Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Information Security Certifications

From: Daniel Miessler <daniel () dmiessler com>
Date: Wed, 4 Apr 2007 00:32:22 -0400
On Mar 14, 2007, at 9:36 AM, andrews () rbacomm com wrote:
Does the GIAC/GSEC certification have value for someone with the CISSP certification?
I personally feel the best combination of information security certifications are the following: 

1. CISSP
2. GCIA (GSEC, GCIA, GCIH, etc.)
3. CSA
The reasoning is pretty simple: you're looking to present a complete package. And remember, PRESENTING is all you're doing with a certification. It has nothing to do with skill level. Certifications are for convincing OTHERS that you know something, not for actually learning anything yourself. It's true that you can pick things up while studying for exams, but this should pale in comparison to your regular studies if you're on the right path.
So, get the CISSP first because it's the most recognized -- hands down. Combine that with GIAC because those certs are technical, which balance out your CISSP. Then, finally follow up with your CSA to show your proficiency on the audit/policy side of the house.
Once you have those knocked out I think most would be best served by moving on to other endeavors besides certification, namely continuing in traditional education (Masters in Information Assurance, etc.). This combined with your regular study/lab work will propel you much farther than continuing to add random certs once you have these three knocked out. Once you have these you're at the point of diminishing return.
[Edit: The only other that I'd consider is perhaps the CEH (or another, more serious pentest cert) if you're into security testing. It's not likely to be THAT valuable given your other certs, but it's right there on the border of possibly useful, in my opinion]
Also, I have an online resource for the infosec certifications, if anyone's interested: 

http://dmiessler.com/writing/infoseccerts/

Cheers,

--
Daniel Miessler
E: daniel () dmiessler com
W: http://dmiessler.com

Attachment: PGP.sig
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: