The 14 Most worthy cybersecurity certifications

If CRISC and CISA symbolize specialty certifications for the midcareer analyst, CISSP is a generalist cert, a logical development from Safety+ for somebody who’s been round for some time. Superior-level analysts all in favour of getting CISSP licensed might want to know all of the ins and outs of security and threat administration, asset security, operations, security evaluation and testing, and extra. Supplied by ISC2, the CISSP certification requires 5 years of full-time expertise in not less than two of its eight domains. The examination is adaptive, starting from 100 to 150 questions, together with multiple-choice and drag-and-drop codecs. Candidates who cross at 100 questions have demonstrated mastery throughout all domains.

Examination price: US$749

Coaching charges: US$248.75, on-line self-paced coaching; US$720, on-line instructor-led bootcamp; and learners can inquire for pricing particulars on instructor-led classroom coaching

Why it’s on our record: In the event you’re searching for a job, incomes a CISSP may also help you stand out. With over 70,082 job postings explicitly in search of this certification and a median wage of $168,060, it ranks as essentially the most in-demand security credential and is often highlighted on business lists.

“The certification I get questions on essentially the most is the CISSP,” says Tim Bandos, CISO at Digital Guardian. “I do consider this certification is a sizzling one, given its popularity within the cybersecurity business.” Past its profession advantages, CISSP boasts a robust skilled community of 91,765 licensed professionals. It offers a broad basis in cybersecurity, and professionals can additional specialize throughout the ISC2 ecosystem by way of certifications such because the CCSP for cloud security.

For extra, see “CISSP certification: Necessities, coaching, examination, and price.”

CRISC certification facilities on threat evaluation and administration. Candidates must know tips on how to stability the probability of a threat taking place in opposition to the potential harm that will ensue if it does. Total, the purpose is to assist perceive a company’s tolerance for threat, categorize it, and quantify it. As ISACA, the group that provides the cert, places it, you’ll be aiming for a profession the place you “construct a well-defined, agile risk-management program, primarily based on finest practices to determine, analyze, consider, assess, prioritize and reply to dangers.” That is an space of security evaluation that provides a promotion path to the highest of the org chart — nevertheless it’s not for learners, as CRISC requires three years of expertise throughout two of 4 domains. The examination options 150 multiple-choice questions, testing IT threat administration and management implementation expertise.

Examination price: $50 utility price, $575 (ISACA members) / $760 (non-members)

Coaching price: ISACA gives 4 sources: on-line evaluation course, US$895; annual subscription to query financial institution, US$399; print or digital evaluation handbook, US$139; reductions accessible for ISACA members

Why it’s on our record: CRISC is essentially the most cited certification centered explicitly on IT threat administration and mitigation. Usually pursued after CISA, CRISC instructions the very best common wage amongst ISACA certifications at $165,890 and a median pay premium of 10%. With a robust group of 30,000 licensed professionals, it’s a best choice for these specializing in threat and management.

For extra, see “CRISC certification: Examination, necessities, coaching, potential wage.”

Cisco gives a Cisco Licensed Community Skilled (CCNP) Safety certification that focuses on security ideas and structure, person and system security, community security, assurance, and cloud utility administration. Whereas there aren’t any stipulations for the CCNP, in Cisco’s leveling professional-level certifications equivalent to this one are supposed to construct on associate-level certifications. Cisco advises that almost all candidates within the certification have between three to 5 years of expertise in community security. By demonstrating experience with this credential, graduates can reach quite a few roles, together with security engineer, security analyst, and community security engineer. This certification is legitimate for 3 years and will be renewed by retaking the examination earlier than its expiration or by taking persevering with training credit.

Coaching charges: Professionals can avail of instructor-led coaching from Cisco and accredited companions (costs range), or a US$6,000 annual subscription to Cisco U All Entry, which offers studying pathways for professional-level certifications.

Examination charges: Professionals should take a core examination for US$400, plus one in all seven exams for a focus space for US$300.

Why it’s on our record: As with AWS in cloud computing, Cisco is the undisputed chief in laptop networking, holding a good better market share at 76%. For security professionals in search of a vendor-specific certification in networking, Cisco certifications open doorways. Moreover, Cisco gives a progressive studying curve: Professionals can begin with an associate-level certification, such because the Cisco Licensed Community Affiliate (CCNA) — which has a simple pass-or-fail examination — earlier than advancing to the CCNP. Professionals with the CCNP earn a powerful common wage of $168,159.

CompTIA’s Superior Safety Practitioner, which is being rebranded SecurityX, spans 4 domains: security structure, operations, engineering and cryptography, and governance, threat, and compliance. This system is good for superior cybersecurity professionals, equivalent to senior security engineers or architects who want to progress towards higher lateral or vertical alternatives, together with CISO. The present 165-minute examination, set to run out on CASP’s rebranding to SecurityX, consists of 90 multiple-choice and performance-based questions. Certificates holders should renew each three years with 75 persevering with training models (CEUs) from CompTIA’s Persevering with Schooling program. The certification carries a big business cache: It was developed in partnership with Goal, GDIT, RICOH, and ExxonMobil and is accredited by the Division of Protection to fulfill 8140.03M necessities. Whereas there aren’t any enforced stipulations, CompTIA recommends 10 years of IT expertise, with not less than 5 years in security.

Examination and coaching charges: US$509, examination; US$955, examination, research information, examination apply, and retake; US$1,485, examination, research information, examination apply, retake, and on-demand content material and hands-on lab coaching

Why it’s on our record: CASP+ recommends a number of certifications as prior expertise, together with Safety+. Professionals can use Safety+ as a stepping stone to CASP+, incomes two blue-chip certifications in succession. Amongst CompTIA’s most revered credentials, CASP+ ranked because the second most often cited after Safety+, highlighting its robust business recognition.

The CompTIA Safety+ certification teaches threat evaluation and automation throughout 5 domains: security ideas, operations, structure, program administration, and threats, vulnerabilities, and mitigations. Quite a few enterprises have contributed to the event of Safety+, together with Microsoft, Deloitte, and Zoom. The Safety+ cert opens up different alternatives, together with community security analyst, penetration tester, and security architect. The 90-minute examination consists of a most of 90 multiple-choice and performance-based questions; candidates should rating 750 on a scale of 900. Certificates holders should renew the cert by taking 50 CEUs by way of CompTIA’s Persevering with Schooling program inside three years. Word: CompTIA will doubtless retire the examination by 2026.

Coaching and examination charges: US$404, examination; US$581, examination, retake, research information; US$1,111, examination, retake, research information, hands-on lab coaching, examination prep, e-learning

Why it’s on our record: CompTIA Safety+ is a extremely revered cert, tying with ISACA’s CISM for essentially the most mentions on business lists. With 63,260 job postings explicitly in search of Safety+ as a qualification and a big alumni base of 265,992 licensed professionals — akin to a big college — it offers robust job demand and a built-in skilled community for profession progress.

The GIAC Safety Necessities certification gives a curriculum akin to CompTIA Safety+. Subjects coated embrace every part from cryptography and the cloud to incident dealing with and endpoint security. GSEC is suited to security directors, forensic analysts, and penetration testers who’ve an IT background however must validate their information as a practitioner. Candidates should rating 73% or extra on the four-hour, 106-question examination, which will be administered with a proctor on-line or onsite. Professionals should take the 36 persevering with skilled training credit inside 4 years to resume GSEC, a regular constant for all GIAC certs.

Coaching charges: On-demand and in-person choices priced at native charges

Examination charges: US$999; retakes, US$899

To earn the OffSec Licensed Skilled certification, candidates should full the affiliated course, Penetration Testing with Kali Linux, and cross the next examination. The course covers 10 modules, together with data gathering, vulnerability scanning, client-side assaults, and fixing exploits. Certificates holders could have proven mastery of penetration testing methodologies ultimate for brand new roles, equivalent to moral hacker, incident responder, or menace hunter. The OSCP examination is hands-on; test-takers should compromise methods inside a lab setting.

OffSec doesn’t implement stipulations however recommends candidates be conversant in TCP/IP networking, scripting in Bash and Python, and Linux and Home windows, which they’ll study by way of its Community Penetration Testing Necessities Studying Path.

Coaching and examination charges: US$1,749, Kali Linux course plus examination

Why it’s on the record: After the C|EH, OSCP+ was the second most often cited OffSec certification on business lists. As of Nov. 1, 2024, OSCP was rebranded to OSCP+ to mirror a extra rigorous examination format. The brand new 24-hour hands-on evaluation requires candidates to use a vulnerability in a lab setting, adopted by a further 24 hours to submit a complete penetration testing report. The examination additionally now contains an up to date Energetic Listing (AD) part with an assumed compromise state of affairs. Penetration Testing with Kali Linux can also be beneficial preparation for PEN-300: Superior Evasion Methods and Breaching Defenses — one in all three programs required for the Offensive Safety Licensed Knowledgeable (OSCE) certification, which gives a median pay premium of 11%.

The ISC(2) SSCP certification covers seven domains: security ideas, entry management, incident response, cryptography, community security, methods and utility security, and threat identification, monitoring, and evaluation. It’s ultimate for numerous professionals, together with security analysts, methods engineers, community analysts, database directors, and security consultants. The three-hour examination consists of 125 multiple-choice questions; candidates should earn 700 out of 1,000 factors to cross and bear a course of validating their skilled expertise. Those that earn the SSCP should abide by ISC(2) ‘s code of ethics and pay an annual upkeep price that helps the group and its initiatives, together with its members-only community of cybersecurity execs.

To qualify, the SSCP requires one 12 months of expertise. These with out the expertise requirement can bypass it with a related undergraduate or graduate diploma in laptop science or a associated topic.

Coaching charges: Free, examination define, flashcards, a apply quiz, and a research app; US$90 for 90-day entry to on-demand coaching

Examination price: Varies by nation (US$249 for candidates in North and South America)

Why it’s on our record: SSCP is usually featured on business lists and is a robust basis for these pursuing CISSP or CCSP.