Many people are confused by the massive number of information security certifications available today. Some people already have one or more and are looking to expand, while others are just getting started with certification and need a place to start. This guide aims to help with both scenarios.
I'm going to highlight a few of the certification options and offer a couple of recommended paths for professionals in various stages of their careers. I'll be rating each credential based on the criteria below:
** Note: I currently hold only the CISSP, CISA, GCIA, GSEC, and Security+ information security credentials. My comments on the others are based on information I have gathered from various sources
Difficulty - How hard the test itself is, i.e. study-time needed, difficulty of material, etc.
Who - Who should be considering the certification.
Respect - Respect rating within the technical infosec-geek community.
Renown - How well-know the certification is throughout the industry.
Requirements - What's needed to get the cert, e.g. prerequisites, exams, practicals, labs, etc.
Cost - What it'll cost you (or your company) to get the credential.
Pros - Positive comments about the certification.
Cons - Downsides to the certification.
Comments - My own input on the credential.
