Certifications could secure your future

Security certification holders are in great demand

The CIO-level business angle on the latest tech

I recently wrote a column for the print version of Network World asserting that IT technical certifications still hold value (see link below).  Many readers wrote to me, asking which certifications are the most valuable today.  Value, like beauty, is in the eye of the beholder. 

The value of a certification is defined by the demand created for it by employers and clients.  Given the fast pace of change in the IT industry, demand for certain certifications shifts swiftly.  So how do you know which certifications to pursue?  Follow the money trail.  That is, analyze what CIOs are spending their money on now and over the next few years and you'll begin to see which certifications employers will demand.

In today's environment, the big money is going toward improving enterprise security.  According to a recent spending survey by "CIO" magazine, even while budgets for other aspects of IT are being cut to the bone, many CIOs are increasing their spending on security.  Not all of the money is going toward technology; some of it is aimed at improving policies and people.  Reading between the lines, I'd say that security certifications are growing in importance.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

I recently wrote a column for the print version of Network World asserting that IT technical certifications still hold value (see link below).  Many readers wrote to me, asking which certifications are the most valuable today.  Value, like beauty, is in the eye of the beholder. 

The value of a certification is defined by the demand created for it by employers and clients.  Given the fast pace of change in the IT industry, demand for certain certifications shifts swiftly.  So how do you know which certifications to pursue?  Follow the money trail.  That is, analyze what CIOs are spending their money on now and over the next few years and you'll begin to see which certifications employers will demand.

In today's environment, the big money is going toward improving enterprise security.  According to a recent spending survey by "CIO" magazine, even while budgets for other aspects of IT are being cut to the bone, many CIOs are increasing their spending on security.  Not all of the money is going toward technology; some of it is aimed at improving policies and people.  Reading between the lines, I'd say that security certifications are growing in importance.

Perhaps one of the best-known certifications for security pros is the CISSP, or Certified Information System Security Professional.  This certification is issued by the International Information Systems Security Certification Consortium, known as (ISC)2.

The CISSP Certification recognizes the mastery of an international standard for information security and understanding of a Common Body of Knowledge (CBK), which includes:

* Access Control Systems & Methodology.
* Applications & Systems Development.
* Business Continuity Planning.
* Cryptography.
* Law, Investigation & Ethics.
* Operations Security.
* Physical Security.
* Security Architecture & Models.
* Security Management Practices.
* Telecommunications, Network & Internet Security.
 
CISSP is considered the premier international credential for establishing that a candidate possesses the necessary knowledge, skills and abilities for competent practice of information security with at least four years professional experience. At the end of December 2002, only 13,397 people worldwide held the CISSP certification.  Compare that to the hundreds of thousands of people who hold operating system or hardware-specific certifications, and you can see why these certified professionals are so highly in demand.

A second certification offered by (ISC)2 is called System Security Certified Practitioner, or SSCP.  SSCP Certification was designed to recognize an international standard for practitioners of information security and understanding of a CBK. It focuses on practices, roles and responsibilities as defined by experts from major IS industries.  The seven areas of the CBK include:

* Access Controls.
* Administration.
* Audit and Monitoring.
* Risk, Response and Recovery.
* Cryptography.
* Data Communications.
* Malicious Code/Malware.
 
If you're looking for a good foundation certification in security, have a look at CompTIA's Security+ certification.  Less stringent than the certifications offered by (ISC)2, CompTIA's Security+ verifies a candidate's knowledge and skills in the following areas:

Linda Musthaler is a principal analyst with Essential Solutions Corporation.