SHARE
Follow this article on Twitter Facebook LinkedIn Bookmark and Share
Home >> IT Workplace

Is there a best certification?

Is there a best certification?

By:  M. E. Kabay  On: 18 Mar 2010 For: Network World Creator

There is no best tool for an undefined job. Nobody can rationally decide whether a hammer or a power drill is the "best tool" without specifying what job the tool is supposed to do. So it is with certifications

What's the best tool for solving a problem in your house?

There is no best tool for an undefined job. Nobody can rationally decide whether a hammer or a power drill is the "best tool" without specifying what job the tool is supposed to do. So it is with certifications.

In a conversation with a former graduate student recently, we were discussing precisely this question. The student, a U.S. Army veteran with a wide background in IT, was pleased with his MSIA degree but now wondering whether to hurry up and complete a Certified Information Systems Security Professional (CISSP) exam right away, wait until the graduation ceremony and exam in June, or take another certification such as the Certified Information Systems Auditor (CISA) or Certified Information Systems Manager (CISM). He was also considering Security+ certification.

Naturally, I responded to his questions with a preliminary, "Well, it depends" – the answer that gets academics in hot water with people (not my student) who insist on cut-and-dried, yes-no answers. I pointed out that there are lots of valuable certifications and lots of interesting career directions in security; the goal as we consider options is to find the intersection subset of useful certifications for interesting specializations in the field.

In my student's case, he expressed interest in moving away from strictly technical, relatively low-level network-administration jobs into higher-level, security-management jobs. That information made it easy to point to the CISSP and the CISM as excellent career-enhancing certifications for him. He agreed with my comment that security auditing is a useful contribution to security management, so the CISA is valuable and appreciated by potential employers.

My student asked how he could best prepare for these exams. Would review guides or courses be useful? I responded that I'm skeptical about the long-term value of short cram-courses (for example, "three-day CISSP Prep"); however, longer courses, especially those that provide mentoring and discussion groups, can be useful to committed students. Review questions are useful as diagnostic tools; they can serve to warn a user that a section of the common body of knowledge for their certification exam is missing or unclear. Some exam guides have proven themselves over years to be of value and have now become textbooks in their own right. Shon Harris' CISSP All-in-One Exam Guide is now in its Fifth Edition and has 1,216 pages – more than the Fourth Edition of the Computer Security Handbook (2002) from Wiley.

I admitted that I am completely biased, but I suggested that the Fifth Edition of the Computer Security Handbook (2009)  makes an excellent review text for the CISSP and for the Information Systems Security Management Professional (ISSMP) concentration.

Finally, I mentioned to my student that online study groups can be helpful in preparing for certification exams. In addition to the restricted MSIA-related group we run for alumni of our program, there's an excellent public site that has a wealth of resources and forums for anyone interested in posting questions and sharing knowledge in our field.

Study well!

Sign up for our Newsletters
Tags: information systems, CISSP, exam guides, Certified Information Systems
Close X












Close X
Print |  Views: 2724   |   Rating:offoffoffoffoff  (0 votes)
Rate this article on a scale of
1 to 5 stars,5 being the best.



Close X
Page 1

m. e. kabay M. E. Kabay

Related Content

Some certifications are hot, some not
Some certifications are hot, some notNetwork administrators are finding that investing in learning specialized job skills — and validating those skills by passing certification tests — can lead to career advancement even when the economic outlook for hiring is bleak.
Certified security
Certified security Simply buying firewalls, intrusion detection systems and anti-virus software to prevent IT disasters is like sending money to a university and expecting a PhD by return post. It's not that easy. Without trained people, the investment in IT security may be worse than useless if it leads the enterprise into false confidence.
Certification more political than practical
Certification more political than practicalSome months ago, I proudly earned my Global Information Assurance Certification (GIAC) in network intrusion detection from the Bethesda, Md.-based SANS Institute Inc. I was impressed by the technical depth of the course and by the difficulty of the evaluation process.
What Certifications Should I Write
by jason w. eckertso you have decided that you want to get certified.now, you must choose what to get certified in. not an easy task. in short, you should always choose certifications that will give you a return on your investment. the cost of certification doesn’t just involve the up-front cost that you pay a testing centre to take a certificati
Dan Swanson's Security Resources: #12
business is about change, and peter’s change management repository is one of the very best, and certainly well worth regular visits by busy professionals.

Comments (0)

No Comments!
Name: (required) eMail: (optional)

Your email address will not appear online and will be used only if the editor wishes to contact you personally for additional comments.