Senior Security Professional (3 Programs)
Having written a broad overview of the security certifications for InformIT (Security Certification Overview) as well as detailed reviews of two of the three programs I cover here, I'm not going to provide quite as much detail on these programs as in previous sections.
For the purposes of this article, I just want to identify the three top security certification programs, all of which are identified in surveys or subject to originator's claims for the kinds of earnings necessary to receive mention in this story. These three programs are as follows:
The American Society for Industrial Security's (ASIS) Certified Protection Professional (CPP) program. This program has the distinction of requiring seven or more years of security-related job experience, in addition to its more conventional code of ethics and examination requirements.
The Systems Administration and Network Security (SANS) Institute's senior-level Global Information Assurance and Security (GIAC) certifications. This program offers a variety of highly relevant specializations in Windows, UNIX, intrusion detection, incident handling, and other useful topics. Its experience requirements are in the one to three year range, and its cachet is much stronger for up-and-coming IT security professionals.
The International Information Systems Security Certification Consortium's (ISC2) Certified Information Systems Security Professional (CISSP) remains the IT security certification most often requested by name in job postings and classified advertisements. While some experts say its coverage is a bit outdated, it nevertheless remains the most sought-after IT security certification.
Each of these three programs appears in the highest rankings of pay associated with IT certification in salary surveys, and each parent organization makes the appropriate claim about absolute compensation amounts. If you're weighing one or more of these choices, be sure to talk to certified professionals, employers, and recruiters, and pick the program that best meets your current or planned employment situation. With numbers like these, it's hard to go wrong!
Before I present the typical profile for these individuals, I must point out that the values vary more widely here than for other pinnacle certifications simply because of the wide variation in requirements (especially owing to the CPP's high "years of experience" quotient).
The following is a typical Senior IT Security Cert completion profile:
Average years of direct security experience: 4 to 10+
Average total years IT experience: 5 to 12+
Time to complete credential: 2 to 3 years
Average number of written exam attempts: 1.5
Average out-of-pocket expense for cert: $295 to 2,200+ (Because some GIAC topics require attending classes, higher costs include training and exam fees.)
Senior Protocol Analyst (3 Programs)
Of the three companies or organizations that offer protocol analysis certification, only the program from Sniffer Technologies represents itself as vendor specific. Both the Pine Mountain Group and WildPackets represent their offerings as vendor neutral (but WildPackets' training for their exams shows an unsurprising tendency to emphasize its protocol analysis products as it helps candidates prepare for their exams).
All three organizations offer senior-level certifications, and all claim that six-figure incomes for individuals who hold such certifications are common. Based on my own personal experience with numerous individuals who hold these credentials, this is true for that population. Otherwise, I have been unable to find significant survey data or other third-party reporting. Nevertheless, I put enough credence in the parent organizations' claims for compensation that I include this category in my article.
The three top-tier programs from the three vendors are as follows:
Sniffer Certified Master (SME). Identifies individuals who've obtained Sniffer Certified Professional (SCP) and Sniffer Certified Expert credentials, and have also passed three additional topic/technology exams for a total of six exams.
Wildpackets Network Analysis Expert (NAX). Identifies individuals who've passed the Protocol Analyzer Specialist (PAS) certification, then go on to take additional Data Link and Area of Specialty knowledge exams, plus write a technical white paper. Knowledge exams include Ethernet, Wireless, TCP/IP, and Apple Networking topics.
Pine Mountain Group Certified Netanalyst Architect or Security credentials. These senior level, vendor-neutral certifications identify individuals who've completed additional exams on advanced network and protocol analysis or on security-related network analysis topics above and beyond an entry-level network analyst certification.
The following are typical Senior Protocol Analysis completion profile:
Average years of direct protocol analyzer experience: 4+
Average total years IT experience: 10+
Time to complete credential: 2.5 years
Average number of written exam attempts: 1.5
Average out-of-pocket expense for cert: $300+ (Exam costs vary by certification and by vendor.)