Modern organizations are facing more security threats than ever before. Data breaches and systematic hacks of company resources are becoming more frequent, and there are no signs of this trend slowing down. Generalized approaches to system security no longer provide sufficient protection against increasingly sophisticated threats, and qualified security professionals to combat these threats are in short supply. It is for this reason companies are willing to pay top dollar for certified IT security professionals.

(ISC)² Certified Information Systems Security Professional (CISSP)

The CISSP is an elite qualification that shows your employer and colleagues you have a solid foundation in digital security. The skills learned in this course are critical for anyone who needs to design, engineer and implement information security systems in the work place. The CISSP objectively measures the abilities of candidates. This is the reason the certification holds such high value among IT security professionals.

The CISSP is globally recognized. No matter where your career takes you, it will place you above other candidates with similar levels of experience who don’t hold the CISSP certification.

  • Prerequisites: You must have at least five years of paid experience at a full-time job in a field related to the CISSP exam subject matter. You must also have knowledge of at least two of the eight domains in the study material, or common body of knowledge (CBK). Candidates without the required work experience can satisfy the requirement with one year of work experience and a four-year college degree, or an approved credential from the CISSP prerequisite pathway. Another option for those without the appropriate work experience is to take the exam and earn an Associate of (ISC)2 designation. Candidates will then have six years to earn the required work experience for the CISSP.
  • Exam: The CISSP exam has 250 multiple-choice and advanced innovative questions and lasts six hours; 700 out of 1000 points, or 70%, is the passing score.
  • Cost for Exam: $599 USD for the Americas, Asia Pacific, Middle East and Africa regions. It is administered by Pearson VUE. A 2017 pricing guide can be downloaded here.
  • Learning Material: (ISC)² study materials can be found here. InfoSec Institute’s CISSP Boot Camp is also a good exam-prep resource for those looking for more structure in the preparation process.

Advantages of Achieving CISSP

The CISSP is a universally recognized certification that can boost your career and increase your earnings. It is one of the most sought-after certifications in information security – anyone that is looking to advance their career would do well to complete this certification.

(ISACA) Certified Information Security Manager (CISM)

The CISM is geared towards people looking for a more senior, managerial position where information security, assurance and risk management are part of their job responsibilities. It covers security management principles that are both practical and vital to the candidate’s ability to carry out their duties in the role of an information system security manager.

  • Prerequisites: Candidates seeking this certification must have five years of work experience in the field of information security, with at least three years in the role of information security manager. This must be verified before candidates can take the exam.
  • Exam: The CISM exam consists of 200 questions and takes four hours to complete. The score ranges from 200 to 800, with a score of 450 being the passing mark for the exam.
  • Cost for Exam: Early registration is $575 USD for ISACA members and $760 USD for non-ISACA members. More information can be found here.
  • Learning Material: ISACA study materials can be found here. InfoSec Institute’s CISM Boot Camp is also a good exam-prep resource for those looking for more structure in the preparation process.

Advantages of Achieving CISM

As the demand for information security management professionals continues to rise, so does demand for CISM holders. Managerial roles in information security are also more widely advertised by corporate companies seeking to retain skilled information security managers. Information security professionals looking to move into managerial positions will find this certification especially useful.

(ISACA) Certified Information Systems Auditor (CISA)

The CISA is seen as a world-renowned standard of achievement for any security professional who has to audit, control and monitor information technology and business systems. This qualification has been accredited by the American National Standards Institute (ANSI), making it a great option for any security professional who is looking to earn a certification that is an internationally recognized standard.

  • Prerequisites: Candidates must have five years of work experience in the field performing duties that are specifically related to information systems auditing, control, assurance or security.
  • Exam: The CISA consists of 200 questions and takes four hours to complete. The score ranges from 200 to 800, with a score of 450 being the passing mark for the exam.
  • Cost for Exam: Early registration is $575 USD for ISACA members and $760 USD for non-ISACA members. More information can be found here.

Learning Material: ISACA study materials can be found here. InfoSec Institute’s CISA Boot Camp is also a good exam-prep resource for those looking for more structure in the preparation process.

Advantages of Achieving CISA

A certified CISA candidate will find many great benefits to winning this designation, including improved employment prospects and greater influence in the work place. This certification is highly beneficial to anyone who works in IT and is responsible for auditing, controlling, monitoring and assessing IT systems.

GIAC Security Essentials (GSEC)

Global Information Assurance Certification (GIAC) is the leading provider and developer of cyber security certifications and is globally recognized by government, military and industry leaders. GIAC tests and validates the ability of practitioners in areas such as security administration, forensics, management, audits, software security and legal best practices.

GIAC Security Essentials Certification (GSEC) is designed for candidates who want to demonstrate skills in IT systems roles and information security tasks. The GSEC is seen as a highly desirable certification; it teaches general security best practices and methods for real-world applications.

  • Prerequisites: None
  • Exam: GIAC Security Essentials (GSEC) Exam is a five-hour proctored exam with 180 questions; 73% is the passing score.
  • Cost for exam: $1,699 USD, administered by Pearson VUE (affiliate pricing for GIAC certification in conjunction with SANS training is $689 USD, recertification attempt is $399).
  • Learning material: All information can be found here.

Advantages of Gaining GSEC Certification

The GSEC certification will increase your confidence and proficiency in system security and protection. Some great reasons to acquire this certification can be found here. This certification is an excellent qualification to list on your resume or CV.

EC-Council Certified Ethical Hacker (CEH)

The CEH is an advanced penetration testing qualification that assesses the candidate’s ability to seek out and identify potential security risks within an organization’s IT and networking infrastructure. The CEH is one of the foundational courses offered by EC-Council and it is a good starting point before venturing into the EC-Council Certified Security Analyst (ESCA) exam.

  • Prerequisites: Candidates must attend official training or have at least two years of information security-related experience.
  • Exam: The CEH exam contains 125 questions and lasts four hours; 70% is the passing score.
  • Cost for exam: The Version 9 exam costs $850 USD for U.S. residents and $885 USD for international candidates. The exam is administered by ECC EXAM, VUE. More information is available here.

Learning Material: EC-Council study materials can be found here. InfoSec Institute’s CEH Boot Camp is also a good exam-prep resource for those looking for more structure in the preparation process.

Advantages of Achieving CEH

Many security roles exist where CEH-type certifications are required. The CEH teaches valuable skills with hands-on testing. It is a good certification for information security professionals and network administrators seeking an introduction to ethical hacking and penetration testing.

CompTIA Security+ (SY0-401)

The CompTIA Security+ certification is a popular, vendor-neutral qualification that is a good starting point for information security professionals. The Security+ certification is aimed at entry-level security professionals and offers generalized information to help candidates build a foundational understanding of information security. The Security+ exam features six domains valuable for aspiring information security professionals. 

  • Prerequisites: A CompTIA Network+ certification and two years of systems administration experience with a security focus is preferred.
  • Exam: The CompTIA Security+ SY0-401 has a maximum of 90 questions and is 90 minutes long. Passing score is 75 on a scale of 100-900.
  • Cost for Exam: $320 USD.

Learning Material: CompTIA study materials can be found here. InfoSec Institute’s Security+ Boot Camp is also a good exam-prep resource for those looking for more structure in the preparation process.

Advantages of Achieving Security+

Candidates that achieve the Security+ certification are bound to see a return on their initial investment. The Bureau of Labor Statistics states security specialists, administrators and managers with the Security+ certification can earn as much as $86,000 USD per year. The Security+ is also globally recognized and approved by the U.S. Department of Defense. The CompTIA Security+ meets ISO 17024 standards, as well as the Department of Defense’s Directive 8570.01-M requirements, which could see candidates landing a job within government. This is an excellent entry-level course excellent for those new to the world of information security.

(ISC)² Certified Cloud Security Professional (CCSP):

One of the main reasons for security professionals to take the CCSP is to prove they are knowledgeable about cloud security and all security-related cloud considerations – an environment at the forefront of business innovation in IT. Cloud environments are filled with security challenges that change daily, so gaining the CCSP is vital for showing employers you are well versed in the required security considerations that are part and parcel of cloud computing.

  • Prerequisites: Candidates must have a minimum of five years of full-time experience in IT, of which three years must be in information security. They must also have one year of experience in at least one of the six areas of the CCSP’s Common Body of Knowledge (CBK).
  • Exam: The CCSP exam contains 125 questions and is four hours long. Passing score is 700 out of 1000 points.
  • Cost for exam: The exam costs $549 per attempt, with an annual maintenance fee of $100. The exam is administered by Pearson VUE. Download the 2017 pricing guide

Learning Material: (ISC)² study materials can be found here. InfoSec Institute’s CCSP Boot Camp is also a good exam-prep resource for those looking for more structure in the preparation process.

Advantages of Achieving CCSP

This certification helps candidates demonstrate proficiency in cloud data security, cloud architecture and design, as well as day-to-day operations, application security considerations and much more. Anyone who is looking to take a role in a cloud-based environment will be well served with a CCSP certification.

Infosec Resources

Be sure to take a look at our resource page to find out more about these courses, as well as other security certifications that we didn’t cover in this article.

Infosec Institute offers a wide range of security related courses for IT professionals. If you have any questions, please feel free to contact us here.