Staying current in your field not only helps you successfully meet your job requirements, it also makes it possible to compete for higher-level positions—and the salaries they bring.

In the field of information security, professional certifications show employers that you’re well versed in your industry, ready to meet a range of challenges, and committed to professional growth.

 

What Are Today’s Most Relevant Certifications?

Information security career paths often start with a bachelor’s degree and then branch out into the world of certifications. These credentials, typically offered by professional associations, provide quantifiable evidence that you’ve got what it takes to get a specific job done right. Some are standard in the industry and virtually required to move out of entry-level positions. Others are optional, highlighting a specific focus or area of expertise.

Here’s a brief run-down of the industry’s most popular certifications:

Security+ from CompTIA

  • Foundational level, focusing on technical skills, broad knowledge, and expertise in multiple security-related disciplines.
  • Two years of experience is recommended, but none is required.
  • For those interested in security engineer, security consultant, network administrator, IA technician, IA manager, or similar positions.

Certified Information Systems Security Professional (CISSP) from (ISC)2

  • Widely considered the standard certification in the information security industry, the CISSP tests competency in 10 key areas.
  • Minimum of five years of paid, full-time experience in two key areas required.
  • For those interested in security consultant, IT director, security architect, security auditor, security architect, chief information security officer, director of security, or similar position.

Certified Information Systems Auditor® (CISA®) from ISACA®

  • Management-focused to delve into governance, risk management, compliance, incident management, program development, and ongoing management.
  • Minimum of five years of professional-level information security; three years must be as a security manager. Substitutions and waivers of such experience may be granted.
  • For those interested in information security officer or security consultant, information security manager, and chief information security officer, or similar position.

GIAC Security Essentials (GSEC) from GIAC

  • Covers a broad range of areas to demonstrate hands-on knowledge of an array of security roles.
  • No experience required.
  • For those interested in information security compliance, security analyst, security operations architect, compliance analyst, or similar position.

Certified Ethical Hacker (CEH) from EC-Council

  • Intermediate-level credential, focused on identifying system vulnerabilities, access points for penetration, and prevent unwanted access to network and information systems.
  • Training course is highly recommended. Eligibility can also be given for documented experience and education.
  • For those interested in penetration tester, network security specialist, ethical hacker, security consultant, site administrator, auditor, and similar positions.

CyberSec First Responder (CFR) from Logical Operations

  • Covers the skills needed by security professionals to protect digital assets before, during, and after a cyberattack.
  • Specialized training includes threat analysis, secure network and computing environment design, network defense, rapid response, and incident investigation.
  • Training courses approved for continuing education credits for select certifications from CompTIA or GIAC.
  • For those interested in working as first responders in the event of cyberattack.

GIAC Certified Enterprise Defender (GCED) from GIAC

  • Builds on security skills measured by GSEC without overlap.
  • Advanced certification which covers the technical abilities needed to defend enterprise environment and protect the whole organization.
  • Assesses skills in areas including defense network infrastructure, packet analysis, penetration testing, incident handling, and malware removal.
  • No specific training course required.
  • For those interested in enhancing security skills to manage the security of an entire organization or enterprise.

Cybersecurity Analyst (CSA+) from CompTIA

  • Vendor-neutral credential that applies behavioral analytics to improve information security.
  • Validates knowledge and skills required to configure and use threat detection tools, execute data analysis, and interpret results to find vulnerabilities, risks, and threats.
  • Exam is a performance-based assessment, including hands-on simulations.
  • No experience required, but a minimum of 3-4 years of practical information security experience is recommended. Intended to follow CompTIA Security+ or equivalent certification.
  • For those seeking higher level positions as security analysts, security specialist, threat intelligence analyst, Security Operations Center (SOC) Analyst, and similar roles.