There are plethora of cybersecurity certifications that are available, but which ones are the best for the first one? What should you do if you’re looking to get your first cybersecurity certification? Which organizations are thought of best? Which certifications are on the most job postings? Which certifications should be considered and which one is right for me?
Every situation will be different, so every variation might not be covered; however, when choosing any certification to get, there are certain features to consider, such as cost of the certification, what the renewal process looks like, what the test looks like, which test is right for your current and future jobs, and studying options. We will cover these in regard to beginner certifications, and then will take a look at these items individually in another article.
Comptia Security+
Probably the most well know introduction Cybersecurity Certification is the Security+. It is not only vendor neutral, but one of the cheapest exams for its value, which makes the return on investment immense! The Security+ is $350, with a 3 year CPE/CEU cycle. Comptia is one of the most well known certificate vendors in the IT industry and is one of the most seen certifications on resumes for first roles and intermediary roles. It has a sense of prestige and honor that everyone understands and universal appeal.
Comptia has a plethora of non-comptia certs and activities to renew the Security+. It is recommended to take a look as the wide variety of opportunities really improves the desirability of the certification from the perspective of a holder.
GIAC Security Basics (GSEC)
A security certification by the GIAC organization that used to be the basic starting security certification offered by GIAC until the GISF became a more introductory certificate. The exam is $2499, and is active for 3 years, with renewals being done in the same way that most SANs/GIAC certifications are renewed. The exam has 106-180 questions to be completed in 4 to 5 hours, with a minimum passing score being 73%.
This certificate was originally an exam that was proctored in just an online fashion, but with the move to computerized adaptive testing, this exam has become a bit harder. It isnt as well considered as the Security+, the GSEC is very well regarded.
(ISC)2 Systems Security Certified Practitioner (SSCP)
Organized by the same organization as the CISSP, the (ISC)2 also has many other certifications including the SSCP. The SSCP is the only certification on this list to require experience to obtain the certification.
The SSCP is $249 to take the exam, with the certification maintained by earning 60 Continuing Professional Education (CPE) credits over a 3 year period. This certification is less often seen as compared to other certs on this list, but the organization that provides this certification is one of the best in the industry.
Certified Ethical Hacker (CEH)
Offered by the EC-Council, the CEH is an exam focused on penetration testing. The EC-Council is most well know for the CEH exam, which has gained popularity over the years. This exam is great for those who want to expand their knowledge into the penetration testing field and for those who want to determine if penetration testing is the right area for them.
In regards to studying, the exam dumps used to be online so the exam changed to be a bit harder and less pure studying from dumps. For renewing the CEH, the CPE/CEUs go on a 3 year cycle and obtain 120 hours of CEU.
If the penetration testing is a good fit, then start with the CEH and work your way up to the OSCP. The OSCP is the gold standard certificate for those who want to focus in ethical hacking.
Although popular, the EC-Council is the not as well thought of certification vendors on this list as SANS and Comptia are thought of very highly. That isn’t to say the CEH isn’t a good certificate to get, but there has been a recent plagiarism scandal with the EC-Council blog.
GIAC Information Security Fundamentals (GISF)
A relatively new certificate from GIAC, the certificate is designed for “anyone new to cyber security who needs an introduction to security fundamentals and Non-IT security managers.” Although the GIAC name is really well respected, the GISF is relatively new and seems to be a weaker version of theGSEC certificate. Whereas theGSEC is a hands off test designed for security engineers and those already in cybersecurity, the GISF is designed for those who aren’t in cybersecurity but looking to get certified by a reputable security organization. For those looking to renew the GISF, the CEU/CPE renewal is the same pathway for other GIAC plans.
Make sure to check back with youcaninfosec.com for more interesting articles like this and check out our social media at Twitter.com/youcaninfosec for more interesting content like this. We will be talking about these different types of jobs in upcoming articles, which will include career advice, interviews, and more.
3 comments