Copyright: 123rf/MARIUSZ PRUSACZYK
The U.S. Labor Department’s Bureau of Labor Statistics has predicted that the job market for information-security analysts, including cybersecurity professionals, is set to grow 36.5 percent by 2022, with 27,400 jobs being added. Security and IT professionals are in high demand and will continue to be in the foreseeable future, and employers will be looking for certifications as a measure of excellence and commitment to quality. If you are looking to pursue a career in information security, or you are already a part of the industry and hoping to make yourself more marketable, here are 5 information security certifications considered to be leaders in the infosec industry today.
5 information security training options:
CompTIA Security+
With more than 250,000 credential holders, CompTIA’s Security+ is a well- respected, vendor-neutral security certification. Security+ certification holders are recognized as possessing superior technical skills, broad knowledge and expertise in multiple security-related disciplines. As a benchmark for best practices in IT security, this certification covers the essential principles for network security and risk management.
How to get there:
This certification is an entry-level certification, but successful candidates should possess at least 2 years of experience working in the area of network security and should consider first obtaining the Network+ certification. The Security+ credential requires a single exam, currently priced at $311. This certification must be renewed every three years to stay current by passing the most current Security+ exam, passing a higher-level CompTIA exam or completing 50 continuing education units (CEUs) prior to the expiration of the 3-year period.
Certified Ethical Hacker
The Certified Ethical Hacking training course will benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. This intermediate-level credential is a must-have for IT professionals pursuing careers in ethical hacking. CEH credential holders will possess skills and knowledge on hacking practices in areas such as footprinting and reconnaissance, scanning networks, enumeration, system hacking, Trojans, worms and viruses, session hijacking, hacking web servers, wireless networks and web applications, SQL injection, cryptography, penetration testing, evading IDS, firewalls and much more. “To beat a hacker, you need to think like a hacker,” and this course puts professionals into the Hacker Mindset in order to defend against future attacks.
How to get there:
Professionals looking to acquire the CEH certification must pass an examination priced at $500. A comprehensive five-day CEH training course is recommended with the exam presented at the end of training. Candidates are able to self-study for the exam, but must submit verification of at least two years of work experience in information security with employer verification. Self-study candidates must also pay an additional $100 application fee. CEH credential holders are required to obtain 120 continuing education credits for each three-year cycle, with at least 20 credits every year.
GIAC Security Essentials (GSEC)
The GSEC certification is designed for professionals seeking to demonstrate that they not only understand information security terminology and concepts, but also possess the skills and technical expertise necessary for “hands-on” security roles. This certification demonstrates knowledge and technical skills in areas such as Wi-Fi protocols, identifying and preventing wireless attacks, network mapping, access controls, authentication, password management, DNS, cryptography fundamentals, network protocols and much more.
How to get there:
The GIAC Security Essentials exam is a bit more expensive than other certifications, priced at $1,099. A training program is not required, but credential seekers may take a “boot camp” course that includes the cost of the exam. This certification must be renewed every four years, by accumulating 36 Continuing Professional Education credits (CPEs), all of which must be obtained in the two-year period immediately preceding certification expiration. GIAC offers three ways to meet the 36 CPE requirement: passing the current certification exam (worth 36 CPEs), attending or teaching ISO 17024 related courses, or publishing books, articles or research papers.
Certified Information Systems Security Professional (CISSP)
The Certified Information Systems Security Professional (CISSP) is an advanced-level certification for professionals serious about careers in information security. Offered by the International Information Systems Security Certification Consortium, known as (ISC)2, this vendor-neutral credential is recognized worldwide for its standards of excellence. CISSP credential holders are decision makers who possess expert knowledge and technical skills necessary to develop, guide and then manage security standards, policies and procedures within their organizations.
How to get there:
CISSP is designed for experienced security professionals and requires a minimum of five years of experience in at least two of (ISC)2‘s 8 common body of knowledge domains or four years of experience in at least 2 of the (ISC)2‘s CBK domains and a college degree. An annual fee of $85 is required to maintain the CISSP credential and recertification is required every three years. Candidates must earn 40 CPE credits each year for a total of 120 CPEs within the 3-year cycle to recertify.
Certified Information Security Manager (CISM)
The Certified Information Security Manager (CISM) is a top credential for IT professionals responsible for managing, developing and overseeing information security systems in enterprise-level applications, or for developing best organizational security practices. The CISM credential targets needs of IT security professionals with enterprise-level security management responsibilities and helps them gain advanced skills in security risk management, program development and management, governance, and incident management and response.
How to get there:
CISM credential holders must agree to ISACA’s Code of Professional Ethics, pass a comprehensive examination, possess at least five years of security experience, comply with the Continuing Education Policy and submit a written application. Registration for members is $490 and for non-members is $675. The CISM credential is valid for three years, and credential holders must pay an annual maintenance fee of $45 (ISACA members) or $85 (non-members). Credential holders are required to obtain a minimum of 120 continuing professional education credits over the three-year term to maintain the credential. At least 20 CPEs must be earned every year.
In addition to certifications, you can enhance your information security knowledge and skills at the Secure360 conference. Secure360 is the premier educational conference in the Upper Midwest for the information risk management and security industry. We hope you will join us!
I think the right title for this is probably “What Information Security Certification is right for you?” as this post does not touch on other security certifications such as the Certified Protection Professional, or a host of other physical security certifications…
Good point, Bryan. We’ll make that adjustment in the title (and great idea for additional certification posts in the future). Thanks for the note!
For a IT sector the security system is benefited for them, as the security system will keep the secure and this also provide high level of security service so this can increase the growth of your company. So I think security certifications is one right option foe every IT sector. And nowadays there are various security options are available and in your blog the way you explain the 5 tips for security training options are really helpful to others. Apart from that some other points are and that you can also refer that.