An IT security certification can provide a key boost for your career, but with so many different certifications available (and so many organizations more than happy to take your money for training and testing), it’s important to make sure that the time and investment are well spent. The right certification can serve as a key differentiator in applying for jobs, demonstrating both your commitment to the field and the specialized knowledge you’ve gained.
Still, a certification on its own doesn’t mean very much – it’s about helping you stand out from the crowd by highlighting specific skills, but it’s always going to be secondary to your professional experience.
“The certification debate rages on,” said AsTech CTO Jason Kent. “On the one hand, there are plenty of skilled professionals that I would say are experts and have no certifications. On the other hand, there are plenty of very good folks with many certifications.”
How to Choose a Security Certification
Thycotic chief security scientist Joseph Carson told eSecurity Planet that choosing a certification should ultimately be about deciding which skillset or professional direction you want to focus on. “Certifications range from penetration testers, government/industry regulatory compliance, ethical hacking, to industry knowledge,” he said. “Some certifications are entry level, and some require several years of experience, with peer references, before getting certified.”
And for most certifications, there’s an additional benefit: rather than simply highlighting your knowledge and experience, they can be a great way to expand that knowledge and learn new things.
“My advice for anybody that asks me which certifications they should get is this: find a certification in a subject that you wish to learn about,” Palo Alto Networks CSO Rick Howard said. “If you are going to study the subject anyway, you might as well get a certification out of it.”
Also read: How to Get Started in a Cybersecurity Career
The Top Cybersecurity Certifications
With that advice in mind, here are 15 cybersecurity certifications particularly worth considering.
- CompTIA Security+
Security+ is CompTIA’s entry-level certification, the one the trade association calls “the first security certification a candidate should earn.” Candidates are advised to have at least two years of experience in IT admin with a security focus prior to pursuing it. The 90-minute exam, with up to 90 questions, ensures that you have the skills needed to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; monitor and secure hybrid environments; operate with an appropriate focus on governance, risk, and compliance; and identify, analyze, and respond to security events and incidents. AsTech’s Kent said of Security+, “This crosses several domains and is a basic introduction to security. I don’t know that anyone has been hired for this certification, but, as I said, it’s a great start.” As of mid-2022, the cost is $381 USD.
- SSCP (Systems Security Certified Practitioner)
SSCP from (ISC)2 is a mid-level certification designed for IT administrators, managers, directors, and network security professionals responsible for the hands-on operational security of their organization’s critical assets. Candidates must have at least one year of paid work experience in one of the exam’s topic areas. It covers seven security domains: security operations and administration; access controls; risk identification, monitoring and analysis; incident response and recovery; cryptography; network and communications security; and systems and application security. A variety of training options are available, both online and in person. The 125-question exam takes up to 3 hours to complete. As of mid-2022, the cost is $249.
- CISSP (Certified Information Systems Security Professional)
CISSP, perhaps the best-known security credential, is an advanced certification from (ISC)2, requiring at least five years of paid work experience in two or more of the eight areas covered by the exam: security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management (IAM), security assessment and training, security operations, and software development security. A four-year college degree or regional equivalent, or an additional (ISC)2 credential from an approved list, satisfies one year of the required experience. Two exam formats are available: a four-hour streamlined Computer Adaptive Testing (CAT) exam that adjusts questions and scoring based on answers to initial questions, or the full linear exam, which takes six hours. As of mid-2022, the cost is $749 USD.
- CEH (Certified Ethical Hacker)
The CEH certification from the EC-Council was introduced in 2003 and is now in version 11. Prerequisites include either taking a five-day, 20-module training course, or having proof of two years of work experience in a security-related field. Micro Focus security researcher Simon Puleo said of the credential, “I feel this is an important certification because it sheds light on the tools and methods of the dark side of security, specifically malicious hackers. It is a difficult certification as it is highly technical, but I think that it is worthwhile for everyone in the industry to take on a ‘think like a bad guy’ perspective, as only then will they come to see where vulnerabilities exist.” Pricing for the four-hour CEH exam varies, as it’s often bundled with training by accredited partners.
- CISA (Certified Information Systems Auditor)
CISA is ISACA’s (Information Systems Audit and Control Association) high-level certification designed for those who audit, control, monitor, and assess an organization’s information technology and business systems. A minimum of five years of related professional experience is required, though a master’s degree in information security or information technology can be substituted for one year of experience, and 60 to 120 completed university semester credit hours (the equivalent of a two-year or four-year degree) can be substituted for one or two years, respectively. The exam consists of 150 questions covering five job practice domains: information systems auditing; governance and management of IT; information systems acquisition, development, and implementation; information systems operations and business resilience; and protection of information assets. A wide variety of training options are available. As of mid-2022, the cost of the exam is $575 for ISACA members and $760 for non-members.
- CISM (Certified Information Systems Manager)
CISM is a high-level certification offered by ISACA, designed for those with technical expertise and experience in IS/IT security who want to make the move from team player to manager. A minimum of five years of professional information security management work experience is required, though a CISA or CISSP certification, or a postgraduate degree in a related field, can be substituted for two years of experience. The exam includes 150 questions covering four topic areas: information security governance, information security risk management, information security program development and management, and incident management. An online review course and practice quiz are available. As of mid-2022, the cost of the exam is $575 for ISACA members and $760 for non-members.
- GSEC (GIAC Security Essentials)
GSEC is the entry-level certification from the Global Information Assurance Certification (GIAC), an independent entity formed in 1999 by the SANS Institute. GSEC is intended for anyone new to cyber security who has some background in information systems and networks. It confirms that certificate holders are qualified for hands-on IT security roles by validating their understanding of information security. The certification covers active defense, defense in depth, access control, cryptography, defensible network architecture and network security, incident handling and response, vulnerability scanning and penetration testing, security policy, IT risk management, virtualization and cloud security, and Windows and Linux security. The 4-5 hour exam includes up to 180 questions. Training is available in a variety of formats. As of mid-2022, pricing for the exam, including two practice tests, is $949.
- GCIH (GIAC Certified Incident Handler)
The GCIH certification validates your ability to detect and resolve computer security incidents using a wide range of essential security skills. It’s designed for incident handlers, incident handling team leads, system administrators, security practitioners, and security architects. Certificate holders have the knowledge required to manage security incidents by understanding common attack techniques, vectors and tools, and to respond to those attacks when they occur. Key topics include drive-by attacks, endpoint attacks and pivoting, evasive techniques, incident response and cyber investigations, memory and malware investigations, Metasploit, netcat, network investigations, networked environment attacks, password attacks, post-exploitation attacks, reconnaissance and open-source intelligence, scanning and mapping, SMB scanning, and Web application attacks. The four-hour exam, including 106 questions, can be administered remotely or in person. Training is available in a variety of formats, including live and on demand. As of mid-2022, pricing for the exam, including two practice tests, is $949.
- GCIA (GIAC Certified Intrusion Analyst)
The GCIA certification ensures that you have the skills required to configure and monitor intrusion detection systems, and to read, interpret, and analyze network traffic and related log files. It’s designed for system analysts, security analysts, network engineers, network administrators, and hands-on security managers. Key topics include advanced analysis and network forensics, advanced IDS concepts, application protocols, concepts of TCP/IP and the link layer, DNS, fragmentation, IDS fundamentals and network architecture, intrusion detection system rules, IP headers, IPv6, network traffic analysis, packet engineering, SiLK and other traffic analysis tools, TCP, tcpdump filters, UDP and ICMP, and Wireshark fundamentals. The four-hour exam includes 106 questions. Training is available in a variety of formats, including live and on demand. As of mid-2022, pricing for the exam, including two practice tests, is $949.
- GSE (GIAC Security Expert)
GSE is one of the most prestigious credentials in IT security. While registration has closed for 2022, it’s likely to be offered again in 2023. Prerequisites include the GSEC, GCIH, and GCIA certifications detailed above. As GIAC puts it, “Individuals who make the effort to not only learn but master all of the essential elements of information security belong in a very special group. These individuals will be the elite of information security and the top practitioners in the field. Those who pursue an in-depth technical education in all areas of information security are the target audience for the GSE certification.” The performance-based, hands-on exam sets it apart from other certifications – it includes both a multiple-choice test, currently priced at $559, and a hands-on lab component, priced at $2,699.
- Palo Alto Networks Cybersecurity Professional Certificate
The Palo Alto Networks Cybersecurity Professional Certificate, offered by Palo Alto Networks and administered online by Coursera, is designed to prepare students for entry-level careers in cyber security. The certificate requires completion of four individual courses: Palo Alto Networks Cybersecurity Foundation, Palo Alto Networks Network Security Fundamentals, Palo Alto Networks Cloud Security Fundamentals, and Palo Alto Networks Security Operations Fundamentals. Key skills acquired include managing and encrypting a zero-trust environment, deploying VPNs and SSL/SSH encryption, analyzing firewall logs and configuring security controls, and mitigating vulnerabilities using packet capture and analysis. The courses required for the certificate can also be used to prepare for the Palo Alto Networks Certified Cybersecurity Entry-Level Technician (PCCET) exam. All four courses take approximately six months to complete at a suggested pace of two hours per week. After a seven-day free trial, access costs $39 per month.
- IBM Cybersecurity Analyst Professional Certificate
The IBM Cybersecurity Analyst Professional Certificate, based on the NICE Framework’s Cyber Defense Analyst role, is designed for learners entering the workforce, professionals switching careers, and IT professionals who need to enhance their cyber security skills. The certificate requires completion of eight individual courses: Introduction to Cybersecurity Tools & Cyber Attacks; Cybersecurity Roles, Processes & Operating System Security; Cybersecurity Compliance Framework & System Administration; Network Security & Database Vulnerabilities; Penetration Testing, Incident Response and Forensics; Cyber Threat Intelligence; Cybersecurity Capstone: Breach Response Case Studies; and the IBM Cybersecurity Analyst Assessment. Administered online by Coursera, it takes approximately eight months to complete at a suggested pace of four hours per week. After a seven-day free trial, access costs $49 per month.
- IT Fundamentals for Cybersecurity Specialization
The IT Fundamentals for Cybersecurity Specialization is an introductory online course, offered by IBM and administered by Coursera, which covers cyber security tools and processes, system administration, operating system and database vulnerabilities, types of cyber attacks, cryptography, digital forensics, and basics of networking. The specialization requires completion of four individual courses: Introduction to Cybersecurity Tools & Cyber Attacks; Cybersecurity Roles, Processes & Operating System Security; Cybersecurity Compliance Framework & System Administration; and Network Security & Database Vulnerabilities. All four courses are part of the IBM Cybersecurity Analyst Professional Certificate described above, allowing you to proceed to that certificate after achieving the specialization. The specialization takes approximately four months to complete at a suggested pace of four hours per week. After a seven-day free trial, access costs $49 per month.
- Security Analyst Fundamentals Specialization
The Security Analyst Fundamentals Specialization, offered by IBM and administered by Coursera, focuses on key concepts around digital forensics, penetration testing and incident response. It requires completion of three individual courses: Penetration Testing, Incident Response and Forensics; Cyber Threat Intelligence; and Cybersecurity Capstone: Breach Response Case Studies. As with the Fundamentals for Cybersecurity Specialization, all three courses in this case are part of the IBM Cybersecurity Analyst Professional Certificate, allowing you to proceed to that certificate after achieving the specialization. The specialization takes approximately four months to complete at a suggested pace of five hours per week. After a seven-day free trial, access costs $39 per month.
- Introduction to Cybersecurity Tools & Cyber Attacks
Introduction to Cybersecurity Tools & Cyber Attacks, offered by IBM and administered by Coursera, is the first component in both the IT Fundamentals for Cybersecurity Specialization and the IBM Cybersecurity Analyst Professional Certificate described above. It’s designed to provide you with the background needed to understand basic cyber security, covering the history of cyber security, key terms and roles in cyber security, types and motives of cyber attacks and their impact on organizations and individuals, key security concepts that are important in any cyber security position, and an overview of key security tools. The course takes approximately 20 hours to complete. After a seven-day free trial, access costs $49 per month.
Read next: How to Create an Incident Response Plan