It’s widely known that the demand for IT Security professionals is one of the largest growing sectors in the IT field overall. As a result, employers are using certifications more and more as their baseline for evaluating job applicants. Let’s take a look at some of the most common IT Security certifications and how they can be applied.
— This, for lack of a better term, is the introductory course into the IT Security field. This class is not highly technical; it is more geared towards learning the terminology used by Security professionals. Obtaining a Security+ cert lets employers know that you “speak the language” and understand the concepts and frameworks essential to becoming an IT Professional.
— Common job functions might include verifying implementation of security measures for a company’s IT systems and also, documenting and presenting your findings to the IT managers.
— Recommended background is at least 1 year of experience in the field and/or A+ and Network+ certifications. If you possess both, even better.
Certified Ethical Hacker (CEH)
— CEH is a hands-on application course and certification. It is much more technical than the Security+ certification. The focus of this training is to learn and identify the common methods that hackers might use to attack networks and applications. CEH’s are positioned within an organization as a means to prevent attacks and shore up existing vulnerabilities in their network.
— Common job functions will include testing the network and applications for misconfigurations and security risks. It is also likely that a company will have it’s CEH professionals handle the tasks of installing and configuring security devices such as firewalls and intrusion prevention/detection systems.
— Recommended background is certifications in CCNA and MCITP as well as some knowledge of computer programming.
Certified Hacking Forensic Investigator (CHFI)
— CHFI is another fairly technical course and certification. Much like the CEH, the CHFI focuses on learning the ways in which hackers can maliciously attack networks and applications. However, CHFI goes further and teaches how to gather and analyze evidence once an attack has occured, i.e. forensic data or “fingerprints”.
— Common job functions could include analyzing hard drives of compromised systems, or analyzing the data security devices such as the firewalls and other preventative security systems. Also, CHFI’s could be called upon to give expert testimony in court cases involving hacking, fraud, etc.
— Recommended background is certifications in A+/Net+ and MCITP as well as some knowledge of computer programming.
Certified Information System Security Professional (CISSP)
— Although this is the highest of the four certifications listed here, it is NOT the most technical. It is a Security concepts course with focus more on upper management security issues, communication, and overall security team management. Common job titles for IT professionals with CISSP will be Information Assurance Manager or Information Systems Security Manager.
— Common job functions include articulating security issues to upper management and interfacing with the employees who manage the IT Security systems. Professionals with the CISSP certification are highly revered and sought after by organizations looking for qualified personnel to manage their security infrastructure and security teams.
— It is recommended that those individuals seeking CISSP have the three certifications listed above (Security+, CEH, and CHFI). In addition to those certifications, a minimum of 5 years work experience in the IT Security field is highly recommended.