1. Security Certification
David Cass, CISSP, NSA-IAM

2. Why Security Certification
Professional validation of skills
exposure to industry standards
best practices
baseline skills for a specific role

3. Why Security Certification
Internal & External Value
Credible advice & support
Quality of work & productivity
Differentiation of your organization or group
Culture of excellence

4. Why Security Certification
Not a substitute for years of experience

5. Which certifications are right for my organization?
Organizational Needs Assessment:
Roles & Responsibilities
Experience
Types of Infrastructure equipment supported

6. Security Certifications
Classifications:
Benchmark
Wide recognition by professionals in all sectors
Advanced level
Prerequisite for many senior jobs
Foundation
Introductory certifications
One to four years of experience

7. Security Certifications
Classifications:
Intermediate
3 to 4 years of networking experience
2 years of IT Security experience
Advanced
Expert level
Minimum of 4 years of IT Security experience

8. Security Certifications
Vendor and Product Specific
Hardware/ software dependent
Range from intro to expert or advanced levels
Examples include: Cisco, Check Point, Symantec, Tivoli, Microsoft, and others

9. Security Certifications
Benchmark certifications:
CISSP
isc2.org
Common Body of Knowledge
Access Control Systems and Methodology
Applications & Systems Development
Business Continuity Planning
Cryptography
Law, Investigation & Ethics

10. Security Certifications
Benchmark:
CISSP
Common Body of Knowledge
Operations Security
Physical Security
Security Architecture & Models
Security Management Practices
Telecommunications, Network & Internet Security

11. Security Certifications
Benchmark:
Certified Information Systems Auditor (CISA)
isaca.org
IT audit community
Covers:
Management, planning and organization of IS
Technical infrastructure and operational practices
Protection of Information Assets
Disaster Recovery and Business Continuity

12. Security Certifications
Benchmark:
Certified Information Systems Auditor (CISA)
Covers:
Business Application Systems Development, Acquisition, Implementation and Maintenance
Business Process Evaluation and Risk Management
IS Audit Process

13. Security Certifications
Foundation level:
Security+
CompTIA
Focus on basic architecture, business, and products
Covers:
General Security Concepts
Communications Security
Infrastructure Security
Basics of Cryptography
Operational/Organizational Security

14. Security Certifications
Foundation level:
TICSA Certified Security Associate by Trusecure
Network admins, and entry level audit personnel
Focus on architecture and products
Covers:
Security Practices and Procedures
Security Fundamentals
TCP/IP Networking Fundamentals
Firewall Management Fundamentals
Detection, Response & Recovery

15. Security Certifications
Foundation level:
TICSA Certified Security Associate by Trusecure
Covers:
Administration & Maintenance Fundamentals
Design & Configuration Basics
Malicious Code Fundamentals
Law, Ethics, and Policy
Authentication Fundamentals
Cryptography Basics

16. Security Certifications
Foundation level:
SANS
GIAC Security Essentials (GSEC)
Basic understanding of the CBK
Basic skills to incorporate good infosec practices
GIAC IT Security Audit Essentials
Developing audit checklists
Perform limited risk assessment

17. Security Certifications
Foundation level:
SSCP (Systems Security Certified Practitioner)
isc2
Covers:
Access Controls
Administration
Audit and Monitoring
Risk, Response, and Recovery
Cryptography
Data Communications
Malicious Code/Malware

18. Security Certifications
Intermediate level:
National Security Agency Infosec Assessment Methodology
NSA-IAM
NSA process for identifying and correcting security weaknesses in information systems and networks
GIAC Systems and Network Auditor (GSNA)
Apply risk analysis techniques
Conduct technical audits

19. Security Certifications
Intermediate level:
CIW Security Analyst Certification
Deployment of e-business transaction and payment security solutions
Implementing e-business security policies
GIAC Certified Windows Security Administrator (GCWN)
Secure and audit Windows systems
GIAC Certified UNIX Security Administrator (GCUX)
Secure and audit UNIX and Linux systems

20. Security Certifications
Intermediate level:
GIAC Specializations
Firewall Analyst
Forensic Analyst
Incident Handler

21. Security Certifications
Advanced level:
Certified Information Systems Security Professional (CISSP)
isc2: CBK
Additional concentrations:
Information Systems Security Engineering Professional
Information Systems Security Management Professional
Information Systems Security Architecture Professional

22. Security Certifications
Advanced level:
Certified Information Systems Auditor
Information Systems Audit and Control Association
Globally accepted standard IS Audit and Control

23. Security Certifications
Vendor Specific:
Cisco:
Cisco Certified Security Professional (Intermediate)
Cisco Certified Internetwork Expert Security (Advanced)
Check Point:
Check Point Certified Security Administrator (Foundation)
Check Point Certified Security Expert (Advanced)

24. References & Resources
(isc)2 = International Information Systems Security Certifications Consortium, Inc.
Information Systems Audit and Control Association
SANS & Global Information Assurance Certification
Certification Magazine

25. References & Resources
CIW Certified
Cisco
Check Point
CSO Magazine

26. The End
For Additional Information: