Entries Tagged 'Security' ↓

A Review of Various IT Information Security Certifications

I recently completed a review of some available training certification paths for IT/IS. If you are interested in a career in Information Security, read on, because sooner or later you’ll need a few of these.

1) GISF (GIAC Information Security Fundamentals) is an entry level examination, and they recommend hands-on practical experience, although none is required.  The target audience for this exam is:

“Professionals who need to hit the ground running and need an overview of information assurance. Managers, Information Security Officers, and System Administrators who need an overview of risk management and defense in depth techniques. Anyone who writes, implements, or must adhere to policy, disaster recovery or business continuity.”–Link

  • Cost: SANS bootcamps are roughly $3500-$4000, not including the proctored exams and an additional $499 for the proctored exams (through GIAC).   If purchased without SANS training, the exams are $899 rather than $499.
  • Available Training: Training is available throughout the year at conferences (in six-day schedules), or online.  Testing is proctored through GIAC, who offers a total of 21 certificate exams. They also advise training through SANS for this exam, by attending their Security 301 course. OnDemand and SelfStudy. (See fig 1A below)
  • Type of Exam: The GISF is  a four hour exam, with 150 questions.  Passing grade is 70%.  This certificate must be renewed every four years.
  • Location: GIAC exams are given online through a standard web browser, 7-10 days after the end of a SANS conference* (if you purchased training through SANS), or 24 hours after payment is received without a bundled course.  You must complete an exam within 120 days of receiving notice of its availability.  (*Exception is the Expert Exam, which is given only once per year.)

2) GSEC (GIAC Security Essentials Certification) is an intermediate level exam.  The target audience for this exam is comprised of:

“Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to     demonstrate an understanding of information security beyond simple terminology and concepts.” –Link

  • Cost: SANS bootcamps are roughly $3500-$4000, not including the proctored exams and an additional $499 for the proctored exams (through GIAC).   If purchased without SANS training, the exams are $899 rather than $499.
  • Available Training: Training is available throughout the year at conferences (in six-day schedules), or online.  Testing is proctored through GIAC, who offers a total of 21 certificate exams. They also advise training through SANS for this exam, by attending their Security 301 course. OnDemand and SelfStudy. (See fig 1A above)
  • Type of Exam: The GSEC is  a five hour exam, with 180 questions.  Passing grade is 70%.  This certificate must be renewed every four years.
  • Location: GIAC exams are given online through a standard web browser, 7-10 days after the end of a SANS conference* (if you purchased training through SANS), or 24 hours after payment is received without a bundled course.  You must complete an exam within 120 days of receiving notice of its availability.  (*Exception is the Expert Exam, which is given only once per year.)

3) GISP (GIAC Information Security Professional) is an intermediate level exam.  Target audience for this certification is:
“Security Professionals that want to fill the gaps in their understanding of technical information security; System, Security, and Network Administrators that want to understand the pragmatic applications of the Common Body of Knowledge; managers that want to understand information security beyond simple terminology and concepts;  anyone new to information security with some background in information systems and networking. Candidates may also wish to use this certification as an independent assessment of your mastery of the (ISC)2 Common Body of Knowledge.”

  • Cost: SANS bootcamps are roughly $3500-$4000, not including the proctored exams and an additional $499 for the proctored exams (through GIAC).   If purchased without SANS training, the exams are $899 rather than $499.
  • Available Training: Training is available throughout the year at conferences (in six-day schedules), or online.  Testing is proctored through GIAC, who offers a total of 21 certificate exams. They also advise training through SANS for this exam, by attending their Security 301 course. OnDemand and SelfStudy.
  • Type of Exam: The GSEC is  a five hour exam, with 250 questions.  Passing grade is 70%.  This certificate must be renewed every four years.
  • Location: GIAC exams are given online through a standard web browser, 7-10 days after the end of a SANS conference* (if you purchased training through SANS), or 24 hours after payment is received without a bundled course.  You must complete an exam within 120 days of receiving notice of its availability.  (*Exception is the Expert Exam, which is given only once per year.)

4)  CCSP (Cisco Certified Security Professional Exam) offered through its Networking Academy.

  • Cost: Costs vary widely as you can schedule just for the exam, or take the courses through their Academy in conjunction with another provider (such as a college.)  Prerequisites include the CCIE or both the CCNA and CCNA Security coursework.
  • Available Training:  There are various exams and books required for this exam.  You can find information about all of the required exams here.
  • Type of Exam: Computer based.  Cisco Professional level certifications are valid for three years. Recertification by passing any 642 exam that is part of the professional level curriculum or CCIE/CCDE written exam before certification expiration date.
  • Location:  Tests are given through Pearson Vue, scheduled online to find a center close to your location.

5)  Security+ (CompTIA) certification is aimed at IT professionals who have two years on-the-job networking experience, with an emphasis on security. It is an entry-level, vendor-neutral certification which makes a great stepping stone to more advanced certifications, such as the ISC2 SSCP and CISSP, and the SANS GIAC. It also may be used in some Microsoft certification tracks.

  • Cost:  Cost of the exam without a discount voucher (generally available through books used to study for the exam) is $258 (Link).  Cramsession.com has the price listed for CompTIA members as $175, $225 for non-members.
  • Available Training:  Training for the exam can be done through many training     locations, which links are provided for on the CompTIA website.  You may also     study for the exam on your own using many test reference/study guides widely available.
  • Type of Exam:  Multiple choice computer based exam.  60-70 questions, few simulations.  90 minutes to complete the test.
  • Location:  Can be taken at various testing locations worldwide through PearsonVUE or Thomson Prometric.

6)SSCP Certification (ISC)2 “is the ideal credential for those who are the hands-on practical technicians; the enforcers who everyone goes to for answers.  You would implement the plans and policies designed, planned and managed by the CISO or CSO who would typically hold the more advanced Certified Information Systems Security Professional (CISSP®) Gold Standard certification from (ISC)2 and operate in a managerial capacity as opposed to hands-on like you.”–Link

  • Cost:  Exam cost is $250 for early registration, $300 standard registration.
  • Available Training:  Training is available through bootcamps, online vendors,     and self study CBT.
  • Type of Exam:  Multiple choice computer based exam.  125 questions and 3 hours to complete.  Passing score is 700.
  • Additional Information:  Along with the exam, you must present a completed endorsement form (Found here).  ISC2 reviews resumés in order to     determine your 1 year of required professional experience.  They also randomly audit test takers post-examination prior to awarding your certificate, to be sure you have the required credentials and industry good standing.
  • Location:  In New York, there are exams in Buffalo, Albany and NY City.

Good luck completing your goals, and I hope this list helped you find the certifications you were looking for!