A Guide to Cyber Security Certifications
While degrees in cyber security are important for getting your bearings in the field, certifications show employers that you are up-to-date on knowledge related to industry standards. Generally speaking, certifications are offered by third-party accrediting organizations require a test to pass and must be renewed periodically. As you move up the career ladder, you’ll likely want to complete certifications meant for workers of greater seniority or specialization. Oftentimes passing of more specialized or senior certifications also renews all certifications of lesser stature. As one might expect from a field as wide and varied as cyber security (check out just how varied in our guide to cyber security careers), certifications come in many different varities, from entirely entry level, to senior management, and from highly technical to highly theoretical. The good news is that if you’re interested in cyber security — whether you have experience in the field or not — there’s likely a certification you can start working on to enhance your chances of employment in the field.
Getting Started With Certifications
In general there are 5 accrediting bodies that offer common cyber security and information assurance certifications. These organizations include:
- CompTIA
- The EC Council
- GIAC
- ISACA
- ISC(2)
While there are slight differences to testing procedures, eligibility for exams, and renewing of certifications, certification processes for these 5 organizations are quite similar. With that said, the subject matter of exams offered by these accrediting bodies varies significantly. Two ways to obtain specific knowledge of what certifications you should be seeking are to consult the DoD Approved Baseline Certifications (more on this later) and to browse job openings you are interested in and note required certifications.
Generally speaking the preparation process for certifications requires the purchasing of an exam voucher, receiving study materials, making sure all prerequisites are met, and then passing the exam. Prerequisites for certifications vary based on the exam level but are centered around domains of knowledge. Many higher level exams assume in-depth work experience on the matters being tested, while entry level exams are more easily taken through just study. Exam vouchers are typically one to several hundred dollars, depending on the exam. There are often authorized third-party vendors of exam vouchers (outside of the testing organization) that are allowed to provide some discounts on exams. Additionally, many accrediting bodies offer discounts on exams for those still in school. So if you have a .edu email address you can use to register for an exam, make sure to do so to see if you can obtain a reduced price voucher. The most common examination format includes seeking out a nearby proctored testing facility and the taking of a several hour (often) multiple choice test. Most certification tests provide your results immediately after testing and are pass/fail.
Make sure to check with your employer or school before taking a certification. Many will partially or fully cover the cost of certification.
A general distinction between cyber security certifications is whether or not they are entry level or more specialized. Entry-level certifications are meant to test generally expected core knowledge in information technology, general best practices, and core concepts. Most entry-level certifications may be taken without work experience. Specialized or more expert-level certifications often rely on in-depth knowledge of tools, practices, and protocol in cyber security disciplines, and are often only obtainable for those with significant experience in the field being tested.
Another feature common to almost all certifications is the need to re-certify. As information technology and cyber security changes so rapidly, certifications generally come with an expiration date. To maintain your certification for longer, you generally have to complete some combination of the following: obtain more advanced certifications that automatically renew your current certifications, obtain continuing education credit, and/or re-take the exam.
Renewing certifications often requires one of the following: more advanced certifications, continuing education credits, or re-taking the exam.
Common Entry-Level Cyber Security Certifications
For a widely accepted “map” of cyber security certifications, check out DoD’s 8570 Baseline Certification guidance.
While you’ll want to tailor your progression through certifications to fit your exact career goals, most IT and cyber security workers obtain at least one of the following entry-level Cyber Security Certifications. One of the most common measures of which certifications one should achieve at which point in one’s career is the DoD 8570 Compliance list. As one of the larger employers of cyber security professionals, the DoD relies heavily on certifications to measure expertise. The DoD 8570 Baseline Certifications notes what certifications cyber security workers should hold at different levels of expertise (and thus pay). Both the CompTIA A+ and Security+ are essential for the first earnings band at the DoD.
CompTIA A+
The CompTIA A+ certification is the entry-level IT certification. Commonly held by help desk, support specialist, and IT employees, it’s a great way to lay the groundwork for a more in-depth knowledge of networking, hardware, and operating systems. The A+ assumes the knowledge one would hopefully have after a year of experience in help desk roles, though many A+ recipients simply study for a few months to gain the knowledge that way.
Domains tested on the CompTIA A+ exam include:
- Identifying, using, and connecting hardware components and devices
- Install and support Windows OS including command line & client support
- Troubleshoot PC and mobile device issues including application security support
- Explain types of networks and connections including TCP/IP, WIFI and SOHO
- Troubleshoot device and network issues
- Identify and protect against security vulnerabilities for devices and their network connections
- Install & configure laptops and other mobile devices
- Understand Mac OS, Linux and mobile OS
- Follow best practices for safety, environmental impacts, and communication and professionalism
For an in-depth look at exam objectives, check out CompTIA’s landing page here.
CompTIA Security+
The CompTIA Security+ exam is one of the only global entry-level cyber security certifications with performance-based questions that emphasize practical, hands-on skills. Furthermore, Security+ is the entry-level security-specific certification for DoD 8570 compliance. The Department of Defense (and related contractors) are some of the largest employers of cyber security professionals, and rely heavily on certifications. 8570 compliance notes which certifications cyber security practicioners should have earned to be considered in “bands” of expertise. To find out more about DoD 8570 Compliance, find a list of recommended certifications from the DoD. Generally speaking Security+ prepares students for Junior IT Auditor/Penetration Tester job roles.
Domains tested on the CompTIA Security+ exam include:
- Detection of compromised systems, vulnurability testing, and penetration testing concepts.
- The installation, configuration, and deployment of network components to aid in organizational security.
- Implementation of network architecture and system design for security objectives.
- The installation and management of identity controls and access.
- Implementation of risk management best practices and how they relate to business impact.
- Implementation and management of wireless security and public architecture.
For an in-depth look at exam objectives, check out CompTIA’s landing page here.
CompTIA Network+
The CompTIA Network+ exam is often preliminary to security-specific certifications, and helps to validate knowledge of the troubleshooting, configuration, and management of wired and wireless networks. Network+ is the initial certification for information technology, support, and cyber security professionals seeking to hold roles such as network administrator, network engineer, network analyst, or infrastructure-centered cyber security roles. The DoD lists Network+ as interchangeable with Security+ and A+ for IAT I professionals. As with most CompTIA certifications, the exam is vendor agnostic. Recommended experience for excelling at this exam is your CompTIA A+ certification as well as 9 months of experience in a network-centered position.
Domains tested in the CompTIA Network+ exam include:
- Understanding and explanation of core networking concepts and implementation
- Explanation of core infrastructure including cabling devices, and storage technologies
- Best practices for networking protocol so as to ensure business continuity
- Understanding of common physical security risks as well as countermeasures for wired and wireless networks
- Explanation of network troubleshooting tools and practices for network continuity and performance.
For an in-depth look at exam objectives, check out CompTIA’s landing page here.
ISC(2) Systems Security Certified Practitioner
The ISC(2) Systems Security Certified Practitioner (SSCP) certification is yet another option for DoD 8570 Baseline Certification compliance. This certification is recommended for those with one year of hands on practical experience in one or more domains of knowledge of the SSCP Common Body of Knowledge (CBK), OR those who have obtained a cyber security degree. For those without requisite academic experience, one year of work experience is generally recommended. Along with CompTIA’s Security+ exam, the SSCP is one of two common security-centered entry level certifications, and is often viewed as a good fit for cyber security professionals with a slight experience edge on those considering Security+. This is evidenced by DoD 8570’s placement of SSCP recipients in the second pay band of IAT, as well as in the CSSP Infrastructure Support category.
Categories tested in the SSCP exam are wide ranging and follow the 7 domains of knowledge outlined in the SSCP Common Body of Knowledge:
- Access Controls
- Security Operations and Administration
- Risk Identification, Monitoring, and Analysis
- Incident Response and Recovery
- Cryptography
- Network and Communications Security
- Systems and Application Security
Common Advanced Cyber Security Certifications
Where initial cyber security certifications are more general, and often the gatekeepers for cyber security professionals, those seeking more advanced cyber security certifications will want to choose certifications that fit their current or future roles. Some common certifications for common cyber security positions are expounded upon below.
For Penetration Testers: GIAC Penetration Tester (GPEN)
The GPEN certification — offered by GIAC — tests a wide variety of techniques and concepts related to tasks in which one assesses target networks and systems for vulnurabilites. The certification provides questions on a mixture of theory and practice, meaning that even professionals with hands-on experience will likely wish to prepare through books, videos, or courses on the topic. Additionally, test takers should note that the test is open book — as it features such a wide range of study topics. Many test takers note that the completion of an index noting where to find crucial information is useful in the timed examination.
For a full list of the many topics tackled on this exam, check out GIAC’s GPEN FAQ.
For Managers: ISC(2) Certified Information Systems Security Professional (CISSP)
The Certified Information Systems Security Professional certification is a high level certification looking at security policy and management. This is one of the most commonly mentioned certificates in cyber security, and is generally achievable by mid-career individuals. As such some of the common prerequisites are 5 years of paid work and experience in at least 2 of 8 domains of cyber security. As noted on the CISSP exam outline students are expected to have knowledge of all 8 domains of the core body of knowledge including:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations
- Software Development Security
ISC(2) CISSP Concentrations
While the Certified Information Systems Security Professional certification (above) is an advanced certificate, it is also general, covering many domains of cyber security knowledge. While this is often a useful measure for those managing diverse domains of cyber security workers, workers in a single domain may want to specialize even further. To this aim there are three concentrations for managers, those working in engineering, and those working in architecture.
- The CISSP-ISSAP certification for those in security architecture
- The CISSP-ISSEP certification for those in security engineering
- And the CISSP-ISSMP certification for those in cyber security management
For Information Systems Auditors: ISACA Certified Information Systems Auditor (CISA)
CISA is one of the oldest and most recognized cyber security certifications, dating back to 1978. As with many more senior certifications, the exam requires a good deal of real world experience along with a tested exam. Along with the CISSP certification (above), the CISA is the second certification we’ve mentioned that qualifies recipients for the highest band of information assurance technology professional status (IAT III) according to the DoD 8570 order. Additionally, the exam qualifies recipients for the CSSP Auditor role according to DoD 8570.
CompTIA Cybersecurity Analyst (CySA+)For Analysts: CompTIA Cybersecurity Analyst (CySA+)
The CompTIA Cybersecurity Analyst (CySA+) certification is one of the few certifications that helps specialists in a wide number of roles validate their knowledge. The exam relies on performance-based questions that ascertain mastery of core skills in security analytics, intrusion detection, and response. Present on the DoD 8570 Baseline Certification list for many positions, this certification may be used to validate skills as a IAT Level II, CSSP Infrastructure Support, CSSP Incident Responder, CSSP Analyst, or CSSP Auditor. This exam is an intermediate tier exam that is meant to be taken after Security+, Network+, and 3-4 years of related experience. Core competencies tested include:
- Application of environmental analysis of threat landscapes as well as implementation of responses
- Implementation of vulnurability management processes and analysis
- Analysis of access controls and identity to recommend security solutions within the Software Development Life Cycle
- Determine threats within data, discern impact of threats, prepare a toolkit for forensics and response as well as communications and best practices
For Incident Responders: GIAC Certified Incident Handler (GCIH)
The Certified Incident Handler certification offered by GIAC tests current incident response professionals on their knowledge of current attack practices, vectors, and tools as well as common response methods and tools. As the many-faceted components of incident handling dips into the skillsets of a number of cyber security positions, DoD 8570 Baseline Certification notes that the GCIH is an acceptable measure of proficiency for Information Assurance Technology professionals level three, CSSP Analyst positions, as well as CSSP Incident Responder positions.
For Computer Forensics Professionals: GIACs Forensics Certifications
There is such a wide range to what computer forensics can ential that GIAC alone offers 5 certifications for specific computer forensics skills. These exams are all open book. And offer the opportunity for testers to submit an additional peer-reviewed paper with their certification test for the chance to receive a “GIAC Gold Status.” The five GIAC certification related to computer forensics are listed below.
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Advanced Smartphone Forensics (GASF)
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Network Forensic Analyst (GNFA)
- GIAC Reverse Engineering Malware (GREM)
