There are many security certifications available, from entry level to advanced and from very general to very focused. Picking the top three is bound to be controversial, and certainly feedback on my choices of the top three security certifications is invited.
I used the following criteria to pick the top three information security certifications:
* Well known -- A certification needed to be well known to be considered. That leaves out newer security certifications, as security certifications that have been around longer are naturally better known.
* Popular -- I also considered the popularity of the various security certifications; the actual number of people who have been certified. This also favors the older and more established security certifications.
* General Purpose -- Only general purpose, vendor neutral security certifications, were considered. This automatically removed many security certifications from consideration.
Note that this is not an ordered list of certifications: I make no attempt to claim one is better than the other. In fact which certification, if any, is most valuable will vary from individual to individual.
The top three are:
The Certified Information Systems Security Professional (CISSP)
The CISSP certification is the oldest security certification around and the best known. There are over 60,000 CISSPs.
The CISSP exam covers a wide array of topics, many not traditionally associated with information security. No attempt to made be cutting edge nor is there any hands on type information.
MB Daily I Ching 1.10 download
The CISSP exam is multiple choice, consisting of 250 questions over six hours. It's taken using paper and pencil.
The certification lasts for three years, and you can renew by retaking the exam, something almost no one ever does, or by earning the correct number and types of continuing professional education (CPE) credits.
Security Essentials Certification (GSEC)
The SANS GIAC GSEC certification is a very popular certification comparable in difficulty to the CISSP. Unlike the CISSP, it emphasizes skills that are immediately useful in the workplace, including hands on skills.
The GSEC exam consists of 180 multiple choice questions with a 5 hour time limit, and the test is open book. The GSEC certification exam needs to be retaken every 4 years. There is no need for continuing education, just a solid understanding of the material.
Security+
The Security+ certification is an entry level security certification. There are 50,000 certified professionals, however as it's entry level and much easier than CISSP or GSEC, not nearly as well regarded.The test consists of 100 multiple choice questions with a 90 minute time limit. Security+ is a "certification for life" - no renewal ever required.
