http://certmag.com/read.php?in=3950


Looks like a good list to me.

What do you think about ISO/IEC 27001:2005 ? After passing final exams, participants receive accredited certification with title "Information Security Manager" and "Information Security Auditor".

Yeah, while it's not, IMHO, as valuable to me, 'technically', 'politically' I plan on pursuing CISSP in the near future, myself.

The one on that list that I find interesting, is CCNA.  While I see a number of posts for it on job boards like Monster, etc, even more often I'm seeing CCNP-styled job postings, where they want more than the average CCNA is going to have.

Even though I am a CCNP, I see CCNA more valuable in the manner of knowledge and expertise necessity. CCNP is definitely a targetted cert towards Network Engineering, just like CCSP is for Cisco Security etc. On the other hand, CCNA is a must-have-this-knowledge cert as it provides necessary know-how to everybody regardless of getting a job on Network Engineering.

If I were a recruiter I would value CCNA for every IT/Telecom professional. I would value CCNP only for routing-switching roles.

So CCNA to me is sth like a prerequisite cert in the sense of providing very fundamental and important knowledge (TCP/IP).

It is true, a lot of recruiter they see the ccna like a must have cert, and the job is only for windows server but they want to see the certification

At InfoSecurity a few months ago I had the chance to talk to a bunch of big-time IT security managers, and suprisingly they all agreed that OSCP is one of the cert's they hold in highest regard.
It's not suprisingly in itself, since OSCP is obviously awesome (looking at all the reviews), but I was surprised to see that it already has great value in the manager/recruiting world.

I actually noticed it again in a recent job interview, where they explicitly asked for it.

In short: I'd add that to the list :-)

This has been my plan for the past 3-4 years when I pretend to myself I will stop slacking:

CCIE(s) (of note... I've actually studied for +10 years now on this... Google sucks! http://www.mail-archive.com/cisco@groupstudy.com/msg04919.html)
CISA + HISP (to annoy)
CREA || GREM (find it fun/interesting)
OPSA + OPST + ISRM (more geared towards reality for me)

CCIE(s) I've been fiddling with for years now... Lab part scares me not the content. CISA + HISP is to annoy people. CREA + GREM because they look fun. OPSA + OPST + ISRM because they make more sense for me.

The reality is though, I don't know what else to do. Sometimes I get bored with security, even more bored with certs. The certs have become the challenge to me, not the technology. I'm still awaiting the results for the CISM which some come within the next 10 days. I wanted to beat the authors with a cluestick. I had to "dumb myself down" and answer to the business side of security as opposed to the technical/defense side of things. So I'm having to try to figure out what it is INSERT_SPECIFIC_BODY_HERE wants.

Who knows what route I'll take but I will figure it out shortly. I thought about going the Juniper route since I'm immersed in SA's and SSG's daily, but that too annoys me. 2 months ago I had to configure and deploy 10 SSG's (small number) with pre-defined tunneling information provided by the client. Had them all down with t's crossed, I's dotted only to have the client fudge the whole game up. I literally had to re-do them remotely on site which left me annoyed with SSG's because of my client. I may do the JNCIS-SEC who knows but I've had it up to ^here^ with vendor-specific certs. I'm keeping an eye on the ISRM though (http://www.securityhorizon.com/aboutISRM.php) and for those unaware of it, its what the NSA-IAM/IEM used to be.

I'd have to agree, don!