If Information Security certifications were people…

If Information Security certifications were people…

Henry Dalziel | Certified Ethical Hacker, CISSP, CompTIA, EC Council, Mile2 | March 3, 2013

What if we could morph information security certifications into people? We think we can and we have. We specialize in the best known InfoSec certifications of CISSP, CEH, Security+ and we dabble with CPTE by Mile2 which is another excellent penetration testing certification. OK, so what are we going on about!?

Based upon hundreds to calls, emails and communications with our students we feel that we have been able to identify the characters that lie behind the certifications, or better said, the type of person that best represents the certification. Or, at least, we hope we have!

So lets start with CEH, the famous (some might say infamous) Certified Ethical Hacker by the Mighty EC-Council. CEH, now in its’ version numero 8 is an excellent qualification as validated by its’ ANSI recognition. Aside from the certification containing an excellent syllabus with plenty of practical advice – the naming of the cert in our opinion greatly helped the course grow in recognition but also in stature. To have an internationally recognized information security certification on your CV saying “Hacker” in its’ title generates interest on the Human Resources team reviewing your resume – point being made is that the term “Hacker” – as being a Certified Ethical Hacker – is brilliant marketing. At Concise Courses most of our inquiries ask about CEH, especially regarding the differences between CEH and the other infosec certifications.

So not only are you a Certified Hacker but, you are Ethical, i.e. you could’ve been a bad guy but hey, you want to fight for justice and make the world a better place.

Any play on the word “Hacker” is just plain cool. OK, haters gonna hate on that last comment but it just is – let’s face it. So, our imagery of the type of person that would do a CEH course is an IT professional between the ages of 20-35 with a cool attitude, smart and essentially – just a dude. (Image credit goes to Amber Green and modified by Lily at Concise Courses).

OK, lets move on to our next caricature of CompTIA’s Security+. Like, CEH, Security+ is ANSI accredited and has been around for a long time. Not only is the cert completely and indisputably recognized but according to CompTIA, there are currently more than 45,000 people around the world who have earned this security certification. CompTIA do recommend that students have two years of security-related work experience (although not a requirement) and pass 75% of the multiple choice exam.

The fact that students don’t need any prior experience is just dandy because from our experience of having communicated with hundreds of Security+ students is that these guys are already experienced and have all the necessary information. We offer Security+ self study learning packs that are one of our best sellers – and that in itself demonstrates just how self-educated and lets be honest, geeky (and super cool) these guys are. We should also add that they are also very smart bunch as well.

ISC2 and CISSP is next on our list. CISSP: Certified Information Systems Security Professional is the veteran and highest certification you can attain from ISC2. CISSP, when compared to Security+ and CEHv8 is generally considered the hardest security title to get, and the most well-regarded as well. So just how difficult is it? Well, first off, you need to have accumulated at least five years of security-specific experience before you can apply for the designation. Furthermore, to become CISSP you also need endorsement by a fellow security professional who can confirm your experience and any previous certifications you might have referred to.

Even if you pass the exam, you may still be audited. That means ISC2 can investigate and make sure you have the experience you claim to have. And after that, you need to re certify every three years (which is actually the same for the other two certs).

Is CISSP worth it? Most certificate holders would say yes because it is the “only” certification that hiring managers and human resources tend to know. We have often heard here at Concise Courses that CISSP is “the gold standard of security credentials” and that the certificate packs a lot of content – and the usual description is that is “a mile wide and an inch deep”; meaning that vast amounts of data and information are covered but only superficially. Owing to the attained “wisdom” and breadth of information contained with CISSP, the fact that you must be sponsored by a fellow professional to enter the club, and because you must have five years (at least) of experience as a security professional made us compare the certificate to that of a wise old man.

Last word
Did we get it right or do we get it wrong! Let us know – we’d love to hear your feedback, especially if you are certified yourself in either one or more of the above mentioned certs. Even if you are not we’d be interested to get your thoughts to the value of getting a security certification.

Leave a comment or reply below...thanks!