Best Certification In Each CyberSecurity Domain

In this series talk about what certification is the gold standard in some of the most popular domains of cybersecurity. Of course the number of certified professionals, CPE hours required, membership fees, and tests change over time, but the fact is that as more cybersecurity professionals enter the market, these professionals will want to know which certifications best fit their interests and are considered best for obtaining their dream job.

Therefore, what this article is going to do is talk about some of the most well regarded certificates for the domains of Penetration Testing and Offensive Security, Management, Auditing, General Cybersecurity, and Introductary Certification.

As the cybersecurity industry has evolved, a greater number of cybersecurity organizations and certifications have been created to cater to the growing domains of cybersecurity. However, there are several different areas of cybersecurity that do not have a certification that signifies a certain level of skill, such as digital forensics, or coding. Moreover, it is worth noting that certifications just show that one has the basic knowledge of the topic and looks amazing on a resume! These certs can help one move into a specific area if they are more specific. For each area, we will provide a quick reason why they are the best, and will dive into more detail about each type in the specific article. Each article will talk about requirements to take the exam, how to renew it, what to expect, and what makes it the gold standard.

Introductory Certification: Security+

Although we have already discussed some introductory certifications, the Security+ is arguably the most well respected. It comes from a well respected organization in CompTIA, is constantly being updated, and doesn’t require a ton of experience as a prerequisite to acquisition. One can buy some training books and pass the test to become a cybersecurity professional in just a few weeks!

Offensive Security: OSCP

The OSCP is a very challenging test that is unmatched by any other offering on the market. It is a true show of skill and perseverance in penetration testing as the test is a 24 hour exam in an unfamiliar lab to successfully complete the exam requirements. Documentation must include procedures used and proof of successful penetration including special marker files that are changed per exam. Exam results are reviewed by a certification committee and a reply is given within 10 business days. This exam is very challenging and very few pass. This exam is well thought of and does not expire, nor does it require CPE to renew at this time.

General Cybersecurity: CISSP

An exam that is described as a mile wide and an inch deep, the CISSP or Certified Information Systems Security Professional is the gold standard for a plethora of roles, including Managers, Engineers, and Executives. This exam requires 5 years of proven experience, with 1 year that can be waived with specific conditions, such as an approved security certification or education. One has to renew every 3 years and obtain CPE to maintain an active certification. The exam has moved to computerized adaptive testing and is updated every few years.

If one lacks the experience, one can become an associate, at which time, it means that one has passed the exam but lacks the experience to become a full CISSP. To move from an associate to full member, one has to get the necessary experience during their time as an associate and get endorsed.

Management: CISM

The CISM certification, an abbreviation of Certified Information Security Manager, is offered by ISACA and is a certification that validates knowledge and expertise in managing enterprise information security teams. The certification is geared towards an intended audience of advanced IT professionals who want to demonstrate to others that they can develop and manage an information security program at the enterprise level.

Just like many other certifications on this list, like the CISSP, the CISM eligibility requires five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas.

Auditing: CISA

The CISA or Certified Information Security Auditor, is offered by ISACA is an entry-level to mid-career certification that can showcase your expertise and assert your ability to apply a risk-based approach to planning, executing and reporting on audit engagements. With this certification, the candidates show that they are able to audit systems to a degree of proficiency at engagements, which makes this the leading auditing certification. Candidate eligibility will be determined when the candidate registers, which makes the candidate valid for a 12 month exam registration period.

Make sure to follow us on social media at Twitter.com/youcanInfosec for new updates and make sure to come back for more interesting articles and series like this one!

Leave a comment

Your email address will not be published. Required fields are marked *