Six Hot Cybersecurity Certifications for 2018
As the number of security breaches increases, protecting systems and data has become priority number one for organizations worldwide, and the demand for skilled security professionals continues to climb. While experience is the most important qualification for potential hires, certification is another excellent way of demonstrating expertise. Earning a certification also indicates commitment to quality and currency.
Of the variety of security certifications available, the six listed below address key information security areas and are currently popular among IT professionals serious about cybersecurity careers.
CompTIA Security+ is a vendor-neutral, entry-level security credential, which demonstrates knowledge and skills in threat management, network security, identity management, access control, cryptography, compliance, and operational, data and systems security. This certification also has coveted U.S. Department of Defense approval for meeting Directive 8570.01-M requirements.
Though there are no specific prerequisites, CompTIA recommends a minimum of two years of work experience in IT administration, with an emphasis on security, and their Network+ certification. Candidates need to pass a 90-minute exam comprising 90 questions with a passing score of 750.
Certifications earned after 2010 need to be renewed every three years by passing the latest Security+ exam, a more advanced CompTIA exam or earn 50 Continuing Education Units (CEUs). Self-study options include a comprehensive study guide, computer-based training, and the CertMaster online training tool.
GIAC Security Essentials (GSEC)
The GSEC credential is another entry-level certification, this one from the SANS Institute. It demonstrates knowledge of cybersecurity terminology and concepts as well as applied skills to perform functions in IT security roles, including access control, password management, incident identification and prevention, cryptography, authentication, network mapping and protocols, DNS, Linux, viruses, and incident response.
To earn this certification, you need to pass one proctored five-hour exam comprising 180 questions. Although no specific prerequisites are laid down, training is recommended. Exam preparation options include SANS as well as third-party training and exam guides. The SANS course includes the cost of the exam.
The GSEC credential is valid for four years. Renewal requires earning 36 Continuing Professional Experience (CPEs) credits and payment of a certification maintenance fee.
Certified Ethical Hacker (CEH)
The CEH, an intermediate-level certification from the EC-Council, is currently quite popular among IT professionals looking to specialize in ethical hacking. One way of protecting information systems is to know how hackers think and work and aim to stop them in their tracks. Ethical hackers, or White Hats, need to be in on hackers' latest techniques and continuously hone their skills to be able to pre-empt their moves.
The CEH validates knowledge and expertise in a wide array of areas including hacking laws, system hacking, footprinting, network scanning, Trojans, viruses, honeypots, google hacking, social engineering, phishing, email hacking, sniffers, DoS attacks, session hijacking, penetration testing, hacking web servers and applications, vulnerabilities in wireless networks, cryptography, password cracking, firewalls, and SQL injection.
Candidates need to pass a four-hour exam comprising 125 multiple-choice questions. Prerequisites for the exam include formal training recommended by CEH or at least two years of work experience and education in information security, a $100 non-refundable fee and eligibility form requirements for the exam.The eligibility form and the $100 fee can be bypassed if you participate in official training with an authorized EC-Council training partner.
Self-study materials and a skills assessment tool are available at ECCouncil.org.
Certified Information Systems Security Professional (CISSP)
This globally-recognized vendor-neutral certification from (ISC)2 validates advanced knowledge and skills in the direction, development and management of organizational security policies and procedures. CISSP is an advanced credential intended for experienced IT security professionals. Recognized by organizations in many countries, the CISSP takes several years and serious effort to achieve, but is considered well worth it. Concentrations in architecture, engineering, and management are also available to those who hold a valid CISSP.
Up until this year, anyone hoping to earn the CISSP was required to pass a grueling six-hour exam with 250 multiple choice questions. That's still the case if you're taking the exam in a language other than English. English-language examinees, however, now face a shorter exam — just three hours — that's arguably more challenging, on account of (ISC)2's introduction of Computerized Adaptive Testing. You can visit the (ISC)2 website for more information about the change.
CISSPs must also have a minimum of five years of full-time employment in at least two of the eight (ISC)2 domains, in addition to a college degree or approved certification. And there's a separate exam for each of the three CISSP concentrations.Training materials include instructor-led programs, on-demand and online video training, private courses, study guides, practice tests, and interactive flashcards.
To retain validity, CISSP holders need to pay an annual fee and recertify every 3 years. Recertification requires earning 40 Continuing Professional Education (CPE) credits each year, totalling 120 CPEs in a three-year period.
Certified Information Security Manager (CISM)
CISM is an advanced credential sponsored by the Information Systems Audit and Control Association (ISACA) for information security managers and experienced IT management professionals. It is designed for managers entrusted with the responsibility of managing the security of enterprise-level information systems. This credential seeks to enhance knowledge of development, administration and management of enterprise IT security and organizational security best practices.
CISM demonstrates advanced knowledge and expertise in IT security risk management, incident response, governance, and overall systems and data security management.
Certifying as a CISM requires passing the CISM exam, agreeing to the ISACA Code of Professional Ethics, at least five years of experience working full-time with information systems security, of which a minimum of three years should be in managing information security in three or more of the specified job practice areas. Work experience must be earned within 10 years prior to application and not before or no later than five years after passing the exam. ISACA does permit exemptions based on a candidate's valid credentials, but it remains mandatory to obtain the certification within five years of passing the exam and agree to the CISM Continuing Education policy.
Self-study materials include the ISACA journal, study and training materials in different languages, an exam prep community, courses and other options.
Certified Cloud Security Professional (CCSP)
Cloud security is becoming increasingly important as more organizations migrate to the cloud. It's no wonder there's a growing demand for professionals with proven cloud security skills. CCSP is an advanced globally-recognized vendor-neutral credential from (ISC)2 and Cloud Security Alliance, which validates advanced knowledge of and practical experience with cloud security architecture, design, platform, application and data security, operations, compliance and legality.
To achieve the CCSP credential, you need to have at least five years of full-time employment in IT, of which three of those years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK), pass a four-hour exam comprising 125 questions with a scaled score of 700 or more, subscribe to the (ISC)2 Code of Ethics, and have your application endorsed by an (ISC)2-certified professional who is an active member and able to confirm your work experience. It is mandatory to subscribe to the Code of Ethics and have your application endorsed within nine months of taking the exam. A valid CISSP credential is a substitute for the experience component.
Exam preparation options include training courses and self-study materials, such as the Official (ISC)2 CCSP Study Guide, Official CCSP Study App, interactive flash cards and exam outline.
To maintain the CCSP, you need to earn and post at least 30 CPE credits each year before the annual anniversary date of your certification, abide by the Code of Ethics, and pay the annual maintenance fee.