Sale of “crusts”. The cost of certificates in infobez and the route of their receipt

Information security specialist Paul Jerimy did a great job and put together an extensive scheme with the procedure for obtaining certificates in all areas of information security: Security Certification Progression Chart… Today it includes 362 certification programs.

It seems that certification has become a separate business, where training centers and certification authorities think not so much about testing the knowledge of specialists as about profit.

Some certifications exceed reasonable costs. For each certificate, the table shows the cost of obtaining it, as well as the estimated travel costs. Thus, you can roughly calculate how much it costs to collect all the necessary “crusts” and go this way to the end.

The diagram shows all the safety-related certification programs known to the author. Some have a terrible reputation and some are considered industry standards.

The diagram is read from bottom to top.

The certificates below are the most basic level. The higher you go, the more advanced the certifications.

For example, specialty “Security of networks and communications”. The lowest level presents the most basic exams F5 Big-IP Certified Administrator for $ 135 and CompTIA Network + for $ 319, and at the top of the pyramid – Certified Cisco Security Implementation Expert (CCIE Sec) – $ 2050 per crust plus about $ 12k transportation costs and Cisco certified architect (CCAr). The highest rank in the Cisco hierarchy costs $ 15,000 per exam.

The first version of the table was published in March 2020, since then it has been significantly supplemented and refined. The certificates in the hierarchy are arranged subjectively, taking into account their authority and the opinions of real experts – what is really important and what is not.

The eight colors in the diagram represent the eight safety areas according to the classification (ISC) ², International Consortium for Information Systems Security Certification, which maintains CISSP certification. Some certificates cover multiple domains, so they are spread across multiple “columns” but are colored in the dominant domain color.

Security areas are usually divided into subareas. They are represented by shaded areas within the main columns. For example, the “Security Operations” area includes penetration testing and exploits, and closer to software, such sub-areas of security operations as “Forensics” (“Forensics”) and “Incident Analysis” are marked in blue.

In general, for a typical career, only one certification is recommended for every 3-5 lines in a specific field. It makes little sense to get about the same certificate close to what we already have.

In addition, if in your career you are going to limit yourself to only one or two certificates, then Paul Jerimi recommends choosing ones that cover several areas, such as GSEC (GIAC Security Essentials) or CASP + (CompTIA Advanced Security Practitioner).

If you want to explore a new area, but have absolutely no experience in it, it is recommended to start with the bottom two lines. However, don’t underestimate your actual work experience.

In addition to real practical benefits for “careerists”, this diagram is also an interesting example of interactive infographics.

While in reality most information security professionals have very few such certifications, and some do not have one at all. Like a university degree, these certificates are often of dubious value. But everyone has their own path. In a sense, certification can be a more practical alternative or complement to traditional higher education.