. The following tips can help you find — and fund — a security certification that will deliver the goods.

Choose between vendor-specific and vendor-neutral certifications

Analyze your job situation before selecting a course, as your professional exper

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT ARCHIVE: IT Career Expert SearchVB wants your tips Pondering MCAD exam changes How to ask for a raise -- and not get fired Experts: network jobs, pay on upswing heading into '05 Breaking into the IT field with little experience When is it time to get out of tech? Resume services: Are they worth the money? Advanced job interview techniques for IT pros Does job security for security technology jobs exist? Sharpening up your soft skills Microsoft certification exams New certifications will become reality in 2006 New certifications, same old doubts Another round on the certification treadmill Microsoft certification program to get a makeover Pondering MCAD exam changes Web training made easy IT Certifications: 5 are hot; 5 are not Comparing Microsoft to other IT certifications Choosing a certification: Deciding between generalized, specific courses Expert offers tips for taking certifications tests Microsoft certification exams Research

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ience and goals will drive your choice of training. For example, somebody working in a Cisco-heavy shop might do well to choose a certificate course on Cisco firewalls, as it offers thorough training in that vendor's technology, says Marc Thompson, vice president of International Information Systems Security Certifications Consortium Inc. (ISC)2, the organization that manages CISSP certification.

But a job hunter who wants to spruce up his resume might opt for a more general firewall course that would appeal to a wider array of prospective employers. "If I wanted to work on firewalls and didn't have a target company, I'd be more likely to take a general course from somebody like SANS," says Thompson.

Study on the cheap

If you're paying for the certification yourself -- 35% of prospective test-takers surveyed by Foote say they are self-funding their studies -- there are less expensive ways to study than through a formal training course. For example, the ISSA sponsors peer-led study groups through its local chapters, says Peinert. The courses typically meet once a week for eight to 10 weeks, and the cost is minimal. (You can find your local chapter at www.ISSA.org.)

Analyze your current skill level

Security certifications require varying levels of technical expertise, practical experience and managerial skill, so it's important to take a class that fits your professional station. Most analysts divide certifications into several categories:

Security certifications are hot today, and are likely to remain so as long as companies make information security a priority. By taking the time to secure a certification that matches employers' technical priorities, security professionals will gain a sought-after skill. And in this economy, that's nothing to sneeze at.