If you’re looking to get certified in Cybersecurity, IT Security, or Computer Security, then you don’t have as many straight forward options as if you wanted to get certified with Windows or Linux; or even if you want to get certified with Microsoft Azure or Amazon AWS. Those certification paths are quite straight forward, as you can find certifications offered by the appropriate vendors. However, Security certification is a bit more niche. While there are a few options for getting certified in Security, it can be a bit confusing to navigate the landscape of what it offered. This article lists out the available Security certifications available in the industry, and will help clarify any questions you have in regards to deciding which is the most appropriate for you.
What Security Certifications are Available?
There are a few vendors that offer Security / Cybersecurity related certification. Here’s a list of the vendors and the certifications that they offer. Further down this article is a bit more detail that will help you in choosing which Security certifications most appropriate for you in your career path and job role.
- CompTIA Security+
- CompTIA PenTest+ (Penetration Tester)
- CompTIA CySA+ (Cybersecurity Analyst)
- CCSP: Certified Cloud Security Professional
- CSSLP: Certified Secure Software Lifecycle Professional
- CISM: Certified Information Security Manager
- CISA: Certified Information Systems Auditor
- CND: Certified Network Defender
- CEH: Certified Ethical Hacker
- ECSA: EC-Counsil Certified Security Analyst
- LPT: Licensed Penetration Tester
- MTA: Security Fundamentals (98-367)
- Offensive Security
- OSCP: Offensive Security Certified Professional
- GPEN: GIAC Penetration Tester
Keep reading below to find out more information that will help you decide what your first security certification should be, as well as what certifications to earn depending on your job role.
Choosing My First Security Certification
Some of the Cybersecurity / Security certifications listed above are pretty advanced, and not intended for those new to Computer Security. These would require some fundamentals and even a bit of experience before being able to earn, however, there are a couple that are geared specifically more towards the “Entry-Level” or those new to the Security space regardless if your background is in System Administrator or Software Development.
Here are a couple Security certifications that are more geared towards the “entry-level” candidate:
The CompTIA Security+ certification is will test, validate, and establish the core knowledge required for any cybersecurity job role, validates the baseline skills you need to perform core security functions, pursue an IT Security career, and provides a springboard to intermediate-level cybersecurity jobs. The Security+ certification incorporates best practices in hands-on trouble-shooting to ensure security professionals have practical security problem-solving skills. Those who have earned the CompTIA Security+ certification know how to address security incidents; not just how to identify them.
The CompTIA Security+ certification is a bit different than other IT Security certifications in the following ways:
- Security+ assesses baseline cybersecurity skills with performance-based questions. It emphasizes hands-on practical skills, and ensures that security professionals are better prepared to problem solve a wider variety of issues.
- More professionals choose Security+ to meet DoD 8570 compliance than any other certification
- Security+ focuses on the latest techniques and trends in threat management, intrusion detection, risk management, and risk mitigation.
The CompTIA Security+ is a widely accepted security certification for IT Professionals to earn. It’s a good certification to be your first security certifications to help validate the skills you’ll need for a variety of job roles from Systems Administrator, Network Administrator, Security Administrator, as well as Junior IT Auditor and Penetration Tester job roles. This exam is also updated and renewed regularly by CompTIA to keep it up-to-date with the latest trends and techniques.
Microsoft MTA: Security Fundamentals (exam 98-367)
The Microsoft MTA 98-367 certification exam titled “Security Fundamentals” is meant to be a stepping stone before earning one of the larger Microsoft MCSA (Microsoft Certified Solutions Associate) certifications. The “Security Fundamentals” exam is recommended for candidates that have some experience with Windows Server, Windows-based Networking, Active Directory, anti-malware products, firewalls, network topologies and devices, and network ports. This exam will test and validate fundamental security knowledge and skills as they pertain to Microsoft Windows Server technologies and networks.
The Security Fundamentals certification exam (98-367) from Microsoft was originally published in August 2010, and last updated in June 2016. Frankly, this exam is likely a bit outdated in comparison to some of the others. Additionally, this is a stand alone MTA (Microsoft Technical Associate) exam, where some of the security exams from other vendors have renewal and upgrade paths to help you grow and stay up-to-date in your career. As a result, you may not want to choose this specific exam unless you’re job role relates specifically to working with Windows Server and Windows 10 operating system and network security. For a Microsoft Windows professional, this exam may provide you the credentials you’re looking for to prove your skills or land your next job.
EC-Council Certified Ethical Hacker (CEH)
Hold up! There’s a Certified Hacker certification!?
Yes, but it is an Ethical Hacker certification, and it’s by no means an entry-level or security beginner certification. This certification will test your ability to demonstrate the application of ethical hacking techniques such as threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking, web app hacking, and more to solve a security audit challenge.
The EC-Council Certified Ethical Hacker (CEH) certification is the world’s first Ethical Hacking Industry Readiness Assessment that is 100% verified, online, live, and proctored. To be eligible to take the CEH exam (which is 6 hours long BTW!) you need to have at least 2 years experience working in InfoSec, or hold another industry equivalent certification; such as OSCP or GPEN certifications.
Which Security Certification Should I Obtain?
Deciding which Security certification can be a tough choice. The primary determining factor as to which Security certification you should pursue and achieve is to look at what your job role is and choose the certification that’s best tailored towards the job role you’re in or you want to get into. Also, you’ll want to look at your past experience and expertise levels to help you choose, so you can play off your strength areas to help make it easier to earn your next Security certification. Also, once you do obtain a Security certification, you could work to obtain and earn additional certifications to help steer your learning and expertise to help drive and achieve your individual career goals.
Below is a table that contains the different Security certifications with the matching job roles that each of the certification is geared towards. Keep in mind that the list of job roles for each certification is not a complete list, and was derived from the certification information available from each of the vendors. Keep in mind there may be specific roles missing and others that overlap multiple certifications.
|Security Certification||Targeted Job Roles|
|CompTIA Security+||IT Professional
|CompTIA PenTest+ (Penetration Tester)||Penetration Tester
Vulnerability Assessment Analyst
Network Security Operations
Application Security Vulnerability
|CompTIA CySA+ (Cybersecurity Analyst)||IT Security Analyst
Threat Intelligence Analyst
Security Operations Center (SOC) Analyst
|CompTIA CASP||Security Architect
Technical Lead Analyst
Application Security Engineer
|(ISC)2 Certified Cloud Security Professional (CCSP)||Enterprise Architect
|(ISC)2 Certified Secure Software Lifecycle Professional (CSSLP)||Software Architect
Application Security Specialist
Software Program Manager
Quality Assurance Tester
Software Procurement Analyst
IT Director / Manager
|ISACA Certified Information Security Manager (CISM)||Information Security Manager
Aspiring Information Security Manager
Chief Information Officer (CIO)
Risk Management Professional
IS / IT Consultant
|ISACA Certified Information Systems Auditor (CISA)||IS / IT Auditor
IS / IT Consultant
IS / IT Audit Manager
Information Security Professional
|EC-Council Certified Network Defender (CND)||Network Administrator
Network Security Administrator
Network Security Engineer
Network Defense Technician
|EC-Council Certified Ethical Hacker (CEH)||Ethical Hacker
|EC-Council Certified Security Analyst (ECSA)||Ethical Hackers
Network Server Administrators
Risk Assessment Professional
|EC-Council Licensed Penetration Tester (LPT)||Ethical Hacker
Network Server Administrator
Risk Assessment Professional
|Microsoft MTA: Security Fundamentals (98-367)||Server Administrator
|Offensive Security Certified Professional (OSCP)||Security Professional|
|GIAC Penetration Tester (GPEN)||Penetration Tester
You’ll notice that there may be some overlap in job roles so there’s still a bit of flexibility into which certification you’ll want to pursue and earn based on your unique experience, expertise and future goals.
While it would take quite a lot to dig into the specifics of each of these certifications and how some from specific vendors complement and build on each other, this article should have given you an idea into what Security certifications are available, and which one (or more than one) you’ll be researching to obtain and level up your Security career with.
Upgrade / Up-Level Paths
Some of the certifications, like those from EC-Council and CompTIA, offer additional exams that can be passed to move from your first certification to more advanced certifications. This enables you to grow your learning and credentials further in a way that may grow your certifications as you grow within your career.
CompTIA Certification Upgrade Path
CompTIA has designed their certifications to offer a guided pathway to a Cybersecurity career. Their pathway begins with the fundamental certifications, even before passing the Security+, that starts with the IT Fundamentals, A+, and Network+ certifications before earning the Security+ certification. These provide the “Core” skills certifications, that can then be built upon at an “Intermediate” level towards either a Penetration Tester (PenTest+) or Cybersecurity Analyst (CySA+) specialty. Then at the “Advanced” level of the pathway is to get certified with the CompTIA Advanced Security Practitioner (CASP) certification.
EC-Counsil Certification Upgrade Path
EC-Council also has a pathway of certification too. Instead of starting with a “security entry-level” certification, EC-Council starts with much more advanced certifications with the Certified Network Defender (CND) and Certified Ethical Hacker (CEH). These certifications are going to be much more difficult to earn than the CompTIA Security+. In fact, you may want / need to earn the CompTIA Security+ certification as part of your certification path towards earning the CND or CEH certification. After you earn the “core” Certified Ethical Hacker (CEH) certification, then you can “upgrade” to the Certified Security Analyst (ECSA) certification. Then as your certification career progresses you can upgrade to the “expert” level with the Licensed Penetration Tester (LPT) Master certification from EC-Council.
I know there are a few more Security certifications, as if you follow some of the links in this article you may discover a few more obscure certifications. The security certifications list in this article are the more popular and well known certifications that should help bolster your resume and prove you have the security skills necessary.
Happy and secure studying!