Hello soldiers of the cyber resistance,
You are tuning into CRR, Cyber Resistance Radio.
Today in our third podcast we talk about information security job certifications.
In my search for acquiring a new certificate in the information security field I came across a website that gave me more insight into all the various certifications. The ones on the foundation level that teach you all the fundamentals of information security, but you can also specialise towards a specific goal. Let’s say for instance the CEH certificate, this will teach you how to become an ethical hacker, also we will talk about the international respected CISSP certification.
So to sum up today’s podcast, i will try to give you a little more insight into all the various certificates that currently exist in infosec.
Let’s start with CISSP.
CISSP stands for this stands for Certified Information Systems Security Professional.
What are the contents behind the education of this certificate ? Let me tell you.
From 2015 and later, the CISSP curriculum is divided into eight domains:
- Asset Security
- Security and Risk Management
- Security Engineering
- Communications and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
You need to Possess a minimum of five years of direct full-time security work experience in two or more of the information security domains, enough to get your (CBK).
CBK stands for common base of knowledge, this is the required knowledge that you need to know in order to acquire your diploma.
The CISSP certificate is an international certificate and is considered one of the most important in the information security field.
The CISSP certificate is for people like security officers, security managers, security consultants, network and IT architects with 5 or more years of experience in IT security.
After your diploma you can add CISSP behind your name, this will enhance your chances for a better career within infosec.
Let’s take a look at the next certificate, CISA
CISA trains you to become an IT auditor with a broad knowledge on information security related topics.
CISA stands for certified information security auditor.
The contents of the exam or not very technical but it is required that you know the basics of the IT side of things and also have knowledge of the governance part of IT security.
Contents of the CISA exam are;
- Management of the IS audit function
- ISACA standards
- IS controls
- Performing an IS audit
- Control self-assessment
- The evolving audit process
The CISA designation is a globally recognized certification for Information Security audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise.
Heading on to the next certificate, CISM
CISM stands for Certified Information Security Manager. This title already says at all, but I will go more in depth now.
The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages, designs, and oversees and assesses an enterprise’s information security. At the moment about 27.000 people in the world hold this title.
When you are an general IT department manager it is recommended that you take some foundation level courses first before taking the CISM exam. You can choose to focus on the management side (information security foundation) or focus on the technical side (IT-security foundation)
Sometimes CISM is used to extend the knowledge of an existing manager in the workfield of IT. Usually for managers that are responsible for the daily IT operations of a company that has to deal with cyber threats.
Moving on to the next certification, GRISC
This certification stands for Certified in Risk and Information Systems Control
By the way you can read back this podcast on my website, security.klbproductions.nl
CRISC is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.
The CRISC is awarded to those experienced in the management of IT risk and the design, implementation, monitoring and maintenance of IS controls.
Requirements of the 2015 GRISC exam 2015 and later
- Successful completion of the CRISC examination
- IT risk management and information systems control experience
- Adherence to the Code of Professional Ethics
- Adherence to the Continuing Professional Education (CPE) Policy
Now that last certificate I found is CEH, CEH stands for certified ethical hacker.
A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s).
The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
the purpose of the CEH credential is to:
- Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
- Inform the public that credentialed individuals meet or exceed the minimum standards.
- Reinforce ethical hacking as a unique and self-regulating profession.
The Certified Ethical Hacker program is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one, but an ethical one! The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals alike to break into an organization. As the say, “To beat a hacker, you need to think like a hacker”.
Hope you thought this podcast was useful and makes you have a better understanding in the various certificates in the world of information security.
Certificates in infosec are quite expensive, but most of the time your employer will pay for you as part of an continues education plan. IT changes fast and IT security even faster.
Thanks for listening and hope to see you all in the next podcast.