Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

InfoSec Certs To Help Get Your Foot In The Door

By - Source: Toms IT Pro

The field of information security is wide and deep, and so is the list of available IT security certifications. If you're just starting out on your IT career journey, here are some suggestions on InfoSec certs that will help get your foot in the door.

A college student with a strong interest in information security is looking for guidance on InfoSec certifications that will help him get his foot in the door so he can obtain his first job in IT. He's interested in pursuing ComTIA's Security+, Cisco's CCNP Security, EC-Council's Computer Hacking Forensic Investigator (CHFI), ISACA's Certified Information Security Manager (CISM) credential, as well as the Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor (CISA) certs from (ISC)2 and various SANS Institute certifications. 

With so many options to choose from, Deep, our correspondent this week, definitely needs some guidance on where to start and how to plan his certification and training path. And with his long term goal of becoming a Chief Information Security Officer (CISO) we also recommend that he continues his education, obtaining a master's degree in either a computer science filed with a focus on information security or an MBA, with a focus on business and management, or preferably both.

MORE: How To Become a Chief Information Security Officer (CISO)

Dear Deep:

Your interest in information security puts you right in the forefront of one of the biggest and fastest growing sectors in IT employment. To that end you should look through our list of the best information security certifications. As you'll see, the vast majority of the credentials you're interested in appear on that list, and more importantly, they're on hiring managers' radars.

I'd recommend that you consider a SANS introductory credential, such as the GIAC Security Essentials (GSEC), if you're planning to tackle the SANS curriculum. It offers a better general InfoSec foundation than some of the other options, and will help prepare you for more advanced elements in the SANS certification families later on. If you think the GIAC curriculum is too advanced and that you might not be ready for it, go with the CompTIA Security+ cert instead and then quickly move on to the GSEC.

Cisco's CCNP Security certification is another great option, especially if you're working with Cisco equipment. Just keep in mind that you'll first have to obtain Cisco's CCNA Routing & Switching cert before attempting the CCNP exam. This is also a more advanced level certification, so it's wise to have some security basics and hands-on networking experience under your belt before going through the CCNP training.

EC-Council's Computer Hacking Forensic Investigator (CHFI) cert is also a good choice for InfoSec professionals, especially if you're interested in pursuing the computer forensics path down the road. It covers the use of forensics tools, techniques and procedures used to identify forensics evidence all from a vendor-neutral perspective. I would suggest that you plan on tackling the CHFI once you're able to get some hands-on experience with computer forensics tools along with a solid introduction to some of the topics that the certification covers. You should also consider EC-Council's popular Certified Ethical Hacker (CEH) credential which follows a similiar certification structure.

ISACA's Certified Information Security Manager (CISM) and (ISC)2's Certified Information Systems Security Professional (CISSP) credentials both require at least five years of full time information security work experience, so I'd suggest that you save these two options for later. Your goal should be to build a good information security foundation through some entry-level certification so that you can get your first IT job, preferably with a focus on InfoSec. Once you're able to get some experience under your belt, both the CISSP and CISM certs are excellent options that will set you apart from the compentition.

Finally, the Certified Information Systems Auditor (CISA) is an auditing credential aimed more at those who work in the financial side of the business rather than the technical side, although this is a relative thing, and indeed the CISA does have considerable intrinsic value as a certification. Take a closer look at the certification objectives before deciding on taking this route.

Free IT Career & Certification Advice

If you have a certification or career-related question, you've come to the right place. Get personalized IT career advice by filling out our  questionnaire >> Learn More

If your longer term goal includes becoming a Chief Information Security Officer (CISO), you may also want to consider finishing your bachelor's degree and then pursuing a master's, probably in computer science with a focus on information security. Here in the United States there are master's programs that fall under the National Centers of Academic Excellence in Information Assurance and Cyber Defense, which you can read about on the NSA Website.

Also, any C-level executive position (CEO, CIO, CTO, CISO and so forth) can benefit from a Master's in Business Administration (MBA) because such positions inevitably require their holders to appreciate and understand their organizations from a business perspective.

If you can formulate a plan to develop your skills and knowledge, then implement the certifications and educational elements in systematic and regular fashion, I see no reason why you shouldn't occupy a CIO or CISO job within a decade or so. Keep at it, and you'll make progress. Keep at it long enough, and you just might realize your goals completely.

Best of luck in your career and certification planning, and my very best wishes for your personal and professional success.