Certifications
Resources
Should you get certified?
To be or not to be, the age old debate rages on. Should you get certified? Is it worth it? How much should you invest in training and/or certifications. With so many certifications now, where to begin? Which ones are legitimate and have actual value to an employer? Is your time better spent learning online, building your own lab, volunteering or securing an internship? If I have a degree, do I need to get certified as well? What about bootcamps – beneficial? Sufficient? Do you have the time to pursue multiple options? Will anyone care??
To navigate the very broad field of cybersecurity effectively, it’s crucial to pinpoint your specific area of interest within security.
Ultimately, it’s a personal decision and highly dependent upon your goals, resources and the requirements for the positions that you are targeting. There is a lot of value in reviewing the job descriptions for the titles you think you are interested in and determining the common threads in terms of experience and/or certifications (required or preferred).
Trying to flesh out the job title to job description to job requirements matrix is a perplexing task for another day. Ask around your network, do your research, create a spreadsheet and see where you land for yourself. Do you know which area of cybersecurity you want to work in? What certifications are relevant to that area?
Are there scholarships available for the program? Will your prospective future employer pay for it? Evaluate the certification, training options (including time/cost), your learning style and make an informed decision. Check out the bottom of this page from Gerald Auger of Simply Cyber for his expert insights.
CompTIA Security+
Widely recognized as a foundational certification for cybersecurity professionals, covering essential skills in network security, compliance, and operational security. It is often a prerequisite for Federal jobs.
CompTIA Network+
While not strictly a cybersecurity certification, Network+ provides a solid understanding of networking concepts, which is crucial for cybersecurity roles.
Certified Ethical Hacker (CEH)
Focuses on the tools and techniques used by ethical hackers to identify and counter potential threats, providing a good introduction to offensive security concepts. See the video on the certification organizations page for more details.
Cisco Certified CyberOps Associate
Offers foundational knowledge in security concepts, network intrusion analysis, security policies, and procedures.
GIAC Security Essentials (GSEC)
Covers a wide range of topics, including networking, security fundamentals, and cryptography, providing a good overall understanding of cybersecurity principles.
Google Cybersecurity Certification
Prepare for a career as a cybersecurity analyst with a professional certificate from Google. Learn job-ready skills that are in-demand, like how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them.
Microsoft Cybersecurity Analyst Professional Certificate
Launch your career as a cybersecurity analyst. Build job-ready skills for an in-demand career in the field of cybersecurity in as little as 6 months. No prior experience required to get started.
Microsoft Certified Security Operations Analyst Associate
This exam measures your ability to accomplish the following technical tasks: manage a security operations environment; configure protections and detections; manage incident response; and perform threat hunting.
ISC2's Certified in Cybersecurity (CC)
Take the first step to a rewarding career with Certified in Cybersecurity (CC) from ISC2, the world’s leading cybersecurity professional organization known for the CISSP. You don’t need experience — just the passion and drive to enter a field that opens limitless opportunities around the globe. As part of our commitment to help close the cybersecurity workforce gap, our new global initiative, One Million Certified in Cybersecurity, is providing free CC online self-paced training and exams to one million people around the world. Proves you have the foundational knowledge, skills and abilities for an entry- or junior-level cybersecurity role. See the link on the Certification Organizations page for more details.
GIAC Penetration Tester Certification (GPEN)
The GIAC Penetration Tester (GPEN) certification validates a practitioner's ability to properly conduct a penetration test using best-practice techniques and methodologies. GPEN certification holders have the knowledge and skills to conduct exploits, engage in detailed environmental reconnaissance, and utilize a process-oriented approach to penetration testing projects
Offsec Security Certified Professional OSCP
While not strictly entry-level, OSCP is a highly respected certification that is well-suited for individuals with some experience in IT or cybersecurity who want to advance their skills in penetration testing.
Great for early career, non-technical positions and for those interested in GRC. Certified Information Systems Auditor® (CISA®), world-renowned as the standard of achievement for auditing, monitoring, and assessing IT and business systems, also acknowledges the importance of emerging technologies. Achieving a CISA certification showcases your expertise and asserts your ability to apply a risk-based approach to audit engagements. Addressing innovations like AI and blockchain, CISA ensures that IT audit professionals stay current on the latest technology trends and advancements.
Certified Information Systems Security Professional (CISSP)
While CISSP is more advanced, it is also sought after by early career professionals with experience looking to demonstrate their commitment to the field. Introduced in 1994, the CISSP is still widely considered the ‘gold standard’ for cybersecurity certifications among cybersecurity professionals and employers. Keep in mind, the CISSP typically requires a minimum of 5 years of cumulative paid work experience in 2 or more of the 8 domains. A four year degree will satisfy one year of the required experience. For those without the required experience, you can earn a CISSP associate by successfully passing the exam. As an ISC2 associate, you will then have 6 years to earn the five years required experience. See below for additional changes to the CISSP in 2024:
- On April 15, 2024, ISC2 will refresh the CISSP credential exam. These updates are the result of the Job Task Analysis (JTA), which is an analysis of the current content of the credential evaluated by ISC2 members on a triennial cycle. The domain weights for the CISSP will change as noted below:
| Current (Effective May 1, 2021) | Effective April 15, 2024 | |
1 | Security and Risk Management | 15% | 16% |
2 | Asset Security | 10% | 10% |
3 | Security Architecture and Engineering | 13% | 13% |
4 | Communication and Network Security | 13% | 13% |
5 | Identity and Access Management (IAM) | 13% | 13% |
6 | Security Assessment and Testing | 12% | 12% |
7 | Security Operations | 13% | 13% |
8 | Software Development Security | 11% | 10% |
| Total: | 100% | 100% |
- As detailed above, Domain 1, Security and Risk Management, has increased in weight from 15% to 16% while Domain 8, Software Development Security, has decreased in weight from 11% to 10%.
- Additionally, effective April 15, 2024, the time limit for the CAT exam will be a maximum of three (3) hours. Candidates taking the CAT version of the exam will see a minimum of 100 and a maximum of 150 items. The linear exam length will remain 6 hours for 225 scored items. Candidates taking the linear version of the exam will receive 225 total items.