Which security certs are worth having?

[daffyduc]

So our budget has allotted for 3 business related certs per IT employee this year.

My current role is the jack of all trades IT guy (1 of 8) with most of my responsibilities falling in the realm of security. I have a INFOSEC BAS degree.

What 3 security minded certs are actually worth the money? Cost is an issue but we have a negotiable price depending on the cert. So In your experience what is worth having?

I was thinking SOX, Hippa and Sans Giac/GSNA .... any thoughts?

I have been thinking about an RHCE but it is not work related as we use UNIX and Windows primarily. Only a few of our systems are Redhat....

[MosGuy]

I would say it all depends on what area interests you the most. The best career advice I read was from Thomas Wilhelm's pen-testing book. Which was in a nutshell become a guru in one of three main areas i.e: Network Architecture, System Administration, Applications and Databases. Then further specialize & get certifications based on what you enjoy the most.

In my research, trying to shift from general I.T into InfoSec/pen-testing myself. Security+ from CompTIA, is a decent first cert. It's seen as a spring-board towards other higher certifications. Any of the Offensive Security certs, I've heard nothing but positive comments about. As far as getting/holding security related jobs. CISSP seems the #1 to aim for these days.

Of course that's just my view in very broad terms. Depending where your interests are. Will help narrow down what certifications you may want to get. There isn't any right/wrong cert to get IMO.