Staying current in your field not only helps you successfully meet your job requirements, it also makes it possible to compete for higher-level positions—and the salaries they bring.
In the field of information security, professional certifications show employers that you’re well versed in your industry, ready to meet a range of challenges, and committed to professional growth.
What Are Today’s Most Relevant Certifications?
Information security career paths often start with a bachelor’s degree and then branch out into the world of certifications. These credentials, typically offered by professional associations, provide quantifiable evidence that you’ve got what it takes to get a specific job done right. Some are standard in the industry and virtually required to move out of entry-level positions. Others are optional, highlighting a specific focus or area of expertise.
Here’s a brief run-down of the industry’s most popular certifications:
- Foundational level, focusing on technical skills, broad knowledge, and expertise in multiple security-related disciplines.
- Two years of experience is recommended, but none is required.
- For those interested in security engineer, security consultant, network administrator, IA technician, IA manager, or similar positions.
Certified Information Systems Security Professional (CISSP) from (ISC)2
- Widely considered the standard certification in the information security industry, the CISSP tests competency in 10 key areas.
- Minimum of five years of paid, full-time experience in two key areas required.
- For those interested in security consultant, IT director, security architect, security auditor, security architect, chief information security officer, director of security, or similar position.
Certified Information Systems Auditor® (CISA®) from ISACA®
- Management-focused to delve into governance, risk management, compliance, incident management, program development, and ongoing management.
- Minimum of five years of professional-level information security; three years must be as a security manager. Substitutions and waivers of such experience may be granted.
- For those interested in information security officer or security consultant, information security manager, and chief information security officer, or similar position.
GIAC Security Essentials (GSEC) from GIAC
- Covers a broad range of areas to demonstrate hands-on knowledge of an array of security roles.
- No experience required.
- For those interested in information security compliance, security analyst, security operations architect, compliance analyst, or similar position.
Certified Ethical Hacker (CEH) from EC-Council
- Intermediate-level credential, focused on identifying system vulnerabilities, access points for penetration, and prevent unwanted access to network and information systems.
- Training course is highly recommended. Eligibility can also be given for documented experience and education.
- For those interested in penetration tester, network security specialist, ethical hacker, security consultant, site administrator, auditor, and similar positions.
CyberSec First Responder (CFR) from Logical Operations
- Covers the skills needed by security professionals to protect digital assets before, during, and after a cyberattack.
- Specialized training includes threat analysis, secure network and computing environment design, network defense, rapid response, and incident investigation.
- Training courses approved for continuing education credits for select certifications from CompTIA or GIAC.
- For those interested in working as first responders in the event of cyberattack.
GIAC Certified Enterprise Defender (GCED) from GIAC
- Builds on security skills measured by GSEC without overlap.
- Advanced certification which covers the technical abilities needed to defend enterprise environment and protect the whole organization.
- Assesses skills in areas including defense network infrastructure, packet analysis, penetration testing, incident handling, and malware removal.
- No specific training course required.
- For those interested in enhancing security skills to manage the security of an entire organization or enterprise.
Cybersecurity Analyst (CSA+) from CompTIA
- Vendor-neutral credential that applies behavioral analytics to improve information security.
- Validates knowledge and skills required to configure and use threat detection tools, execute data analysis, and interpret results to find vulnerabilities, risks, and threats.
- Exam is a performance-based assessment, including hands-on simulations.
- No experience required, but a minimum of 3-4 years of practical information security experience is recommended. Intended to follow CompTIA Security+ or equivalent certification.
- For those seeking higher level positions as security analysts, security specialist, threat intelligence analyst, Security Operations Center (SOC) Analyst, and similar roles.