Cybersecurity continues to grow in importance and offer stellar career development opportunities. Vendor-agnostic cybersecurity certificates issued by industry associations provide the most widely recognized, important, and required certifications for both beginning and established cybersecurity professionals.
The top 10 cybersecurity certificates listed for cybersecurity positions, as of January 2022, are:
While other cybersecurity certificates may not be as broadly recognized, specific certificates may be useful to obtain specific jobs. For example, if a job description notes that the position needs to use Exabeam, LogRhythm, or Carbon Black, holding a certificate in the tool may provide an edge. However, it is also quite common to obtain these certificates during employment as on-the-job training.
Also note that non-cybersecurity certifications may also be useful for employment. For example, networking and IT certificates, such as the CompTIA Network+ certification or the ITIL certification, can often be found listed on cybersecurity jobs.
Here are the top cybersecurity certifications — grouped by the issuing organization:
See more: The Cybersecurity Job Market
Formerly known as the Information Systems Audit and Control Association, ISACA certifies a broad range of IT professionals. Two of the top 10 certificates can be earned through ISACA, but they offer many other certificate options as well.
The certificate exams cost $760 for non-members and ISACA members pay only $575. Exams run four hours for 150 multiple-choice questions and can be taken remotely or in-person at 1,300 PSI locations worldwide.
Certified Information Systems Auditor (CISA)
The CISA certificate (No. 1) helps professionals with five years of technical job experience to demonstrate their mastery in assessing IT systems for vulnerabilities, implementing mitigating controls, and reporting on compliance. An IT-relevant degree can be used to offset up to three years of experience.
To earn a CISA certificate, candidates must verify competence in:
- Information system auditing processes
- Governance and management of IT
- Information systems acquisition development and implementation
- Information systems operation and business resilience
- Protection of information assets
For an ISACA CISA Exam Test check out this course!
Certified Information Security Manager (CISM)
The CISM certificate (No. 3) is for more advanced IT security managers with five years of experience or three years of experience with a relevant degree. To earn the CISM certificate, candidates must demonstrate knowledge in:
- Information system governance
- Information risk management
- Information security program development and management
- Information security incident management
For preparation on the CISM Certification, check out this course!
The International Information System Security Certification Consortium (ISC)2 certifies cybersecurity professionals of various levels of experience and specialties. Two of the top 10 cybersecurity credentials are developed by (ISC)2 and can be taken at Pearson VUE testing facilities worldwide. Exams generally are three hours long and are primarily multiple-choice, but some more complex questions can be found in the CISSP test.
Certified Information Systems Security Professional (CISSP)
CISSP certification (No. 2) requires five years of paid work experience in two or more of the eight tested domains, but a four year college degree can satisfy one year of experience. The exam costs $749 and covers:
- Security and risk management
- Security architecture and engineering
- Security assessment and testing
- Security operations
- Software development security
Learn about cybersecurity, why it’s important and hot to pass the CISSP exam here.
Systems Security Certified Practitioner (SSCP)
SSCP certification (No. 9) requires one year of cumulative paid work in one or more of the seven tested domains, but a bachelor’s or master’s degree can also satisfy the requirement. Candidates that do not have the experience are allowed to pass the exam to become an Associate of (ISC)2 and then have two years to earn the experience to become a fully certificated member. The exam costs $249 to take and covers:
- Security operations and administration
- Risk identification, monitoring, and analysis
- Incident response and recovery
- Network and communications security
- Systems and application security
Check out this SSCP Practice test!
The International Council of Electronic Commerce Consultants (EC-Council) offers cybersecurity education, certification, training, and services. These certificates tend to be more advanced and require more prerequisites than other certifications.
Certified Ethical Hacker (CEH)
CEH certification (No. 4) requires applicants to attend official EC-Council network security training or have two years of paid IT security work experience. The basic CEH ANSI certificate is a multiple-choice exam that takes four hours, consists of 125 multiple-choice questions, and can be taken worldwide at ECC Exam and Pearson VUE centers.
One of the most expensive certificates, the work experience review, coursework (self-paced or guided), and exam cost between $1,700 and $5,000 depending upon the options selected. The exam covers the basic skills and tools needed to hack IT systems and applications including:
- Reconnaissance, sniffing, and scanning
- Vulnerability analysis
- Specific attack methods such as social engineering, session hijacking, and SQL injection
- Hacking specific platforms: Internet of Things (IoT), web servers, mobile platforms, and wireless networks
- Evading IDS, firewalls, and honeypots
Check out this recommendation for a Certified Ethical Hacker Practice Exams.
See more: 5 Top Trends in Cybersecurity Jobs
The Computing Technology Industry Association (CompTIA) provides a broad range of certificates from basic IT fundamentals to advanced IT certificates. Two of the top 10 cybersecurity certificates can be earned through CompTIA, whose certifications provide a vendor-neutral education and are recognized worldwide.
The Security+ certification (No. 5) indicates the practitioner holds the baseline skills needed to perform entry-level IT security functions. To take this exam, practitioners need to hold a Network+ certificate and have worked for two years in IT administration with a security focus.
The $381 test takes 90 minutes and will contain a maximum of 90 questions. The questions are a mix of multiple-choice and performance-based questions that create simulations or virtual environments with multiple possible responses and paths. The exam may be taken online or at Pearson VUE testing centers. The certification covers:
- Attacks, threats, and vulnerabilities
- Architecture, design, and implementation
- Operations and incident response
- Governance, risk, and compliance
CompTIA Security+ Complete course and exam here!
CompTIA Advanced Security Practitioner (CASP+)
CASP+ certification (No. 10) indicates that the individual holds advanced-level, hands-on cybersecurity skills in both IT security architecture and engineering. To take this exam, CompTIA requires 10 years of general IT experience with at least five years of hands-on security experience.
The $480 test takes 165 minutes and will contain a maximum of 90 questions. As with the Security+ exam, the questions are a mix of multiple-choice and performance-based questions. The exam may be taken online or at Pearson VUE testing centers. The certification covers:
- Security architecture
- Security operations
- Governance, risk, and compliance
- Security engineering and cryptography
Check out the Advanced Security Practitioner course.
The Global Information Assurance Certification (GIAC) develops exams to certify IT capabilities in the domains of offensive operations, cyber defense, cloud security, industrial control systems, digital forensics & incident response, and management legal & audit. The GIAC partners with the SANS institute to offer coursework to train certificate candidates for exams, and they offer two of the top 10 cybersecurity certificates.
GIAC Security Essentials (GSEC)
The GSEC certification (No. 6) verifies that candidates understand information security beyond simple concepts and that they qualify for hands-on IT security roles and tasks. The GSEC certificate does not have any prerequisite requirements other than a practical understanding of IT and cybersecurity basics.
The $2,499 exam consists of 106–180 questions and takes four to five hours to complete. The exam is online but must be proctored by ProctorU (remote) or Pearson VUE (in-person). A $7,640 in-person, on-demand, or live online training course is available through SANS that covers the certification topics which include:
- Malicious code and exploit mitigation
- Cloud fundamentals, virtualization, containers, and security
- Cryptography basics, algorithms, application, and deployment
- Active defense, defense in-depth, defensible network architecture, and incident response
- Linux, MacOS, and Windows security
GIAC Certified Incident Handler (GCIH)
The GCIH certification (No. 7) indicates that practitioners understand common attack techniques, tools, and defenses and can manage security incidents. The GCIH certificate does not have any prerequisite requirements other than a strong understanding of IT and cybersecurity.
The $2,499 exam consists of 106 questions and takes four hours to complete. The exam is delivered online through GIAC’s CyberLive virtual machine environment but must be proctored by ProctorU (remote) or Pearson VUE (in-person). A $7,640 in person, on-demand, or live online training course is available through SANS that covers:
- Incident handling
- Computer crime investigation
- Computer and network hacker exploits
- Hacker tools
GSEC GIAC Security Essentials Certifications Exam Guide can be found here!
Offensive Security Certificates
Offensive Security, creators of open-source projects such as Kali Linux and ExploitDB, also offer courses and certificates related to penetration testing, web application, exploit development, and security operations. The curriculum ranges from beginner to expert levels.
Offensive Security Certified Professional (OSCP)
The OSCP certificate (No. 8) can only be earned by registering for the PEN-200 course, which requires candidates to know basics for Linux, programming, and IT. The cost varies depending upon the length of the course and ranges between $999 (self-guided course with 30 days of lab access) and $6,500 (13 week customized course with 90 days of lab access and one-on-one mentoring).
The 24-hour proctored exam may be taken online and covers topics such as:
- Penetration testing and attack techniques
- Linux and Windows exploits
- Vulnerability scanning and exploits
- Penetration test breakdown and the Metasploit framework
- Antivirus evasion and privilege escalation