Calling top-paying certifications is like picking stocks: It’s always easy looking backward, and progressively more difficult to do the further into the future you try to peer. Even so, I believe that individual certifications, plus demand and technology trends, can support some well-educated guesses on what should pay best in 2003. I base this story on recent employment and salary surveys, plus related trends analysis from this magazine and from Foote Partners, a well-known compensation and employment analysis firm (www.footepartners.com).
Before I introduce and explain the top five certifications to which this analysis leads, I’d like to mention some interesting trends in overall IT employment and compensation. Pay is not uniformly up for all IT positions; in fact, it’s up for some and down for others. For example, a recent Foote Partners survey shows that basic Microsoft Certified Professional (MCP), help-desk technician and network administration certs are trending downward, whereas project management and various information security certifications are trending strongly upward.
You’ll see a strong emphasis on security and specialized skills in the Top 5 list I present, which reflects a strong shift toward information security and toward rare, in-demand specialties. (See Table 1.) All positions in this list routinely pay salaries from high five-figure to low six-figure ranges ($80,000 to $150,000 and up). There is a payoff for those willing to invest the considerable time, effort and money involved in obtaining such credentials.
The Cisco Certified Internetwork Expert (CCIE) certification remains Cisco’s most prestigious and sought-after networking certification. Although the program has no formal prerequisites, many candidates pursue other Cisco certifications as stepping-stones to this credential. The program requires passing only two exams: a more or less standard written exam, plus a (long) one-day laboratory exam. The lab exam has the reputation of being one of the most difficult IT certification exams known to man. Many candidates take that exam two or three times before they pass. Because travel is normally required to one of six or eight lab testing centers located worldwide, this can add significantly to the costs involved.
The Master Accredited Systems Engineer (MASE) is likewise a nonpareil certification from Compaq (now part of HP, which plans to continue the program). Candidates must begin with ASE certification, which in turn requires intermediate-level operating system certifications like the Microsoft Certified Systems Engineer (MCSE), Certified Novell Engineer (CNE) or other similar credentials.
Master ASEs specialize in one of numerous technical areas that include enterprise management, high availability and clustering, Internet/intranet solutions, messaging and collaboration, SAN architect, various Oracle implementations or SQL server.
The table contains two intermediate-to-senior security certifications: (ISC)2’s Certified Information Systems Security Professional (CISSP) and the SANS Institute’s GIAC Security Engineer. (GIAC stands for Global Information Assurance Certification and is the name of that organization’s overall program.) Obtaining a CISSP involves less work than the GSE, because it requires passing only a single exam—but that exam includes 250 hair-raising questions and is given in a six-hour time frame. Obtaining a GSE, on the other hand, requires passing and maintaining five other GIAC credentials on firewalls, intrusion analysis, incident handling, plus Windows and UNIX security administration. It also requires an additional exam and receipt of “honors” credentials in one or more of the five prerequisite certifications. Individuals who obtain CISSPs are more likely to work in security management, planning and design, whereas GSEs are eminently qualified to handle security operations, audits, incidents and so forth. Other interesting senior-level security certifications include those from the American Society for Industrial Security (ASIS), which offers three senior-level programs: Certified Protection Professional (CPP), Physical Security Professional (PSP) and Professional Certified Investigator (PCI).
Like other senior-level protocol analysis certifications, the Sniffer Certified Master (SCM) credential requires deep knowledge of and experience with networking protocols and technologies at all layers of the OSI model. In particular, this type of credential tends to focus on understanding how logical, virtual communications between applications or clients and services translate into “wire-level” traffic. Perforce, protocol analysts are often deeply involved in network security and forensics, since so much of what’s necessary to understand attack patterns, signatures and pathologies is best captured and understood through protocol analysis. SCM candidates must meet numerous Sniffer certification prerequisites and tackle three specific topics and technologies (in the areas of security, forensics, communications analysis, traffic characterization and so forth) to qualify for certification. Thus, the SCM is regarded as both work-intensive and difficult by many experts in the field. Other equivalent certifications include the WildPackets Network Analysis Expert (NAX) or the Pine Mountain Group’s Certified NetAnalyst Architect.
While obtaining any of these certifications can propel you into the highest-paying ranks of the IT profession (outside top-level management jobs, that is), you should also expect to pay some dues along the way. None of these credentials typically attracts individuals with less than seven years of direct, relevant work experience. All of these credentials take at least 18 months to prepare for (some take much longer). But all offer an entry into various fascinating and interesting areas of work and activity that should remain valuable for years to come.
Ed Tittel is vice president of IT certification at iLearning.com and contributing editor for Certification Magazine. E-mail Ed with your questions and comments at firstname.lastname@example.org.