Top information security certifications

Staying current in your field not only helps you successfully meet your job requirements, it also makes it possible to compete for higher-level positions—and the salaries they bring.

In the field of information security, professional certifications show employers that you’re well versed in your industry, ready to meet a range of challenges, and committed to professional growth.

What are today’s most relevant certifications?

Information security career paths often start with a bachelor’s degree and then branch out into the world of certifications. These credentials, typically offered by professional associations, provide quantifiable evidence that you’ve got what it takes to get a specific job done right. Some are standard in the industry and virtually required to move out of entry-level positions. Others are optional, highlighting a specific focus or area of expertise.

Here’s a brief run-down of the industry’s most popular certifications:

Security+ from CompTIA

• Foundational level, focusing on technical skills, broad knowledge, and expertise in multiple security-related disciplines.
• Two years of experience is recommended, but none is required.
• For those interested in security engineer, security consultant, network administrator, IA technician, IA manager, or similar positions.
  
  

Certified Information Systems Security Professional (CISSP) from (ISC)²

• Widely considered the standard certification in the information security industry, the CISSP tests competency in 10 key areas.
• Minimum of five years of paid, full-time experience in two key areas required.
• For those interested in security consultant, IT director, security architect, security auditor, security architect, chief information security officer, director of security, or similar position.
  
  

Certified Information Systems Auditor® (CISA®) from ISACA®

• Management-focused to delve into governance, risk management, compliance, incident management, program development, and ongoing management.
• Minimum of five years of professional-level information security; three years must be as a security manager. Substitutions and waivers of such experience may be granted.
• For those interested in information security officer or security consultant, information security manager, and chief information security officer, or similar position.
  
  

GIAC Security Essentials (GSEC) from GIAC

• Covers a broad range of areas to demonstrate hands-on knowledge of an array of security roles.
• No experience required.
• For those interested in information security compliance, security analyst, security operations architect, compliance analyst, or similar position.
  
  

Certified Ethical Hacker (CEH) from EC-Council

• Intermediate-level credential, focused on identifying system vulnerabilities, access points for penetration, and prevent unwanted access to network and information systems.
• Training course is highly recommended. Eligibility can also be given for documented experience and education.
• For those interested in penetration tester, network security specialist, ethical hacker, security consultant, site administrator, auditor, and similar positions.
  
  

CyberSec First Responder (CFR) from Logical Operations

• Covers the skills needed by security professionals to protect digital assets before, during, and after a cyberattack.
  
• Specialized training includes threat analysis, secure network and computing environment design, network defense, rapid response, and incident investigation.
• Training courses approved for continuing education credits for select certifications from CompTIA or GIAC.
• For those interested in working as first responders in the event of cyberattack.
  
  

GIAC Certified Enterprise Defender (GCED) from GIAC

• Builds on security skills measured by GSEC without overlap.
• Advanced certification which covers the technical abilities needed to defend enterprise environment and protect the whole organization.
• Assesses skills in areas including defense network infrastructure, packet analysis, penetration testing, incident handling, and malware removal.
• No specific training course required.
• For those interested in enhancing security skills to manage the security of an entire organization or enterprise.
  
  

Cybersecurity Analyst (CSA+) from CompTIA

• Vendor-neutral credential that applies behavioral analytics to improve information security.
• Validates knowledge and skills required to configure and use threat detection tools, execute data analysis, and interpret results to find vulnerabilities, risks, and threats.
• Exam is a performance-based assessment, including hands-on simulations.
• No experience required, but a minimum of 3-4 years of practical information security experience is recommended. Intended to follow CompTIA Security+ or equivalent certification.
• For those seeking higher level positions as security analysts, security specialist, threat intelligence analyst, Security Operations Center (SOC) Analyst, and similar roles.