Sale of "crusts". The cost of certificates in infobez and the route of their receipt



Security Certification Progression Chart 7.0 , October 2020



Information Security Specialist Paul Jerimy did a great job - and put together an extensive scheme with the procedure for obtaining certificates in all areas of information security: Security Certification Progression Chart . Today it includes 362 certification programs.



It seems that certification has become a separate business, where training centers and certification authorities think not so much about testing the knowledge of specialists as about profit.



Some certifications exceed reasonable costs. For each certificate, the table shows the cost of obtaining it, as well as the estimated travel costs. Thus, you can roughly calculate how much it costs to collect all the necessary "crusts" and go this way to the end.



The diagram shows all the safety-related certification programs known to the author. Some have a terrible reputation and some are considered industry standards.



The diagram is read from bottom to top.



The certificates below are the most basic level. The higher you go, the more advanced the certifications.



For example, specialty "Security of networks and communications". At the bottom level are the most basic F5 Big-IP Certified Administrator exams for $ 135 and CompTIA Network + for $ 319, and at the top of the pyramid is a Cisco Certified Security Implementation Expert (CCIE Sec) - $ 2050 per crust, plus about $ 12 thousand transportation costs and Cisco Certified Architect(CCAr). The highest rank in the Cisco hierarchy costs $ 15,000 per exam.







The first version of the table was published in March 2020, since then it has been significantly supplemented and refined. The certificates in the hierarchy are arranged subjectively, taking into account their authority and the opinions of real experts - what is really important and what is not.



The eight colors in the diagram represent the eight security areas classified (ISC) Β² , the International Information Systems Security Certification Consortium, which maintains CISSP certification. Some certificates cover multiple domains, so they are spread across multiple "columns" but are colored in the dominant domain color.



Security areas are usually divided into subareas. They are represented by shaded areas within the main columns. For example, the area "Security Operations" includes penetration testing and exploits, and closer to the software, such sub-areas of security operations as "Forensics" ("Forensics") and "Incident Analysis" are marked in blue.







In general, for a typical career, only one certification is recommended for every 3-5 lines in a given field. It makes little sense to get about the same certificate at a level close to what we already have.



In addition, if you are going to limit yourself to only one or two certifications in your career, then Paul Jerimi recommends choosing ones that cover several areas, such as GSEC(GIAC Security Essentials) or CASP + (CompTIA Advanced Security Practitioner).



If you want to explore a new area, but have absolutely no experience in it, it is recommended to start with the bottom two lines. However, don't underestimate your actual work experience.



In addition to real practical benefits for "careerists", this diagram is also an interesting example of interactive infographics.



Although in reality most information security professionals have very few such certifications, and some do not have any at all. Like a university degree, these certificates are often of dubious value. But everyone has their own path. In a sense, certification can be a more practical alternative or complement to traditional higher education.



All Articles