Whether you are an experienced InfoSec professional or just getting into the field, you will be confronted by a wide range of InfoSec certifications. Security+, CISSP, CISA, CEH, GSEC, etc. What are these certifications? What does it take to obtain them and keep them? Which ones should I focus on? And just as important, do I really need to obtain one for my career?

In this presentation, we will go over the basics of certifications: why they exist, how they are obtained, and how they are maintained. And hopefully dispel some myths along the way. We will look at the InfoSec certifications from the 5 main certifying bodies, CompTIA, ISC2, ISACA, EC-Council, and SANS/GIAC. And we will look at several related certifications that InfoSec professionals may also wish to pursue. Just as important, we will take a look at which certifications are most important based on your career focus.

At the end of the presentation, attendees should have a better understanding of certifications and a good idea as to which ones they may want to pursue.

I created this talk almost 10 years ago as I found local infosec professionals being confused about certifications and how they work. I have kept this talk up to date and usually give it about once a year.