Are you looking at security certifications? Certification in the areas of Cybersecurity, IT Security, and Computer Security do not have as many straight forward options in comparison to Windows or Linux certifications, or even cloud certifications with Microsoft Azure, Amazon AWS, or others. Those certification paths are quite straight forward, as you can find certifications offered by the appropriate vendors. However, Security certification is a bit more niche. While there are a few options for getting certified in Security, it can be a bit confusing to navigate the landscape of what it offered. This article lists out the available Security certifications available in the industry, and will help clarify any questions you have in regards to deciding which is the most appropriate for you.
Top 15 Cybersecurity Certifications to Earn
As you look to grow your career, there are many different cybersecurity or computer security certifications to consider in the industry. They all test and validate a slightly different set of objectives, and also are sought after a little differently by hiring managers who need to hire computer security professionals (think “professional hackers”) or even system administrators who know security more than most.
Here’s the short TLDR list of the top cybersecurity certifications in the industry today:
- Microsoft Certified: Azure Security Engineer
- AWS Certified Security – Specialty
- Professional Google Cloud Security Engineer
- Certified Kubernetes Security Specialist (CKS)
- CISSP (Certified Information Systems Security Professional) from ISC2
- CISM (Certified Information Security Manager) from ISACA
- CEH (Certified Ethical Hacker) from EC-Council
- CompTIA Security+
- OSCP (Offensive Security Certified Professional) from Offensive Security
- CCSP (Certified Cloud Security Professional)
- ISO27001 Lead Implementer
- APT (Advanced Penetration Testing) by EC-Council
- OSCE (Offensive Security Certified Expert) from Offensive Security
- GSEC (GIAC Security Professional) from SANS
- CompTIA PenTest+ (Penetration Tester)
- CompTIA CySA+ (Cybersecurity Analyst)
- LPT: Licensed Penetration Tester from EC-Council
- CND: Certified Network Defender from EC-Council
- GIAC Cloud Security Automation (GCSA)
Keep reading below to find out more information that will help you decide what your first security certification should be, as well as what certifications to earn depending on your job role.
Where to start with Cybersecurity Certification
If you are looking to get into cybersecurity, then there are some prerequisites as far as knowledge goes that you’ll need to cover first. If you are new to the IT industry, or even have a few years of experience, then I’d still recommend the same certification path to get started in cybersecurity and working towards being a professional cybersecurity expert. This is overall a very in demand, and high paying segment of the IT industry.
The prerequisites that you’ll need to get into cybersecurity include knowledge about computer hardware, networking, and operating systems such as Linux and Windows. The operating system requirement is actually more skewed towards Linux than Windows since most of the penetration testing and other “hacking” tools (such as those in Kali Linux) are build for Linux, so your laptop will be running Linux for this.
Here are the certifications I would recommend starting with on your path towards cybersecurity:
- CompTIA Cloud+ – If you’re new to the cloud, this is a great certification to start with. While not security specific, it will give you an excellent primer to working in the cloud.
- CompTIA Linux+ – This certification will prepare you as a Linux System Administrator that has the skills to work with and manage Linux-based computer systems and servers.
- CompTIA Network+ – This certification will prepare you with the computer networking knowledge for troubleshooting, configuring, and managing networks.
The reason I recommend the CompTIA Linux+ and Network+ certifications first is due to getting the foundational knowledge necessary for a cybersecurity professional. There are many aspects to the technologies used throughout the industry, and these two certifications will help get you prepared to start down your journey to being a professional cybersecurity expert, and getting a high paying job in this field.
While these two certifications and the knowledge they will gain you are important, you will also benefit from Windows Server knowledge as well. Even though most servers on the Internet are running Linux, almost all enterprises utilize Windows Server for Active Directory and identity management, as well as most desktop / workstation machines are running Windows 10 as well.
While the cybersecurity professional side with penetration testing and network configuration is not very operating system (OS) specific, it’s important to know about the operating systems companies are using and the types of software systems that are running. Depending on your target jobs and/or employers, you may want to additionally focus a bit on getting more learning in around Microsoft Windows Server. In the future Microsoft will not be offering any Windows Server certifications anymore, but if you get this done before January 31, 2021, then you will still be able to pursue the MCSA: Windows Server certification to help with gaining the skills to be a Windows System Administrator as well. Regardless if you pursue Windows Server certification or not, you should still learn the basics of Windows Server, Windows Desktop, and Windows Active Directory administration. These Windows skills may not be required, but they’ll likely help you on the job.
Choosing My First Security Certification
Some of the Cybersecurity / Security certifications listed above are pretty advanced, and not intended for those new to Computer Security. These would require some fundamentals and even a bit of experience before being able to earn, however, there are a couple that are geared specifically more towards the “Entry-Level” or those new to the Security space regardless if your background is in System Administrator or Software Development.
One of the most common cybersecurity certifications to start getting familiar with security is the CompTIA Security+ certification. This is a good starting point, where you can then build upon to earning other certifications that may be required for your target job and/or employer.
The CompTIA Security+ certification is will test, validate, and establish the core knowledge required for any cybersecurity job role, validates the baseline skills you need to perform core security functions, pursue an IT Security career, and provides a springboard to intermediate-level cybersecurity jobs. The Security+ certification incorporates best practices in hands-on trouble-shooting to ensure security professionals have practical security problem-solving skills. Those who have earned the CompTIA Security+ certification know how to address security incidents; not just how to identify them.
The CompTIA Security+ certification is a bit different than other IT Security certifications in the following ways:
- Security+ assesses baseline cybersecurity skills with performance-based questions. It emphasizes hands-on practical skills, and ensures that security professionals are better prepared to problem solve a wider variety of issues.
- More professionals choose Security+ to meet DoD 8570 compliance than any other certification
- Security+ focuses on the latest techniques and trends in threat management, intrusion detection, risk management, and risk mitigation.
The CompTIA Security+ is a widely accepted security certification for IT Professionals to earn. It’s a good certification to be your first security certifications to help validate the skills you’ll need for a variety of job roles from Systems Administrator, Network Administrator, Security Administrator, as well as Junior IT Auditor and Penetration Tester job roles. This exam is also updated and renewed regularly by CompTIA to keep it up-to-date with the latest trends and techniques.
Certified Ethical Hacker (CEH) Certification from EC-Council
Hold up! There’s a Certified Hacker certification!?
Yes, but it is an Ethical Hacker certification, and it’s by no means an entry-level or security beginner certification. This certification will test your ability to demonstrate the application of ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, web app hacking, and more to solve a security audit challenge.
The EC-Council Certified Ethical Hacker (CEH) certification is the world’s first Ethical Hacking Industry Readiness Assessment that is 100% verified, online, live, and proctored. To be eligible to take the CEH exam (which is 6 hours long BTW!) you need to have at least 2 years experience working in InfoSec, or hold another industry equivalent certification; such as OSCP or GPEN certifications.
Which Security Certification Should I Obtain?
Deciding which Security certification can be a tough choice. The primary determining factor as to which Security certification you should pursue and achieve is to look at what your job role is and choose the certification that’s best tailored towards the job role you’re in or you want to get into. Also, you’ll want to look at your past experience and expertise levels to help you choose, so you can play off your strength areas to help make it easier to earn your next Security certification. Also, once you do obtain a Security certification, you could work to obtain and earn additional certifications to help steer your learning and expertise to help drive and achieve your individual career goals.
Below is a table that contains the different Security certifications with the matching job roles that each of the certification is geared towards. Keep in mind that the list of job roles for each certification is not a complete list, and was derived from the certification information available from each of the vendors. Keep in mind there may be specific roles missing and others that overlap multiple certifications.
|Security Certification||Targeted Job Roles|
|CompTIA Security+||IT Professional, Security Professional, Cybersecurity Professional, Systems Administrator, Network Administrator, Security Administrator|
|CompTIA PenTest+ (Penetration Tester)||Penetration Tester, Vulnerability Tester, Security Analyst, Vulnerability Assessment Analyst, Network Security Operations, Application Security Vulnerability|
|CompTIA CySA+ (Cybersecurity Analyst)||IT Security Analyst, Vulnerability Analyst, Threat Intelligence Analyst, Cybersecurity Analyst, Security Operations Center (SOC) Analyst, Cybersecurity Specialist, Security Engineer|
|CompTIA CSP||Security Architect, Technical Lead Analyst, Application Security Engineer, Security Engineer|
|(ISC)2 Certified Cloud Security Professional (CCSP)||Enterprise Architect, Security Administrator, Systems Engineer, Security Architect, Security Consultant, Security Engineer, Security Manager, Systems Architect|
|(ISC)2 Certified Secure Software Lifecycle Professional (CSSLP)||Software Architect, Software Engineer, Software Developer, Application Security Specialist, Software Program Manager, Quality Assurance Tester, Penetration Tester, Software Procurement Analyst, Project Manager, Security Manager, IT Director / Manager|
|ISACA Certified Information Security Manager (CISM)||Information Security Manager, Aspiring Information Security Manager, Chief Information Officer (CIO), Risk Management Professional, IS / IT Consultant, Enterprise Leadership|
|ISACA Certified Information Systems Auditor (CISA)||IS / IT Auditor, IS / IT Consultant, IS / IT Audit Manager, Security Professional, Information Security Professional, Governance Professional, Enterprise Leadership|
|EC-Council Certified Network Defender (CND)||Network Administrator, Network Security Administrator, Network Security Engineer, Network Defense Technician, CND Analyst, Security Analyst, Security Operator, Network Operator|
|EC-Council Certified Ethical Hacker (CEH)||Ethical Hacker, Security Officer, Security Professional, Security Auditor, Site Administrator|
|EC-Council Certified Security Analyst (ECSA)||Ethical Hacker, Penetration Testers, Network Server Administrator, Firewall Administrator, Security Tester, System Administrator, Risk Assessment Professional, EC-Council Licensed Penetration Tester (LPT)|
|Microsoft Certified: Azure Security Engineer||Security Engineer, Cloud Administrator, System Administrator|
|Microsoft MTA: Security Fundamentals (98-367)||Server Administrator, Network Administrator, System Administrator|
|Offensive Security Certified Professional (OSCP)||Security Professional|
|GIAC Penetration Tester (GPEN)||Penetration Tester, Security Professional, Network Administrator|
You’ll notice that there may be some overlap in job roles so there’s still a bit of flexibility into which certification you’ll want to pursue and earn based on your unique experience, expertise and future goals.
While it would take quite a lot to dig into the specifics of each of these certifications and how some from specific vendors complement and build on each other, this article should have given you an idea into what Security certifications are available, and which one (or more than one) you’ll be researching to obtain and level up your Security career with.
Upgrade / Up-Level Paths
Some of the certifications, like those from EC-Council and CompTIA, offer additional exams that can be passed to move from your first certification to more advanced certifications. This enables you to grow your learning and credentials further in a way that may grow your certifications as you grow within your career.
CompTIA Certification Upgrade Path
CompTIA has designed their certifications to offer a guided pathway to a Cybersecurity career. Their pathway begins with the fundamental certifications, even before passing the Security+, that starts with the IT Fundamentals, A+, and Network+ certifications before earning the Security+ certification. These provide the “Core” skills certifications, that can then be built upon at an “Intermediate” level towards either a Penetration Tester (PenTest+) or Cybersecurity Analyst (CySA+) specialty. Then at the “Advanced” level of the pathway is to get certified with the CompTIA Advanced Security Practitioner (CASP) certification.
EC-Counsil Certification Upgrade Path
EC-Council also has a pathway of certification too. Instead of starting with a “security entry-level” certification, EC-Council starts with much more advanced certifications with the Certified Network Defender (CND) and Certified Ethical Hacker (CEH). These certifications are going to be much more difficult to earn than the CompTIA Security+. In fact, you may want / need to earn the CompTIA Security+ certification as part of your certification path towards earning the CND or CEH certification. After you earn the “core” Certified Ethical Hacker (CEH) certification, then you can “upgrade” to the Certified Security Analyst (ECSA) certification. Then as your certification career progresses you can upgrade to the “expert” level with the Licensed Penetration Tester (LPT) Master certification from EC-Council.
I know there are a few more Security certifications, as if you follow some of the links in this article you may discover a few more obscure certifications. The security certifications list in this article are the more popular and well known certifications that should help bolster your resume and prove you have the security skills necessary.
There are actually a few security / cybersecurity certifications available. Each one has a different level of difficulty and targets a slightly different audience. There are security certifications for beginner, intermediate, and advanced levels; from certifications like Security+ to the Certified Ethical Hacker and beyond. Hopefully this list helps point you in the direction of which security certification you’re looking to achieve to help you land that next cybersecurity job, or even get started in the security field.
Happy and secure studying!
P.S. If you know of a Security or Cybersecurity certification that wasn’t listed here. please post it in the comments. Also, if you’re looking to get certified in IT Security / Cybersecurity, please post a comment about what certification you’re studying for.