This is the long and convoluted list facing IT security Professionals. I will re-categorize by skill and review if i have some time later =) For now know that all these are only as good as what your employer is looking for. Exemptions imo are OSCP, CISSP, GSE. These are the three I aspire to.
(CPTS) Certified Penetration Testing Specialisthttp://www.mile2.com/Exam_MK0-201_CPTS_Certified_Penetration_
Testing_Specialist.html
(CPTE) Certified Pen Testing Expert
http://www.mile2.com/Certified_Pen_Testing_Expert_CPTE.html
(CISSP) Certified Information Systems Security Professional
https://www.isc2.org/cgi-bin/content.cgi?category=97
(CWSP) Certified Wireless Security Professional
http://www.cwnp.com/cwsp/
(CEH) Certified Ethical Hacker
http://www.eccouncil.org/ceh.htm
(ECSA) EC-Council Certified Security Analyst
http://www.eccouncil.org/ECSA.htm
(LPT) Licensed Penetration Tester
http://www.eccouncil.org/LPT.htm
Security5
http://www.eccouncil.org/security5.htm
(S+) Security+
http://certification.comptia.org/security/
(SCNS) Security Certified Network Specialist
http://www.securitycertified.net/SCNS_certifications.htm
(SCNP) Security Certified Network Professional
http://www.securitycertified.net/SCNP_certifications.htm
(SANS) SysAdmin, Audit, Network, Security Institute
(GISF) GIAC Information Security Fundamentals
http://www.giac.org/certifications/security/gisf.php
(GSEC) GIAC Security Essentials Certification
http://www.giac.org/certifications/security/gsec.php
(GPEN) GIAC Certified Penetration Tester
http://www.giac.org/certifications/security/GPEN.php
(GCIH) GIAC Certified Incident Handler
http://www.giac.org/certifications/security/gcih.php
(GSE) GIAC Security Expert
http://www.giac.org/certifications/gse.php
(SCNA) Security Certified Network Architect
www.securitycertified.net/SCNA_certifications.htm
(SSCP) Systems Security Certified Practitioner
https://www.isc2.org/cgi-bin/content.cgi?category=98
(CNDA) Certified Network Defense Architect
http://www.eccouncil.org/cnda.htm
(CIW) CIW Security Professional/Analyst
http://www.ciwcertified.com/exams/1d0470.asp
(OSCP) Offensive Security Certified Professional
https://www.offensive-security.com/ilt.php
(OSPA) OSSTMM Professional Security Analyst
http://www.isecom.org/projects/opsa.shtml
(OPST) OSSTMM Professional Security Tester
http://www.isecom.org/certification/opst.shtml
(BISA) Brainbench Information Security Administrator
http://www.brainbench.com/
OSCP is the best technical certification program I have seen so far, especially to 2008/2009 standards. GSE just has insane requirements and a minimal set of people have met them (11 in 5 years?!).
OPST is very forwarding looking. This is only worthwhile if you have mastered the technical focus of your career and want to postulate what is possible on the strategic process side. It could also become a dominant measure of tactical technical ability, but in 2008/2009 it is not quite there yet.
CISSP and all ISC2 certifications are on their way out, regardless of the promises, the re-certification, and the continual education processes. However, many venues will continue to worship them for an unknown reason.
One of the major institutions requiring certification is the US military and government information assurance programs. The DODI 8570.01M is the manual that anyone interested in certification should read (please don’t read just the SANS version, they are very biased).
SCNP/SCNA is a very good path to take for the IAT track – the material is good and widely available. SANS and ISC2 pretty much own all of the other track paths, although the CERT CSIH and ISACA CISA keep the program somewhat vendor neutral.
I have never considered ISC2 or SANS to be vendor neutral (they are vendors in my mind). However I have some nice things to say about SANS, but they are hit or miss and will have to wait for another time.
OSCP is certainly worth everyone’s time and energy. While there is more depth to CWSP, I think OSWP is more relevant today. I do not like the OSWP reliance on Backtrack tools, even though right now they happen to be the most complete.
OSWP is going to be both important and popular soon. The training and certification are cheap, consistent, and timely. This is a serious win. Although the syllabus for OSWP is awesome — the SANS Wireless Ethical Hacking Pen-Test course appears to be even better if you check out Days 1-6 in detail. I would recommend both to those who want to specialize in WiFi/WEP assessments. Woops I just said something nice about SANS training, although you should note that it is incredibly expensive and taking 6 days out of your work life might be a pretty big deal.
haha! good comments ntp!
I will take all these into account. Email me sometime, i’d love to chat more about security =)