Open doors with these security certifications

If you’re pursuing a career in IT security, certifications can only help you bolster your resume and serve as a stepping stone to more advanced training. Critics say certification means nothing; acumen and experience are the true differentiators. But as many IT security professionals have learnt, employers do care.

We take a quick look at what’s available and how they are perceived in the market.

A relatively inexpensive certification, the Systems Security Certified Practitioner (SSCP) is a good entry-level, vendor neutral security-focused qualification. To qualify, you must have experience in one of seven designated areas also known as the SSCP Common Body of Knowledge (CBK). Alternatively, if you don’t meet these criteria, you can sit for the SSCP exam and attain the Associate of ISC2 certification. You will have two years to earn the required work experience for the SSCP. The certification is one of the US Department of Defense (DOD)-approved baseline certifications for both Level I and Level II Information Assurance Technical (IAT) certifications.

The SSCP exam is a three hours long, multiple-choice exam. If you score above 70 percent, you will receive the SSCP certification and pay an annual maintenance fee. Every three years, candidates must recertify by earning 60 continuing Professional Education credits.

Another great resource is the Global Information Assurance Certification (GIAC) Security Expert designation, offered by the SANS Institute. The institute is widely recognised as an industry resource for security professionals not only for their certifications but also training, research, education and books.

While there are numerous niche security certifications including malware analysis and firewalls and host security, the SANS GIAC certifications are impressive. Each GIAC holder must study five areas: security administration, forensics, management, auditing, and software security. Most exams are open book and have a time limit of two to five hours, and the candidate must complete the certification within four months of attempting the exams.

The most popular GIAC exams are GIAC Information Security Professional, GIAC Certified Incident Handler, and GIAC Reverse Engineering Malware. All GIAC certification exams must be renewed every four years.

If you prefer to build up your security skillset by learning to be a white hacker, then the International Council of E-Commerce Consultants’ (also known as the EC-Council) Certified Ethical Hacker (CEH) certification is the way to go. The white-hat hacker (or professional penetration tester) training will introduce you to fascinating new hacking tools to teach you just how an unethical hacker would attack a network perimeter. The CEH comprises of a four-hour exam and includes 125 multiple-choice questions.

The EC-Council offers a number of other useful exams, including Computer Hacking Forensic Investigator, Licensed Penetration Tester, Certified Incident Handler, and Certified Disaster Recovery Professional. It even has an exam for a Chief Information Security Officer.

Another highly regarded entry-level security qualification is the CompTIA Security+ which covers network security, compliance and operation security, threats, and vulnerabilities, as well as application, data, and host security.

The Security+ certification is also among the least expensive but is valid for three years. You must earn 50 continuing education units (CEU) within three years to maintain your certification. You’ll then need to pass a 90-minute, 90-question exam with a score of 750 or better out of 900.

CompTIA Security+ is one of the DOD’s approved baselines for Level II IAT security technicians and an ideal complement to the CompTIA Network+ certification.

The Offensive Security Certified Professional (OSCP) qualification is designed for security practitioners who are involved in the penetration testing process and lifecycle.

This is one of the most difficult IT security certifications to attain because of its stringent requirements. Candidates must first complete the OSCP-hosted “Penetration Testing with Kali Linux” training course to pass the eligibility requirements for the exam.

The OSCP certification exam itself is a full 24-hour marathon. It’s hands on and requires candidates to submit a comprehensive penetration test report on an isolated network.

ISACA or Information Systems Audit and Control Association, offers a range of certifications focusing mainly on auditing, management, and compliance.

Its major certifications include the following: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC).

If you are interested in computer systems auditing or computer security management, these are the certifications to get. Be forewarned: you will need five years of relevant experience to be eligible to take the exams.

Regardless of the certifications you acquire, it is always beneficial to augment what is learnt in the classroom with immersive, hands-on testing of your newly acquired skills.

Participating in real-world cyber wargame scenarios and simulated penetration tests can showcase the kinds of attacks your organisation could face in an actual security breach, and offer insights into what security gaps or knowledge you or your organisation are lacking.

If you’re seeking to improve your cybersecurity knowledge and readiness, come join us at Singtel Cyber Security Institute (CSI) for a 3-day cyber security program that helps you prepare with real life cyber-attack simulations. For more information on our upcoming course, contact us here.