The fastest-growing infosec certification is Red Hat's. Launched in 2006, this certification is aimed at senior network administrators and is designed to prove that a person has deep skills related to running Red Hat Enterprise Linux in a secure fashion.
"Between this time last year and today, the number of people who have passed [the Red Hat Certified Security Specialist] exam has grown by 70%," says Randy Russell, director of certification at Red Hat. "Clearly, something is happening with this particular credential."
To qualify for this certification, network engineers must first pass the Red Hat Certified Engineer test and then be trained as a Red Hat Certified Security Specialist. Engineers must pass three exams - in advanced networking security, Linux policy administration and directory services/authentication — in order to earn this credential.
Russell says more IT professionals and their employers are interested in this certification because they understand the security risks that exist today.
"Security has become something that is much more evident. Exploits have become well known. It has become more ingrained in the public mind, the corporate mind and the IT mind that security is not an add-on; security is something that is fundamental to your practices in your IT shop," Russell says.
Another driver is tighter federal regulations about data privacy and security dating back to the Health Insurance Portability and Accountability Act of 1996 for healthcare companies and the Sarbanes-Oxley Act of 2002 for public companies. Another compliance-oriented driver is the Payment Card Industry Data Security Standard, which launched in 2004.
"There is a growing regulatory environment that mandates certain kinds of security controls and oversight in an organization," Russell says. "A lot of organizations are really upping their game and looking for ways to meet those requirements through skills [acquisition.]"
Another fast-growing security certification is the CompTIA Security+, which is aimed at network administrators with at least two years of experience. The number of IT professionals taking this exam — which measures competency in system security, network infrastructure, access control and organizational security — is double what it was a year ago.