As social media rages ahead so do other forms of sophisticated attacks. Information Security was a term that was barely used about 20 years ago. Yet, it has begun to play a major role today and will continue to do so in the future. The demand for Security professionals has also exponentially increased and the way to step into the most sought after career is to be certified. Employers will look for a proper mix of certification and experience to short list prospective candidates. Employees will climb up the information security ladder faster if they are certified. Certification is easier for professionals who have IT and Security experience but it does not stop strong-willed non-IT professionals to demonstrate their strength either. Each exam will have separate rules for inexperienced professionals to take the exam.
If one does not have the required experience to take the exam, one can become an Associate of (ISC)2 and clear the exam after gaining enough experience to take the exam within the stipulated amount of time.
We will discuss the CISSP and SSCP (ISC)2 certifications that are available.
(ISC)2 is the ‘International Information Systems Security Certification Consortium’ and is one of the most prevalent and widely accepted standards for Information Security certification.
- CISSP certification (Certified Information Systems Security Professional)
The requirements for appearing for the exam are as follows:
- Have five years of demonstrated Information Security experience in two or more of the ten domains of the CISSP exam
- Subscribe to the (ISC)2 code of ethics
- Pass the CISSP exam and complete the endorsement process
- Access Control
- Application Development Security
- Business Continuity and Disaster Recovery Planning
- Cryptography
- Information Security Governance and Risk Management
- Legal, Regulations, Investigations and Compliance
- Operations Security
- Physical (Environmental) Security
- Security Architecture and Design
- Telecommunications and Network Security
As CISSP certification is what most employers look for in prospective employees of information security, it is “THE” certification to achieve. It is the most sought after certification. CISSPs will be expected to give presentations and seminars and will be looked upon by other information security professionals.
As this field is dynamically changing, one unlike most other professions, CISSPs must recertify once in every three years.
For professionals, who have achieved the CISSP gold standard and are wondering “What next” there are other CISSP concentrations such as CISSP-ISSAP, CISSP-ISSEP and CISSP-ISSMP.
- SSCP certification (Systems Security Certified Practitioner)
- Access Controls
- Cryptography
- Malicious Code and Activity
- Monitoring and Analysis
- Networks and Communications
- Risk, Response and Recovery
- Security Operations and Administration
A career in the Information Security field is a highly satisfying one and with a certification under the belt, professionals can command any designation and salary they desire! First, it is important to choose the right certification for one’s professional profile and collect resources to achieve the target. Setting up timeframes to study each domain is the next step and the combination of these factors will help one achieve all Information Security glory!