Comparing Entry-level Security Certs
Some of the more frequent questions I get from readers are asking me to help them select the right entry-level information security certification to help them get their security careers off to a good start. While this is completely understandable, it’s difficult to be completely unequivocal when it comes to recommending such things. Certainly, of the many options available, I’d rank the top 5 entry-level security certifications as follows:
- CompTIA Security+
- SANS GSEC
- ISC2 SSCP
- TruSecure TICSA
- SCP SCNA
My rationale for this ranking is based on numerous criteria, including name recognition, perceived value of the credential, my best guess as to the number of individuals who hold that cert, how often it appears in job postings and classified ads, and how well it’s supported by aftermarket products like books, Exam Crams, classes or courseware, practice tests, and other preparation aids.
All this said, it’s imperative that beginner information security professionals understand that by themselves none of these entry-level credentials suffices by itself to put them in a full-time job in the field. All these credentials presume somewhere between 1 and 3 years’ worth of work experience, and focus on basic principles, practices, and procedures rather than digging deeply into the subject matter as do more advanced SANS, ISC2, or other more senior-level infosec certifications. However, these do represent good places to start, and will help IT professionals start working their way into this fascinating and high demand field. With a bit of additional experience, more reading and study, and a next-rung credential under their belts, beginners can ascend to intermediate status, at which point employment as a security professional starts to look a lot more likely.