Examination charge: US$575, members; US$760, non-members
Why it’s on our listing: CISA is a extremely regarded certification with robust trade recognition. It seems steadily on trade lists, and 45,775 job postings explicitly search candidates with this credential. With over 151,000 licensed professionals, CISA gives an enormous networking pool of auditors and safety specialists and an common wage of $155,362.
Licensed Info Methods Safety Skilled (CISSP)
If CRISC and CISA symbolize specialty certifications for the midcareer analyst, CISSP is a generalist cert, a logical development from Safety+ for somebody who’s been round for some time. Superior-level analysts serious about getting CISSP licensed might want to know all of the ins and outs of safety and danger administration, asset safety, operations, safety evaluation and testing, and extra. Supplied by ISC2, the CISSP certification requires 5 years of full-time expertise in at the very least two of its eight domains. The examination is adaptive, starting from 100 to 150 questions, together with multiple-choice and drag-and-drop codecs. Candidates who move at 100 questions have demonstrated mastery throughout all domains.
Examination charge: US$749
Coaching charges: US$248.75, on-line self-paced coaching; US$720, on-line instructor-led bootcamp; and learners can inquire for pricing particulars on instructor-led classroom coaching
Why it’s on our listing: Should you’re in search of a job, incomes a CISSP can assist you stand out. With over 70,082 job postings explicitly looking for this certification and an common wage of $168,060, it ranks as probably the most in-demand safety credential and is steadily highlighted on trade lists.
“The certification I get questions on probably the most is the CISSP,” says Tim Bandos, CISO at Digital Guardian. “I do consider this certification is a scorching one, given its repute within the cybersecurity trade.” Past its profession advantages, CISSP boasts a powerful skilled community of 91,765 licensed professionals. It supplies a broad basis in cybersecurity, and professionals can additional specialize throughout the ISC2 ecosystem by means of certifications such because the CCSP for cloud safety.
For extra, see “CISSP certification: Necessities, coaching, examination, and value.”
Licensed in Danger and Info Methods Management (CRISC)
CRISC certification facilities on danger evaluation and administration. Candidates must know the best way to steadiness the chance of a danger occurring in opposition to the potential harm that may ensue if it does. Total, the purpose is to assist perceive a company’s tolerance for danger, categorize it, and quantify it. As ISACA, the group that gives the cert, places it, you’ll be aiming for a profession the place you “construct a well-defined, agile risk-management program, based mostly on greatest practices to establish, analyze, consider, assess, prioritize and reply to dangers.” That is an space of safety evaluation that gives a promotion path to the highest of the org chart — however it’s not for freshmen, as CRISC requires three years of expertise throughout two of 4 domains. The examination options 150 multiple-choice questions, testing IT danger administration and management implementation abilities.
Examination charge: $50 software charge, $575 (ISACA members) / $760 (non-members)
Coaching charge: ISACA gives 4 sources: on-line overview course, US$895; annual subscription to query financial institution, US$399; print or digital overview handbook, US$139; reductions accessible for ISACA members
Why it’s on our listing: CRISC is probably the most cited certification centered explicitly on IT danger administration and mitigation. Usually pursued after CISA, CRISC instructions the very best common wage amongst ISACA certifications at $165,890 and an common pay premium of 10%. With a powerful group of 30,000 licensed professionals, it’s a best choice for these specializing in danger and management.
For extra, see “CRISC certification: Examination, necessities, coaching, potential wage.”
Cisco Licensed Community Skilled (CCNP) Safety
Cisco gives a Cisco Licensed Community Skilled (CCNP) Safety certification that focuses on safety ideas and structure, person and system safety, community safety, assurance, and cloud software administration. Whereas there aren’t any stipulations for the CCNP, in Cisco’s leveling professional-level certifications akin to this one are supposed to construct on associate-level certifications. Cisco advises that the majority candidates within the certification have between three to 5 years of expertise in community safety. By demonstrating experience with this credential, graduates can achieve quite a few roles, together with safety engineer, safety analyst, and community safety engineer. This certification is legitimate for 3 years and may be renewed by retaking the examination earlier than its expiration or by taking persevering with schooling credit.
Coaching charges: Professionals can avail of instructor-led coaching from Cisco and accredited companions (costs differ), or a US$6,000 annual subscription to Cisco U All Entry, which supplies studying pathways for professional-level certifications.
Examination charges: Professionals should take a core examination for US$400, plus one in all seven exams for a focus space for US$300.
Why it’s on our listing: As with AWS in cloud computing, Cisco is the undisputed chief in laptop networking, holding a fair better market share at 76%. For safety professionals looking for a vendor-specific certification in networking, Cisco certifications open doorways. Moreover, Cisco gives a progressive studying curve: Professionals can begin with an associate-level certification, such because the Cisco Licensed Community Affiliate (CCNA) — which has an easy pass-or-fail examination — earlier than advancing to the CCNP. Professionals with the CCNP earn a powerful common wage of $168,159.
CompTIA Superior Safety Practitioner (CASP+)
CompTIA’s Superior Safety Practitioner, which is being rebranded SecurityX, spans 4 domains: safety structure, operations, engineering and cryptography, and governance, danger, and compliance. This system is good for superior cybersecurity professionals, akin to senior safety engineers or architects who want to progress towards higher lateral or vertical alternatives, together with CISO. The present 165-minute examination, set to run out on CASP’s rebranding to SecurityX, consists of 90 multiple-choice and performance-based questions. Certificates holders should renew each three years with 75 persevering with schooling models (CEUs) from CompTIA’s Persevering with Schooling program. The certification carries a major trade cache: It was developed in partnership with Goal, GDIT, RICOH, and ExxonMobil and is permitted by the Division of Protection to satisfy 8140.03M necessities. Whereas there aren’t any enforced stipulations, CompTIA recommends 10 years of IT expertise, with at the very least 5 years in safety.
Examination and coaching charges: US$509, examination; US$955, examination, examine information, examination apply, and retake; US$1,485, examination, examine information, examination apply, retake, and on-demand content material and hands-on lab coaching
Why it’s on our listing: CASP+ recommends a number of certifications as prior expertise, together with Safety+. Professionals can use Safety+ as a stepping stone to CASP+, incomes two blue-chip certifications in succession. Amongst CompTIA’s most revered credentials, CASP+ ranked because the second most steadily cited after Safety+, highlighting its robust trade recognition.
CompTIA Safety+
The CompTIA Safety+ certification teaches danger evaluation and automation throughout 5 domains: safety ideas, operations, structure, program administration, and threats, vulnerabilities, and mitigations. Quite a few enterprises have contributed to the event of Safety+, together with Microsoft, Deloitte, and Zoom. The Safety+ cert opens up diverse alternatives, together with community safety analyst, penetration tester, and safety architect. The 90-minute examination consists of a most of 90 multiple-choice and performance-based questions; candidates should rating 750 on a scale of 900. Certificates holders should renew the cert by taking 50 CEUs by means of CompTIA’s Persevering with Schooling program inside three years. Notice: CompTIA will possible retire the examination by 2026.
Coaching and examination charges: US$404, examination; US$581, examination, retake, examine information; US$1,111, examination, retake, examine information, hands-on lab coaching, examination prep, e-learning
Why it’s on our listing: CompTIA Safety+ is a extremely revered cert, tying with ISACA’s CISM for probably the most mentions on trade lists. With 63,260 job postings explicitly looking for Safety+ as a qualification and a big alumni base of 265,992 licensed professionals — akin to a big college — it supplies robust job demand and a built-in skilled community for profession development.
For extra, see “CompTIA Safety+: Conditions, aims, and value.”
GIAC Safety Necessities (GSEC)
The GIAC Safety Necessities certification gives a curriculum akin to CompTIA Safety+. Subjects lined embrace every part from cryptography and the cloud to incident dealing with and endpoint safety. GSEC is fitted to safety directors, forensic analysts, and penetration testers who’ve an IT background however must validate their information as a practitioner. Candidates should rating 73% or extra on the four-hour, 106-question examination, which may be administered with a proctor on-line or onsite. Professionals should take the 36 persevering with skilled schooling credit inside 4 years to resume GSEC, a normal constant for all GIAC certs.
Coaching charges: On-demand and in-person choices priced at native charges
Examination charges: US$999; retakes, US$899
Why it’s on our listing: GIAC is among the most revered certifying our bodies in cybersecurity, with 36,878 job listings explicitly looking for a World Info Assurance Certification (GIAC). Out of all GIAC certifications, the GSEC certification was probably the most steadily cited. As a practitioner certification within the GIAC ecosystem, GSEC supplies a powerful information base, making it a wonderful start line for a profitable cybersecurity profession. Whereas not an official prerequisite, GSEC can even present foundational information for GIAC Cloud Safety Automation (GCSA), GIAC Community Forensic Analyst (GNFA), and GIAC Reverse Engineering Malware (GREM), every of which gives an common pay premium of 10%.
Offensive Safety Licensed Skilled (OSCP+)
To earn the OffSec Licensed Skilled certification, candidates should full the affiliated course, Penetration Testing with Kali Linux, and move the following examination. The course covers 10 modules, together with info gathering, vulnerability scanning, client-side assaults, and fixing exploits. Certificates holders could have proven mastery of penetration testing methodologies superb for brand spanking new roles, akin to moral hacker, incident responder, or risk hunter. The OSCP examination is hands-on; test-takers should compromise techniques inside a lab setting.
OffSec doesn’t implement stipulations however recommends candidates be conversant in TCP/IP networking, scripting in Bash and Python, and Linux and Home windows, which they will be taught by means of its Community Penetration Testing Necessities Studying Path.
Coaching and examination charges: US$1,749, Kali Linux course plus examination
Why it’s on the listing: After the C|EH, OSCP+ was the second most steadily cited OffSec certification on trade lists. As of Nov. 1, 2024, OSCP was rebranded to OSCP+ to mirror a extra rigorous examination format. The brand new 24-hour hands-on evaluation requires candidates to take advantage of a vulnerability in a lab setting, adopted by an extra 24 hours to submit a complete penetration testing report. The examination additionally now consists of an up to date Lively Listing (AD) part with an assumed compromise state of affairs. Penetration Testing with Kali Linux can also be really helpful preparation for PEN-300: Superior Evasion Strategies and Breaching Defenses — one in all three programs required for the Offensive Safety Licensed Professional (OSCE) certification, which gives an common pay premium of 11%.
Methods Safety Licensed Practitioner (SSCP)
The ISC(2) SSCP certification covers seven domains: safety ideas, entry management, incident response, cryptography, community safety, techniques and software safety, and danger identification, monitoring, and evaluation. It’s superb for varied professionals, together with safety analysts, techniques engineers, community analysts, database directors, and safety consultants. The three-hour examination consists of 125 multiple-choice questions; candidates should earn 700 out of 1,000 factors to move and bear a course of validating their skilled expertise. Those that earn the SSCP should abide by ISC(2) ‘s code of ethics and pay an annual upkeep charge that helps the group and its initiatives, together with its members-only community of cybersecurity professionals.
To qualify, the SSCP requires one yr of expertise. These with out the expertise requirement can bypass it with a related undergraduate or graduate diploma in laptop science or a associated topic.
Coaching charges: Free, examination define, flashcards, a apply quiz, and a examine app; US$90 for 90-day entry to on-demand coaching
Examination charge: Varies by nation (US$249 for candidates in North and South America)
Why it’s on our listing: SSCP is commonly featured on trade lists and is a powerful basis for these pursuing CISSP or CCSP.
