I also see that many individuals have multiple certifications. How much do these certifications contribute to both knowledge and earnings?
Climbing to the second tier of security certification -- for more advanced SANS GIAC certs or the CISSP, you'll want to get at least three years of work experience under your belt (four years are required for the CISSP if you don't have a college degree from an accredited institution). This will give you time to develop your knowledge and skills with hands-on experience and further study. Recent articles in Certification magazine explain potential sources of financing for certification, which may help you raise the money on your own as you prepare to tackle mid- and higher-level certifications. Search for "financing certification" on the site, and you should find a couple of recent articles on that topic.
As for multiple certifications, it's pretty common for IT professionals to build so-called "certification ladders," where more junior certs (like TICSA or Security+) lead to intermediate or advanced ones (like the SANS GIAC or CISSP). The putative impact of such things is a higher earnings potential and a better documented knowledge base, but the value of additional certs varies according to which certs are involved. While some high-achievers collect certs like merit badges, that approach is not suited for many people.
Hope this answers your questions. Thanks for writing.
This was first published in May 2003