What's the difference between CompTIA and CISSP certifications?

What's the difference between CompTIA and CISSP certifications?

I heard recently that there are now more than 30,000 IT pros with CompTIA's Security+ certification. How does the Security+ certification compare with (ISC)2's CISSP certification, and how much influence does it have in the security community?

    Requires Free Membership to View

    Login

    SearchSecurity.co.UK members gain immediate and unlimited access to breaking UK industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.co.UK today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.co.uk you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.co.uk is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

I'm a pretty "pragmatic" guy, so I'm not a huge fan of certifications. Put it this way, I think there are a lot of folks that can pass a test, but don't have the experience to effectively do their job. A certification proves that someone has passed a knowledge standard, not much more than that. I don't really think that these specific certifications hold much influence. Some of the smartest security research folks I know are not CISSPs, yet they can break into your network in about 10 minutes.

But if you have your heart set on having some random letters behind your name on a business card, the differences between the certifications are rather minimal. You can compare the certifications across a number of characteristics, like how respected the certification is and whether the certification has a well-known brand. Security+ is often considered a beginner's certification, though it is pretty well-known. The test is fair, though not overly difficult, and it doesn't really require any prior experience in the field – which makes it appropriate for folks just entering it. At $225, it's reasonably priced as far as certifications go.

The CISSP is the granddaddy of security certifications, but as the number of certified practitioners has grown, the value of the CISSP has been watered down a bit.

The test is as much about stamina as anything else. It's not overly technical, but it is extensive. To prepare for the test, many folks take a week-long boot camp, and many pass. Yet in order to get your CISSP, you need to have 4 years of verifiable experience in the space. At $500 (plus an annual renewal), it ain't cheap – but if you've been doing security for a while and you want to get some letters, the CISSP is probably the best known.

More information:

  • Visit our CISSP Certification Training School.
  • Did CISSP lose its luster? In a 2006 interview, Senior News Writer Bill Brenner asked (ISC)2 board member Howard Schmidt how the requirements had changed.

    • This was first published in April 2007

    Back to top