Hey bnations,

I agree with cabby that both CISSP and GIAC are creditable certs. The CCSP is great if you plan on working with Cisco equipment. However, you will soon find out that you will never truly move out of the "help desk" area. The only difference will be how complex the problems are lol.

I'll give you a look at what I have done and where it’s gotten me. Perhaps it will give you a baseline. Currently I’m a Sr. Software Security Architect. I work for a company that has about 300+ employees and I make a very good living. Now, I’m not saying that my certs and degree’s have been the only thing that has gotten me this far. I can say that having them has helped. You have to remember that experience is truly worth its weight in gold; moreover, having a top notch reputation.

So basically my job is this:

Essentially my company offers a solution to banks, and I’m in charge of making sure it’s secure. So Its my job to break it—help fix it – Break it again – help fix it – Break it again – help fix it --…(you can see a pattern here lol )….

As far as Work experience goes I have about 7 years of applicable experience. I started out in IT. I’ve been a network administrator, project manager, and everything in between.

I have the following degrees
B.S Computer Science
A.S CIS

I have the following certs:
Cissp
CompTia certs
CCNA
CCDA
ACSE
ACSS
ACSP
MCSE

So hopefully this will give you an idea as to what it takes to become a security professional. My last point is this, learning to pass test or get through college is not enough. You will have a hard time getting by in this field if you are truly not comfortable with the material you are claiming to be an expert in.

As a side note:
but I dont want to spend hundreds of dollars on these certifications
It could potentially be in the 10’s of thousands of dollars range. That just for certification--not including a college. I mean heck, most alot of the Sans classes are around 3 grand a pop.