Bert/Petter;
Certifications have value in different situations. The main thing to consider
is that a certification is a declaration of knowledge, not of skill. Technical
certifications are for people following orders in making change and want to
understand the technical impacts of making those changes. Management
certifications are for people who want to understand complex relationships
between the technology being implemented and the risk they are mitigating as
compared to the cost of choosing the control. In either of the cases,
certifications are required for certain computer security positions and
contracts with the US government.
The Security+ and CISSP are both vendor independent. The Security+ is a
technical certification with some management concepts. It is definately the
one you want to start with if you're new to security and are coming from an IT
background. Many of the topics you'll learn from the Security+ certification
will play an important role in studying for about 1/5th of the CISSP.
The CISSP is a big exam, but if you're good at memorizing a LOT of material,
you can think of this in the same lot as the Security-Industry version of the
LSAT or GRE. Of course it's always better to have well rounded experience when
taking an exam, but only the CISSP attempts to have this as a prerequisite.
Unfortunately, I?ve seen a couple people pass the experience requirement from
uncertified supervisors, when they wouldn?t have gotten my endorsement.
Either certification will help when applying for other jobs. However, if
you?re looking for jobs that will take your certification seriously, be
prepared to explain why your certification helps you ? and reasons that you
earned it other than that you sat for a ?Bootcamp?.
Cheers!
Eric, CISSP-ISSEP, Security+, IT Project+, A+, MCSE, MCNE, CCNP, etc, etc.
