SecurITyCerts dot Org

       Navigating Security Certifications

Subscribe to SecurITy, our free newsletter

Security Certifications:
The Top Three Infosec Certifications

There are a lot of security certifications available, ranging from entry level to advanced and from very general to focused on specific areas of security. Some security certifications include a focus on hands on skills whereas others entirely dismiss them. Picking the top three is bound to be controversial, and certainly (polite) feedback on my choices of the top three security certifications is invited.

Although security certifications can force one to learn valuable skills and acquire useful knowledge, I see this as a byproduct of the certification process. Yes, I’ll gladly agree that these skills and knowledge are important, very often much more so than the actual "cert" itself, but I didn't consider the actual body of knowledge that certs required learning as one of the criteria to pick the top three. I reasoned that if the body of knowledge were totally useless for any of the certifications, then the criteria I used wouldn't be satisfied. Call me an optimist!

I used the following criteria to pick the top three information security certifications:

Note that this is not an ordered list of certifications: I make no attempt to claim one is better than the other. In fact which certification, if any, is most valuable will vary from individual to individual.

Certified Information Systems Security Professional (CISSP)

The CISSP certification is the granddaddy, the oldest security certification, and the best known. There are over 60,000 CISSPs as of late 2008.

The CISSP exam covers a wide array of topics, many not traditionally associated with information security. There is no attempt to be remotely cutting edge nor is there any hands on type information. The test is a bear, and no one enjoys taking it!

CISSP - Click Here For More Info

Also see: CISSP Training or Self Study?
              9 Tips for Taking The CISSP Exam
              My Experience taking the CISSP Exam


The SANS GIAC GSEC certification is a very popular certification comparable in difficulty to the CISSP. Unlike the CISSP, it emphasizes skills that are immediately useful in the workplace, including hands on skills.

GIAC GSEC -- Click Here For More Info

Also see:  Taking the GIAC GSEC, Paul Meynen
               The GIAC GSEC, Instructors Take it Too


The Security+ certification is an entry level security certification. Numerically it's extremely popular, with 50,000 certified professionals as of late 2008, however as it's entry level and much easier than CISSP or GSEC, not nearly as well regarded.

Security+ Certification -- Click Here For More Info


I have all three security certifications. It's rare that anyone considering hiring me cares, but that's in large part because I've been in the security field a long time. All three certs have value.

I occasionally teach classes to help people prepare for all three certifications, and I may sometimes be happily on the payroll of one or more of the companies mentioned above. For the full story, visit your favorite search engine.

I'm a consultant, I'm for hire, so yes, I am not entirely impartial and don't pretend to be. However I try to present the information in a clear and concise way, the good, the bad, and the annoying too.

Ted Demopoulos, IDNNFIMNILE (I Don't Need No Friggin’ Initials My Name Is Long Enough)

More About Ted

Ted Demopoulos at Caesars Palace
Ted Demopoulos,  Caesars Palace