Certifications are interesting things. I remember when I first got my MCSE, a proud day, when I officially became an "expert"...or so I thought. I soon found out that it wasn't really that useful if I didn't have the experience to back it up.

When it comes to security certifications you can basically break them into a couple of groups: (A) Task or vendor specific and (B) General.

There are a ton of security certifications out there these days but some of the common ones are:

• Task/vendor specific
  • SANS (most of their tracks are task specific)
  • Security+
  • Cisco CCSP
  • Checkpoint CCSE
  • MCSE security
  • CISA
  • [insert your favorite vendor cert here]
• General
  • ISC2 - CISSP/ SSCP
  • ISACA - CISM

So, which ones should you be getting? That depends a bit on your job role and career path.

If you are doing a specific security management or support duty then obviously you will get the most bang for your buck from doing a specific certification. You will also do a better job managing your systems. If you are a Microsoft shop and your job role is security then it makes complete sense for you to pursue a Microsoft security certification.

However, if your career aspiration has you becoming a more general security consultant then you will benefit a lot more from a certification like the CISSP. In reality, in all of the RFPs that I've responded to, almost none of them mention security certifications other than the general ones.

The most tangible benefit of a ISC2 or ISACA certification is that they have a pre-requisite  amount of experience required to get the certification. This is your concrete proof that you're certification is worth more than the paper it's written on.

There are times when you will require a specific certification. For example, I got my GCFA because I knew that forensics is one of those fields where you really need to be able to prove [in court] that you are competent. This is one task specific certification that I highly recommend. It was a great course and content.

Do you have a security certification that you think is a must have? Leave a comment.