Security+: Comparable Certifications

Introduction

Much more than simply earning a title, even the ones that are quite in demand in today’s market, most certification exams imply lots of effort and dedication. It requires using your free time for study and even skipping weekends and holydays, investing in training materials and courses and keeping a cool head during the examination. Again, this level of commitment – and not the actual certification title – is what prepares professionals to face the daily challenges of information security and is the whole reason why headhunters love professionals with top certifications.

For entry level professionals, especially those who have just started or want to begin their information security career, CompTIA’s Security+ is one of the most sought after options. But why should you take it? How does it compare to similar exams and what can you expect once you have earned it? Well, let’s find out.

List of Certifications

CompTIA’s Security+

As one of the top entry-level security certifications, the Security+ is globally trusted to validate foundational, vendor-neutral IT security knowledge and skills. Candidates must demonstrate essential principles for network security and risk management.

The Security+ does not enforce any experience requirements, but recommends some level of network knowledge and two years of experience in IT administration with a security focus. Again, this is just a non-mandatory recommendation, and while experienced professionals can have an easier time understanding some Security+ concepts such as Network Security, Compliance and Operational Security, Threats and Vulnerabilities, Application, Data and Host Security, Access Control and Identity Management and Cryptography, with some effort any dedicated person can excel at the examination.

The exam itself costs $320.00 USD. As far as training materials go, there are a lot of options, including our Security+ boot camp that can provide first hand practical experience on the exam topics and greatly enhance your chances of success.

(ISC)² SSCP – Systems Security Certified Practitioner

Another great entry-level, vendor-neutral, globally accepted certification, the SSCP is aimed at professionals that already have some level of proven technical skills and practical security knowledge in hands-on operational IT roles.

This examination validates the ability to implement, monitor and manage IT infrastructure in alignment with information security policies and procedures that ensure data confidentiality, integrity and availability.

In order to ensure a broad coverage of the information security field, the examination includes seven domains from the SSCP Common Body of Knowledge (CBK):

• Access Controls
• Security Operations and Administration
• Risk Identification, Monitoring and Analysis
• Incident Response and Recovery
• Cryptography
• Network and Communications Security
• Systems and Application Security

The SSCP exam is a little less expensive than the Security+, costing $250 USD. In terms of candidate experience for obtaining the entry-level certification, (ISC)² adopts quite a different approach from CompTIA, as it requires at least one year of cumulative, paid, full-time work experience in one or more of the seven domains of the SSCP CBK.

However, if you do not have the required experience, it is still possible to become an Associate of (ISC)² by successfully passing the SSCP examination. But pay attention: there is a time limit of 2 years to earn the 1 year required experience in the information security field.

GIAC Security Essentials (GSEC)

Yet another great entry-level certification, the GSEC shares many things with the Security+ basic aspects, such as being vendor-neutral and globally recognized.

While still being considered an entry level certification, the GSEC requires that candidates ensure they are able to demonstrate an understanding of information security that goes beyond “simple” terminology and concepts.

This should not be misunderstood; as a candidate you still need to have a good grasp on information security fundamentals, but it is also necessary to prove that you are more than capable of assuming a position where practical field knowledge and a hands-on approach is needed.

This approach means that the GSEC examination will cover theoretical topics including Access Control Theory, Legal Aspects of Incident Handling and Incident Handling Fundamentals, as well as more practical aspects such as dealing with wireless attacks, implementing Defense-in-Depth, Reading Packets and Securing Windows Server Services.

Other important information, from a practical point of view, is that the CSEC exam is way more expensive than other entry-level certifications. It costs $1,249.00 USD and a maintenance fee of $390.00 USD every four years. Price alone should not be your primary concern, but for a first certification this may be a bit too expensive, especially when compared to other similar certifications.

EC-Council Certified Security Specialist (ECSS)

Similar to the aforementioned certifications, ECSS is an entry level security program, focused on candidates that need to demonstrate their knowledge and skills on information security, network security and computer forensics.

As mentioned by the EC-Council, “Information security plays a vital role in most organizations.” An ECSS certified professional should be able to ensure adequate levels of confidentiality, integrity and availability wherever information is stored, processed and transmitted. Another very interesting aspect of the examination is computer forensics, a specialty that is quite in demand due to the rising numbers of security incidents that require a detailed investigation or cases that lead to a legal dispute.

The ECSS will require a good knowledge of topics such as ethical hacking, password cracking, networking, web applications and web servers, proxy servers, honeypots and firewalls, steganography, cryptography and cybercrime. For an entry level position on the information security field, it is indeed a great step if you wish to demonstrate you have the required expertise to build and manage the security of an organization.

Priced at $165 USD, the ECSS is the cheapest entry level certification from our list. Also, there are no prerequisites. However, if you do not attend official training or purchase official study materials, you are required to have at least 1 year of Information security related experience and pay a non-refundable eligibility application fee of $100 USD.

Sec+ Training – Resources (InfoSec)

How does Security+ really compare to other entry level certifications?

While each of the aforementioned certifications has its strengths, the Security+ still holds up as the best recommendation for a first entry level security certification. There are numerous reasons for that:

• Midrange price, not all that different from other equivalent certifications;
• No experience requirements, perfect for someone who has just begun to study information security;
• Security+ domains provide sufficient knowledge for performing the tasks expected of a beginner level security position;
• Compared to similar exams, Security+ is not the hardest, yet it still provides the necessary challenge and time pressure (90 questions in 90 minutes) to be considered difficult, especially if it is your first certification; and
• It is a great stepping stone for more advanced certifications such as (ISC)² CISSP.

There was no point in comparing Security+ with other certifications if they were not also great on their own right. It is just a question of understanding how advanced your information security skills and knowledge already are, how well you are used to taking certification exams (please give a thought to the exam duration and number of questions!) and how much you are willing to invest.

The following comparison table should complement what we already discussed and, hopefully, help you find the best option for your own needs. Best of luck!

* (without official training/study material)

Be Safe

Section Guide

Claudio
Dodt

View more articles from Claudio

Earn your Sec+ the first time with InfoSec Institute and pass your exam, GUARANTEED!

Learn More!