The most important qualification for any security professional to have is experience. Five or more years of experience directly related to security is enough to have seen the trends, understand the mind-set of hackers, and see the common uses and mis-uses of networks.
With the high demand for network security professionals, and the drought of experienced candidates, businesses have been willing to settle for less experienced candidates. A number of organizations have assembled training courses and certification exams to help bring novices to a reasonable level of security understanding.
Certifications
There are a number of certifications offered for security professionals. No one standard has been generally accepted throughout the community, and it will be a while before one emerges at the top of the heap. The top contenders are:
* CISSP. This exam is considered to be the most difficult, and most comprehensive security exam.
* Security+. This exam was developed jointly between government, educational and business. It tests many important aspects of the security professional's knowledge.
* TICSA. Offered by TruSecure, a security services vendor, this exam is being heavily promoted. Check for discounts on exam fees.
* SANS GIAC Certification. The Global Incident Analysis Center offers a baker's dozen certifications in the security arena. These certifications are, for the most part, vendor neutral. However, they do offer Unix and Windows specific certifications.
There are a number of vendor-specific exams. These include some for Cisco and Microsoft. In general these exams only show competence in implementing and using vendor-specific hardware and network architectures, and are not broad enough for most business security needs.
Above all, ensure that any security professional you are looking to retain has substantial experience and good references. Look at what they've done for other companies similar to yours, how many years of experience they have and get references.