Posted by Alex Trent

In Part I , we covered some of the most popular and well known certifications. This time, we’ll talk about some of the more obscure and rare certifications.

The certifications we’ll cover today often contain the terms “ethical hacker” or “penetration tester.” This simply means that the holder of such a certification should be able to test systems for vulnerabilities and then fix or mitigate the impact of any security holes that are discovered.

The Certified Ethical Hacker C|EH certification is probably the most well known of the exams we’ll cover today. This certification even has its own government approved version, the Certified Network Defense Architect C|NDA. No doubt, the word “hacker” was a bit too scary for some government folks and so they had to have an alternatively named version. Comments by some computer security professionals didn’t help either. Marcus Ranum said, “There’s no such thing as an ‘ethical hacker’ – that’s like saying ‘ethical rapist’ – it’s a contradiction in terms.” The other term commonly used, “Penetration Tester” obviously did not appeal to the government either. The C|NDA is only available to members of certain government agencies. The C|EH certification, however, is available to anyone who meets certain criteria, either having completed 67 modules of coursework or by submitting proof of 2 years of relevant information security work experience. The exam lasts 4 hours for 150 multiple choice questions for a fee of $250. When considering this certification beware its reputation among some in the security crowd as the aforementioned professional noted. However, know that companies do not seem to mind the term “hacker” even though it is often wrongly used by the news media to mean “computer criminal.”

Another security certification available is the Council of Registered Ethical Security Testers Certified Consultant. This is a very well respected certification. CREST bills themselves as a professional body and trade association with a mission to represent the information security testing industry. However, the certification has varying prices only listed in British pounds on their website. The fees include training courses that must be taken before the exam. So if you live in Great Britain this might be an option, otherwise you might decide to pass on this one.

The Mile2 Organization offers the Certified Penetration Testing Engineer (CPTE) certification. This certification is much like the other two in that it covers similar material. It costs $2,695 to take the required coursework and the exam. The exam is only 100 questions. Two hours and 40 minutes are given to take the exam.

Lastly, there is the Offensive Security Certified Professional (OSCP). This certification is offered by the group that created one of the most famous Linux Live CD’s for security testing, the Backtrack Penetration Testing http://www.backtrack-linux.org distribution. Backtrack was one of the first security testing Linux Live CD’s that offered the Metasploit Framework, one of the most powerful security testing tools available. This certification is the only one that actually requires proof of real penetration testing skills by demonstration in a lab environment. While a very new certification, the OSCP is certainly the most interesting of them all.

Well that’s all of the certifications that are specifically targeted at security. There are a few others, like the Cisco CCNA for example, that are often viewed as viable networking and security certifications, but they cover much more than just security. With more and more software vulnerabilities found every day, now is as good a time as any to get certified in computer security.

About the Author: Alex Trent is a staff writer for WebProNews