There are a myriad of certifications, and obtaining and maintaining them takes time, effort, and money. There are at least 130 security certifications currently available today, but we’ve prepared the following list to help you narrow down your search. Take a look!
1. EX-8200 or 8100 unit in the Israeli army
Israel has become the seedbed for many of today’s successful cyber security firms. Commonly, their founders are veterans of an elite division of the Israel Defense Forces (IDF) called Unit 8200. Members of 8200 are the “1% of the 1%” recruited for their STEM skills. Sadly, this is a unit you are selected for and can not pay or volunteer.
2. CEH: Certified Ethical Hacker
This is one of the top certifications for those pursuing a career in ethical hacking or penetration testing. The five-day training course is recommended as those who choose to self-study must pay an addition $100 for the exam and provide evidence of at least 2 years of experience in the industry. Passing the CEH exam proves your knowledge and skill in hacking methods such as footprinting, scanning, enumeration, and other hacking activity.
3. CISM: Certified Information Security Manager
This certification is a must-have for those developing, managing, and overseeing enterprise-level InfoSec systems or developing organizational security best practices. CISM certified professionals have at least 5 years experience in security risk management, governance, and incident response.
4. CompTIA Security+
This is a vendor-neutral certification that is considered to be the standard requirement for entry-level positions in cyber security. Although not required, the CompTIA Network+ certification is recommended before pursuing the Security+. This credential meets the Directive 8570.01-M requirements of the U.S. Department of Defense.
5. CISSP: Certified Information Systems Security Professional
Also a vendor-neutral certification, CISSP is a highly sought after advanced certification and is recognized worldwide. A minimum of 5 years experience is required to take the exam and is provided by the International Information Systems Security Certification Consortium, known as (ISC)2.
6. GSEC: SANS GIAC Security Essentials
This is another certification that is designed for entry-level professionals to demonstrate an understanding of security concepts and capability of hands-on security roles. There are no prerequisites, but training is recommended which can be found at the GIAC website.
7. ECSA: EC-Council Certified Security Analyst
This certification picks up where CEH leaves off, and those who pass demonstrate advanced skill in the analytical phase of ethical hacking. The EC-Council website provides information on training and exam prep.
8. GPEN: GIAC Penetration Tester
For those looking for a career in penetration testing, GPEN is a recognized program that assesses pen-testing methodologies, legal issues, and best practice techniques. A certified professional has demonstrated an understanding of a process-oriented approach to pen-testing and reporting.
9. SSCP: Systems Security Certified Practitioner
Another certification from (ISC)2, it is globally recognized to demonstrate advanced technical skills to implement and monitor IT infrastructure using security best practices. The SSCP is meant for IT professionals responsible for hands-on operational security of enterprise assets.
10. CRISC: Certified in Risk and Information Systems Control
IT professionals whose role focuses on risk management and implementing proper IS controls will want to seriously consider a CRISC certification. It is one of the few, if not only certifications that focus on risk management that is widely known and accepted. Learn more at the ISACA website.
11. CISA: Certified Information Security Auditor
Another ISACA certification that validates expertise in auditing and control of information security. Many businesses and government agencies require IT/IS auditors to be CISA certified.
12. OSCE: Offensive Security Certified Expert
They say it’s the most challenging pen-testing certification in the industry. The exam consists of a 48-hour online exercise to demonstrate a candidate’s ability to perform information gathering, identify vulnerabilities, and gain administrative access. A prerequisite of the OSCE exam is the Cracking the Perimeter course.
13. CCSP: Certified Cloud Security Professional
With so many enterprises adopting cloud resources, earning a cloud-based security certification is a smart career move. The CCSP from (ISC)2 is globally recognized to demonstrate skill and knowledge to design, manage, and secure cloud resources
14. CFR: CyberSec First Responder
Designed for those who want to be first responders to cyber attacks, the CFR prepares successful candidates in analyzing threats, proactively defending networks, and responding to cyber security incidents. It is also now approved as U.S. DoD 8570 compliant, which brings added value to this certification.
Corporate Certifications and Accreditations
Individual employees can come and go, so it’s equally relevant that a company’s cyber security vendor has corporate accreditations such as SOC2, FIPS, and CREST. A company with CREST accreditation, for example, can be trusted to employ highly skilled and competent staff and abide by enforceable Codes of Conduct. Another important aspect to look for when assessing a security vendor is whether the vendor can assist with compliance frameworks such as NIST, RHUL, and others.
It’s important to note that when all is said and done, cyber security providers will want to be compliant for another key reason: to help their clients become compliant, ensuring their security team stays abreast with current cyber tactics, techniques, and procedures (TTP); it’s always lead by example.