Just as a Boy or Girl Scout takes pride in earning a badge in skills like camping or first aid, cyber security professionals take pride in earning important certifications in their field as recognition of expertise, knowledge, and experience. In some industries, a cyber security certification is a requirement to fill the role. Every CISO knows finding qualified staff with the required skill set is a constant pain point. The value of certifications can fulfill compliance and confirm the necessary knowledge and skill set exists within your security team. In addition to personal certifications, even corporate accreditations are becoming the next “gluten-free” and “fair trade” seal.
There are a myriad of certifications, and obtaining and maintaining them takes time, effort, and money. There are at least 130 security certifications currently available today, but we’ve prepared the following list to help you narrow down your search. Take a look!
1. EX-8200 or 8100 unit in the Israeli army
Israel has become the seedbed for many of today’s successful cyber security firms. Commonly, their founders are veterans of an elite division of the Israel Defense Forces (IDF) called Unit 8200. Members of 8200 are the “1% of the 1%” recruited for their STEM skills. Sadly, this is a unit you are selected for and can not pay or volunteer.
2. CEH: Certified Ethical Hacker
This is one of the top certifications for those pursuing a career in ethical hacking or penetration testing. The five-day training course is recommended as those who choose to self-study must pay an addition $100 for the exam and provide evidence of at least 2 years of experience in the industry. Passing the CEH exam proves your knowledge and skill in hacking methods such as footprinting, scanning, enumeration, and other hacking activity.
3. CISM: Certified Information Security Manager
This certification is a must-have for those developing, managing, and overseeing enterprise-level InfoSec systems or developing organizational security best practices. CISM certified professionals have at least 5 years experience in security risk management, governance, and incident response.
4. CompTIA Security+
This is a vendor-neutral certification that is considered to be the standard requirement for entry-level positions in cyber security. Although not required, the CompTIA Network+ certification is recommended before pursuing the Security+. This credential meets the Directive 8570.01-M requirements of the U.S. Department of Defense.
5. CISSP: Certified Information Systems Security Professional
Also a vendor-neutral certification, CISSP is a highly sought after advanced certification and is recognized worldwide. A minimum of 5 years experience is required to take the exam and is provided by the International Information Systems Security Certification Consortium, known as (ISC)2.
6. GSEC: SANS GIAC Security Essentials
This is another certification that is designed for entry-level professionals to demonstrate an understanding of security concepts and capability of hands-on security roles. There are no prerequisites, but training is recommended which can be found at the GIAC website.
7. ECSA: EC-Council Certified Security Analyst
This certification picks up where CEH leaves off, and those who pass demonstrate advanced skill in the analytical phase of ethical hacking. The EC-Council website provides information on training and exam prep.
8. GPEN: GIAC Penetration Tester
For those looking for a career in penetration testing, GPEN is a recognized program that assesses pen-testing methodologies, legal issues, and best practice techniques. A certified professional has demonstrated an understanding of a process-oriented approach to pen-testing and reporting.
9. SSCP: Systems Security Certified Practitioner
Another certification from (ISC)2, it is globally recognized to demonstrate advanced technical skills to implement and monitor IT infrastructure using security best practices. The SSCP is meant for IT professionals responsible for hands-on operational security of enterprise assets.
10. CRISC: Certified in Risk and Information Systems Control
IT professionals whose role focuses on risk management and implementing proper IS controls will want to seriously consider a CRISC certification. It is one of the few, if not only certifications that focus on risk management that is widely known and accepted. Learn more at the ISACA website.
11. CISA: Certified Information Security Auditor
Another ISACA certification that validates expertise in auditing and control of information security. Many businesses and government agencies require IT/IS auditors to be CISA certified.
12. OSCE: Offensive Security Certified Expert
They say it’s the most challenging pen-testing certification in the industry. The exam consists of a 48-hour online exercise to demonstrate a candidate’s ability to perform information gathering, identify vulnerabilities, and gain administrative access. A prerequisite of the OSCE exam is the Cracking the Perimeter course.
13. CCSP: Certified Cloud Security Professional
With so many enterprises adopting cloud resources, earning a cloud-based security certification is a smart career move. The CCSP from (ISC)2 is globally recognized to demonstrate skill and knowledge to design, manage, and secure cloud resources
14. CFR: CyberSec First Responder
Designed for those who want to be first responders to cyber attacks, the CFR prepares successful candidates in analyzing threats, proactively defending networks, and responding to cyber security incidents. It is also now approved as U.S. DoD 8570 compliant, which brings added value to this certification.
Corporate Certifications and Accreditations
Individual employees can come and go, so it’s equally relevant that a company’s cyber security vendor has corporate accreditations such as SOC2, FIPS, and CREST. A company with CREST accreditation, for example, can be trusted to employ highly skilled and competent staff and abide by enforceable Codes of Conduct. Another important aspect to look for when assessing a security vendor is whether the vendor can assist with compliance frameworks such as NIST, RHUL, and others.
It’s important to note that when all is said and done, cyber security providers will want to be compliant for another key reason: to help their clients become compliant, ensuring their security team stays abreast with current cyber tactics, techniques, and procedures (TTP); it’s always lead by example.
A partnership with a cyber security company is a long-term relationship that should be a carefully thought-through decision. There’s no question that you’ll want to look for evidence of expertise and experience to validate the decision to work together. Certificate and accreditations are a solid way to ensure a company is willing to invest in employees to further their expertise in the ever-changing cyber field. It also reflects the seriousness of a vendor to stay current and provide the best cyber security services to their customers.