Posted by: Doug Geiger | 2009/05/01

Security Certifications

When I look at the marketplace and attempt to predict where it will be even five years from now there is little of which I can be sure. Hardware, software and legislation are changing on a monthly basis and defy anyone’s ability to predict with certainty what lies ahead. That said, the overall trend is toward more, not less, automation and reliance on technology. That tells me that information security will become increasingly important. I have begun to look into security certifications. What follows are my thoughts on the market and two of the leading certifications.

There are reasons why one should pursue a security certification in general; as well, there are reasons why one should pursue a particular security certification. Generally speaking, the importance of studying security increases in proportion to our reliance, as a society, on information technology.

On April 9th it was discovered that Russian and Chinese hackers had breached the electrical grid—that is, they had hacked into the very computer system which keeps electricity flowing to our homes and businesses. (Nichols, 2009). International intrigue is not the only driver for security. Threats abound. A St. Louis based credit card processing company, Heartland Payment was hacked and millions of credit card numbers were exposed. This was reported in January of this year. (Stevens, 2009) These stories hit the newsstands; however, there are thousands of breaches, physical, logical or otherwise that are never reported, but affect us just the same. As workers in a world dominated by computers and as business professionals charged with maintaining the integrity of our firm’s data a certification—and the process required in obtaining a security certification—prepare us to deal with this reality.

Like the threats they intend to meet; there has been a proliferation in security certifications in the past two decades. Some are built to cover security as a broad study. This is the case with the CISSP certification through ISC2, which has been around since 1989 and is recognized globally.  (ISC2, 2009) The CISSP certification is ideal for anyone working in the security field directly or indirectly. This certification, and the lesser certification, “Associate of (ISC)2” are appealing to a worker because the bases of knowledge covered are as disparate as legal compliance, telecommunications and cryptography.

On the other hand, the GIAC certification is focused primarily on the hands-on aspects of security, specifically, “The purpose of GIAC is to provide assurance that a certified individual has the knowledge and skills necessary for a practitioner in key areas of computer, information and software security.”  (GIAC, 2009) This certification is equally well regarded as the CISSP at a high level; however, a given job would likely prefer one over the other based on the type of work to be performed.

In summary, each of these two certifications are relevant in the marketplace. For those interested in delivering IT services relative to security, the GIAC will demonstrate to employers a skillset, while the CISSP will demonstrate a mindset and base of knowledge about the security field. For those working in a business capacity within the IT industry, the CISSP would be more advantageous because it tends to certify understanding rather than application and technical remediation.


GIAC. (2009). GIAC Program Overview. Retrieved April 26th, 2009, from GIAC:

ISC2. (2009). CISSP® – Certified Information Systems Security Professional. Retrieved April 26th, 2009, from

Nichols, S. (2009, April 9th). News > Enterprise Security Technology. Retrieved April 26th, 2009, from

Stevens, T. (2009, January 1st). Computers. Retrieved April 26th, 2009, from



  1. Hello, Dr. Doug. Great site. Keep on adding value, sir. We salute you!


%d bloggers like this: