Make sure to give yourself plenty of time. My approach is to start with some pre-study. Go to the vendor’s web site, and look at the requirements for a particular test. For example, CompTIA exam requirements can be found at their web site. Next, look through the requirements to see what you know and what area you need to spend time studying.

One approach is to find a good book on the topic so that you become familiar with what the exam requires. You may want to follow that up with a certification class or boot camp. For instance, the CEH certification course provides you with a lot of good hands-on experience and a better understanding of the tools. After attending the course, start working though some practice tests to get a better idea of the type of questions you can expect to see on the certification exam.

In all, this process can take 60 to 90 days. What’s important is to not feel bad that you didn’t start yet but that you take positive action to move toward your goals. Good luck, and let me know what certifications you obtained this year.

Since it’s hard to decide which candidates are the best qualified without third-party validation (i.e., certification exams), IT workers view these titles as essential for moving ahead and gaining skill competency. Historically, it’s always been commonplace for individuals in IT to earn additional certifications in order to move up the IT ladder and obtain pay increases. Of course, the more technically knowledgeable and experienced one is, the harder the exams are. It comes down to not only knowing the content but also setting aside the time and preparation involved to successfully pass the test. With that in mind, we look at a range of IT exams that are considered the most demanding and downright scary:

The Cisco Certified Internetworking Expert (CCIE) exam is legendary for intimidating test-takers the most. The CCIE is Cisco’s highest level of certification and well-known in the IT field for being one of the hardest certifications to achieve. The test includes both a written exam (one hundred questions completed in two hours) as well as an 8-hour hands-on lab practicum. To say that the lab exam is a kind of torture test might be considered hyperbole. Yet many administrators can attest to its reputation as the ultimate brain challenge and skills assessment. Test-takers must be competent enough to configure a series of networks as well as diagnose and troubleshoot a range of simple and complex problems. The CCNA exam, Cisco’s associate-level certification, is a little less daunting yet equally challenging because it represents the next level of expertise after entry-level. Divided into a number of separate technologies, the CCNA Routing and Switching exam is a particularly tough nut to crack with problems that test installation, configuration, operation, and troubleshooting of switched networks. The test has been described as more of a marathon than a sprint. It presents a thorough assessment of networking knowledge: VLANs and Trunks? Subnetting? Frame Relays? Be prepared. Be very prepared.

Continued enterprise investment in virtualization emphasizes the importance of knowledge and experience in this area. VMware, Citrix, Red Hat, and Microsoft represent the key industry virtualization players. That said, the Citrix Certified Integration Architect (CCIA) exam may be the most daunting assessment and represents the highest level of technical proficiency that Citrix offers. The exam consists of three separate written tests, a Microsoft design exam, and a 6-hour hands-on lab. Focus on the Citrix test is not meant to downplay the rigor of the VCP-510 (vSphere5) exam offered by VMware. Few actual testing details are available due to exam rules. However, the consensus on the VCP5 test is that active skill in setup and upgrades is essential in addition to administration ability, and past vSphere exams are legendary for their level of difficulty.

The important area of security has equally challenging certifications to make sure that responsible administrators truly have expertise. The Certified Information System Security Professional (CISSP) exam places strong emphasis on knowing a wide array of security information and has a prerequisite of four years of security experience. It has similarities to a college entrance exam in its rigid testing protocol: registration at an authorized test site that doesn’t allow books, notes, or Internet access. Certification is automatically renewed after three years as long as you stay on top of the minimum Continuing Professional Education (CPE) credits and Annual Maintenance Fee (AMF). This is recommended because anything you can do to stay away from this chilling exam is advised.

The Information Technology Infrastructure Library® (ITIL) exam offers great visibility and transparency into IT service capabilities on the part of the applicant. There are four levels of certification, and the Service Manager, or master’s certification, level is the highest and most difficult. This exam assesses how well an individual can analyze and apply ITIL management concepts to new areas. The test analyzes not only theory, practice, and experience in ITIL but also communication, negotiation and presentation skills.

The Microsoft Certified Architect (MCA) is not only frightfully difficult, it’s also quite expensive. Passing this exam offers entry into an elite circle of fellow architects and, as part of the testing, it requires an in-person defense of a real-world solution predesigned by the person qualifying for the certificate. The MCA is divided into two primary paths, and, in addition to extensive pre-qualifications, the testing involves a combination of lab exams and rigorous, solution-focused interviews before a review panel of MCA-certified architects.

The importance of Unified Communications and converged IP networks as it relates to increased workforce mobility and communications is represented by the Cisco Certified Network Professional (CCNP) Voice certification exam. How hard is this test? Part of the difficulty lies in understanding the number of related exams (CUCM, CCNA, Voice) that are required to simply take the CCNP Voice exam. Certification recognizes the skill of engineers to design and implement Cisco-based Unified Communications (UC) infrastructures. To that end, the exam covers everything from gateways and IP phones/applications to router utilities and switches as well as running the Cisco UC Manager. It tests advanced UC knowledge and skills required to integrate the system into underlying network architectures to create scalable, collaborative solutions.

Finally, the Project Management Professional (PMP) exam has required intense preparation over the years and continues to intimidate even the most experienced project managers. Although the test is made up of random multiple-choice questions, no method exists for guesswork — eliminating wrong answers is not the way to pass this established exam. Thorough and absolute knowledge of project management processes is essential. On the positive side, entertaining test-preparation apps and games exist to help you fine tune your knowledge and test-taking abilities. The relatively high failure rate on first attempts confirms its status as an exam not to be taken lightly.

NOTE: The ranking below are based on certifications that received the minimum number of responses required to derive a salary figure that is statistically accurate. There are certifications that pay more but aren’t represented due to their exclusive nature. These include CCIE: Cisco Certified Internetworking Expert and VCDX: VMware Certified Design Expert, for example.

1. CCDP: Cisco Certified Design Professional ($107,878) There are two tracks at the Associate and Professional levels — Designing and Networking. The Cisco Certified Design Professional (CCDP) certification demonstrates that the individual who passed the required exams possesses advanced knowledge of Cisco network design concepts and principles. The CCDP certified individual can discuss, design, and create advanced networks. With the CCDP certification, you can plan addressing and routing schemes, security, network management, data center, and IP multicast complex multi-layered enterprise architectures that include virtual private networking and wireless domains. The CCDP curriculum includes building scalable internetworks, building multilayer switched networks, and designing network service architecture.
2. ITIL Expert Certification ($107,092) What is this ITIL that we hear so much about? The Information Technology Infrastructure Library (ITILv3) is a foundational process that provides for quality IT Service Management. The success of ITIL is through the use of documented and proven processes that cover the entire Service Lifecycle.

   The ITIL Expert level is the third of four levels. The ITIL Expert level certification is aimed at those individuals who are interested in demonstrating a superior level of knowledge of ITIL Version 3 (V3) in its entirety. Once you’ve achieved ITIL Expert level you will also satisfy the prerequisite entry criteria for the ITIL Master Level, the highest level of certification within the ITIL V3 scheme; though the Master level is still under development.

3. PMP: Project Management Professional ($103,570)The Project Management Institute’s (PMI) Project Management Professional (PMP) credential is recognized as the most important certification for project managers and is in heavy demand. The Project Management Professional credential demonstrates that you not only have the experience but also the education to successfully lead and direct projects. The PMP credential is for experienced project management professionals as the qualifications and testing and for this certification are rigorous. All of these factors ensure that the PMP credential is widely respected. The PMP experience and exam requirements focus on five process groups: Initiating, Planning, Executing, Controlling, and Closing.
4. CISSP: Certified Information Systems Security Professional ($100,735) The Certified Information Systems Security Professional (CISSP) credential is for security managers and professionals who develop policies and procedures in information security. The CISSP certification has become the gold standard in information security certifications and education. Earning and maintaining a CISSP certification is required for many governmental, military, and civilian security positions. The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute) to ISO (International Organization for Standardization) Standard 17024:2003. Earning your CISSP certification is not only an objective measure of excellence, but is a globally recognized standard of achievement.
5. CCDA: Cisco Certified Design Associate ($97,995)The Cisco Certified Design Associate (CCDA) demonstrates that the individual who passed the required exams has the requisite knowledge, experience and understanding required to design a Cisco converged network. A CCDA certified individual has the skills to design a routed and switched network infrastructure and services involving LAN, WAN, and broadband access for businesses and organizations.
6. CCNP: Cisco Certified Network Professional ($97,296)There are two tracks available at the Associate and Professional levels — Designing and Networking. The Cisco Certified Network Professional (CCNP) demonstrates that you have the ability to plan, implement, verify, and troubleshoot local and wide-area enterprise networks. A CCNP certified individual is expected to work collaboratively with other Cisco specialists on advanced security, voice, wireless, and video solutions.
7. ITIL v2 Foundation & ITIL v3 Foundation ($96,128 & $93,250) ITIL v3 is the current version of this widely adopted best practices framework for IT management. The ITIL Foundation certification is the first of four levels in ITIL and offers those who are certified a general awareness of the key elements, concepts, and terminology used in the ITIL Service Lifecycle, including the linkages between Lifecycle stages, the processes used, and their contribution to Service Management practices.
8. CCNA: Voice ($92,837)There are two tracks at the Associate and Professional levels — Designing and Networking. The Cisco Certified Network Associate Voice (CCNA Voice) demonstrates that an individual possess the required associate-level knowledge and skills to administer a voice network, and validates skills in VoIP technologies such as IP PBX, IP telephony, handset, call control, and voicemail solutions.
9. AIS: HP Storage Works ($91,158) An HP Accredited Integration Specialist (AIS) is able to design, support, and integrate business-class solutions (potentially including platform, operating system, software, storage, network, and option components) to solve the business requirements of a customer. The AIS: Storage Works certification validates that you, as an HP technical professional, are fully able to prepare an HP Storage Works solution for a customer and can perform all aspects of installation and startup service.
10. AIS: HP ProLiant ML/DL/SL Servers ($87,332) An HP Accredited Integration Specialist (AIS) is able to design, support, and integrate business-class solutions (potentially including platform, operating system, software, storage, network, and optional components) to solve the business requirements of a customer. A certified HP technician will be able to fully prepare a ProLiant expandable tower (ML), rack mount (DL), or scalable (SL) server. The certified HP technician is able to perform all aspects of installation and startup tasks, including hardware configuration, operating system installation, HP driver installation, and full management instrumentation and place these systems into either a test environment or into production or be ready for the customer to install his applications.
11. VCP: VMware Certified Professional ($87,151) Virtualization and those who are knowledgeable with virtualization products are in heavy demand. VMware is one of the leading vendors of virtualization products, and earning a VMware certification is the first step toward gaining industry recognized expertise in virtual infrastructure and the industry recognition that goes along with it. The VMware Certified Professional (VCP) demonstrates that you have the skillset to successfully install, manage, and deploy VMware vSphere 4.
12. CompTIA Project+ ($87,057) The CompTIA Project+ certification (as is true for most CompTIA certifications) is an international, vendor-neutral certification that covers the entire project life cycle from initiation and planning through execution, acceptance, support, and closure.

    The Project+ certification covers the business and technical project management skills needed to successfully manage business projects. A Project+ certified Project Manager has the demonstrated required skills necessary to complete projects in a timely manner and within budget as well as emphasizing achieving buy-in from stakeholders and maintaining proper scheduling. The Project+ certification can be earned in a reasonable period of time and with less expense than other project management certifications. There are several advantages in earning a Project+ certification: you do not have any prerequisite, you do not have to submit an application, and you don’t have any continuing education requirements.

13. APS: HP Blade System Solutions ($86,554) The Accredited Platform Specialist (APS) — HP Blade System Solutions certification is a hardware support certification designed for HP field repair engineers. This certification validates the skills required by Field engineers who need to perform basic troubleshooting, repair, installation, configuration, and verification of the proper operation of HP Blade System products. Those earning this certification are mainly service technicians who work for HP or HP channel partners
14. CEH: Certified Ethical Hacker ($86,053) A Certified Ethical Hacker (CEH) is a skilled security professional who understands the weaknesses and vulnerabilities in target systems and knows how to use this knowledge and specific tools as if he were a malicious hacker. Individuals who have earned the CEH certification from EC-council may fulfill job roles such as security officers, auditors, security professionals, site administrators, or anyone who is concerned about the integrity of the network infrastructure. An Ethical Hacker is an individual who is usually employed or contracted by an organization and who can be trusted to ethically penetrate corporate networks and/or computer systems using the same methods and tools as a hacker. The key point is that an Ethical Hacker has written authorization to probe and possibly penetrate the target network.
15. MCDBA: Microsoft Certified Database Administrator ($84,683) The roles and responsibilities of a database administrator are quite varied and as a consequence so is the necessary skill set. Access to information (both speed and accuracy) is critical to corporations and as a result, corporations are dependent on their databases. The Microsoft Certified Database Administrator (MCDBA) certification validates the unique skill set required to succeed in a variety of job roles, such as database administrator, database analyst, and database developer on SQL Server 2000. An MCDBA will most likely have knowledge of Visual Basic or other scripting languages, C/C++, Java, and other programming languages. A DBA must also have knowledge of the relational database language used for their database (Oracle’s PL/SQL, Microsoft’s T-SQL). For individuals who administer, develop, or analyze Microsoft SQL Server 2005 or SQL Server 2008 databases, Microsoft offers Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified IT Professional (MCITP) certification paths.

If you don’t see your certification listed above, visit the Global Knowledge web site for a complete listing of over 100 certifications and their respective average salaries.

This is why programs such as DoD 8570 are so important.  Depending on the job role, Department of Defense Directive 8570 (DoD 8570) provides guidance and procedures for the training, certification, and management of all government employees who conduct Information Assurance functions in assigned duty positions. These individuals are required to carry an approved certification for their particular job classification.

Certifications such as Security+, CISM, CISA, and CISSP all qualify under various aspects of DoD 8570.  Having one of these certifications is a good way to help your chances should you be looking for one of these jobs.  In today’s environment, anything you can do to boost your career opportunities is worth considering.

A minimum of five years of direct, full-time, security professional work experience in two or more of the ten domains of the (ISC)²® CISSP Common Body of Knowledge (CBK®). With an approved college degree, this requirement drops to four years of direct, full-time, security professional work experience in two or more of the ten domains.

The question is … what should you do if you do not meet the requirements?  While it is true that you could take the SSCP® exam instead, I would argue that the best approach would still be to strive for the CISSP® exam.

Here is why: Taking the exam without having the required background requirements is still possible and would allow you to become an Associate CISSP.  Just consider the domains you will need to master:
•    Access Control
•    Application Security
•    Business Continuity and Disaster Recovery Planning
•    Cryptography
•    Information Security and Risk Management
•    Legal, Regulations, Compliance, and Investigations
•    Operations Security
•    Physical (Environmental) Security CISSP
•    Security Architecture and Design
•    Telecommunications and Network Security

Once you master these domains, pass the test, and meet the work requirements, you will be fully certified.  In the meantime, you will demonstrate to your employer that you are serious about moving forward with your career.  Your associate status will distinguish you from your peers.  Most importantly, you will pick up added knowledge and skills that will help you build a solid IT security career.   What are you waiting for?

Image source

CISSP, SSCP, (ISC)² and CBK are registered marks of the International Information Systems Security Certification Consortium in
the United States and other countries.

The exam is completely closed book. When you arrive at the test location, you will not be permitted to take any study materials into the testing area; you will be given scratch paper to use that must be returned at the completion of the exam. Because the test has a 6-hour time limit, ISC² tries to make the candidates as comfortable as possible and typically allows you to bring bottled water and a snack. You may be asked to leave these in the back of the room or under your desk.

During the 6-hour time limit, you will need to complete all 250 questions. This provides plenty of time to complete the exam and even provides some time to go back and review your answers. The exam moderator will also keep you informed of how much time you have left to complete the exam. 25 of the 250 questions are for research purposes, so only 225 questions are actually scored for certification. Counting the number of good questions you have answered isn’t an indicator of success because of the research questions and also because the questions are weighted. Expect to see a variety of questions including: situational questions, recall questions, questions that appear to have more than one right answer, questions that use double negatives, and overly wordy questions.

The exam questions are developed by an ISC² committee and are always being updated and changed. I would encourage you to make multiple passes on the test. On the first pass, answer all the questions you are sure of. On the second pass, work through the questions that you are not completely sure of, and pay close attention to key words such as not, least, and most. Missing one word on the exam can make a big difference. On the final pass, answer any remaining questions. Remember that it is better to guess at an answer than to leave a question blank. Finally, if you see people get up after a couple of hours and leave, don’t sweat it — they may be attempting another exam like the SSCP. You are not in a race; spend all the time you need to answer every question correctly. Passing candidates don’t see their scores; they only receive notification that they have passed.

From Michael Gregg

Before signing up for the exam, you should first take some time to review the requirements. These can be found here. If following a “one-two-three”-step approach to preparing for the exam will enhance your chances of passing the first time, then step one is to make sure you meet the specified background requirements. Anyone considering becoming a CISSP must have a minimum of five years of professional experience in the information security field or four years of experience and a college degree. If you do not meet those requirements, you have the option of going for the SSCP certification or becoming an associate CISSP. You can find more information on the associate program on the ISC² site.

Once you have verified that you meet the requirements, you can sign up for the exam and proceed to step two. The CISSP candidate must achieve a score of 700 points or greater to pass the exam. Give yourself plenty of time to study and prepare during the period from when you sign up for the exam to the actual exam date. You may want to allow yourself three to four months. Start by doing an initial assessment of what areas you know and which domains will require more extensive study. While the exam covers 10 domains of IT security, most individuals have in-depth knowledge of only two or three domains. This will mean you need to pick up knowledge in six to seven other domains.

A good survey-level preparation guide is something like the CISSP Exam Cram 2. Yes, it’s true that I wrote this book and may even be guilty of a shameless plug. I have always liked Exam Cram books and found them useful as a first read when preparing for a particular exam. Reading one book may help you prepare, but most test candidates will need more prep to insure they can pass on the first attempt. This might include taking a CISSP prep class, purchasing a second book, and/or doing much more reading to get a more detailed understanding of key topics and concepts. As an example, it’s a good idea to download the ISC² candidate bulletin. This document has useful information as to what the exam covers and has books and articles recommended by ISC² as pre-exam reading material. Best of all — it is free and can be downloaded here.

The third step is to start to validate your knowledge. Just as an Olympic athlete doesn’t just show up at the games every four years, a test candidate should not just show up at the exam. You will need to do a series of practice tests to see how prepared you are and to find areas of weakness where you can improve.

Taking a three-step approach to the exam can help ensure you are ready and can pass the first time. One, make sure you meet the requirements. Two, set aside the time to study and boost your knowledge in the areas of the exam where you are lacking. Three, spend some time doing practice exams to validate what you already know and to get a better idea of the types of knowledge the exam will expect you to have. Good luck!

From Michael Gregg