4

Which IT security certifications are considered the most difficult to obtain?

user389823
  • 625
  • 6
  • 11

2 Answers2

6

The consideration of your peers !

Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • +1! I'm tempted to accept this answer, but even though having peers vouch for you is often better than a certification...this still isn't technically a certification. – user389823 Nov 27 '11 at 01:29
4

Of the security certs that I've done (CISSP, GIAC GSOC(Gold), CREST CCT ACE) I'd make the following comments

  • The CISSP was (when I took it about 9 years ago) quite a book-based excercise. I'm not a great fan of any exam that largely or completely depends on multiple-choice answers, as it's usually possible for a candidate to pass purely based on memorization of enough of the syllabus and also it requires the candidate to provide answers that fit with the syllabus even if they don't agree with the "correct" answer. Additionally there are a large number of CISSP "Boot Camps" which focus on getting candidates past the exam. Personally I don't regard that as an indication of a highly regarded exam.

  • the SANS course I took had two qualification levels, silver and gold. The silver was multiple choice (albeit open book), so some of the comments I made on the CISSP would apply here. The gold cert however required construction of a paper, which seems like a much better way of assessing a candidates understanding of the area that the exam covers.

  • CREST CCT was the "hardest" to obtain. There's no training courses specifically targeted at enabling people to pass it and the exam itself requires both knowledge of the domain (short form and long form questions) and practical skills that the candidate has to demonstrate in a time constrained environment. Whilst no exam is perfect, I think that this was a good way to assess this type of skill (penetration testing).

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • 1
    Agree on the CISSP - it was a very easy and quick exam (you get up to 6 hours, but if you do technical security work as your day job you can sit it in little over an hour) – Rory Alsop Nov 27 '11 at 17:19
  • @RoryAlsop, What's the point of these certs in the first place? – Pacerier Jan 19 '15 at 22:03
  • Certs literally show that you can pass an exam, but across the industry you get a feel for which ones indicate a certain level of experience. So the cert can be used to give a prospective employer etc assurance that your experience is x, without them having to test you themselves. Have a read/watch of: http://security.blogoverflow.com/2013/03/presentations-starting-your-security-career-where-can-you-go/ – Rory Alsop Jan 20 '15 at 07:37