Cybersecurity engineer

Cybersecurity engineer certifications

August 26, 2019 by Kurt Ellzey


It may be a bit counterintuitive to say this, but cybersecurity engineers are not the only people that are either looking for or need to have cybersecurity engineering certifications. While some may be full-on security professionals, others may have positions in other IT realms but working for organizations where security is the order of the day. Because of these reasons, cybersecurity engineer certifications are among the most popular in the field today and have a massive amount of information to be able to provide to test takers. 

In this article, we’ll be looking at cybersecurity engineer certifications. Due to the sheer amount of information that cybersecurity engineering certifications cover, most certification bodies have what they consider to be a “baseline” certification, along with an advanced version of that certification. Because of this, trying to narrow our list down to five selections was extremely difficult, so we’ll be adding on a bonus certification this time around.

What Is Cybersecurity Engineering?

Let’s take a step back for a second and explain what we mean by cybersecurity engineering. Management lays down recommendations and rules on what needs to be done, Administration makes sure they keep running, but Engineering figures out how it’s all going to work together. They spec out and design the proposal and then implement the systems, backups and redundancies that will make sure that whatever solution is decided upon actually is capable of doing the job far down the line. Additional IT positions also need to understand these basics so that they can wrap their heads around the concepts that are critical to their own responsibilities. 

DoD 8570 Compliance

We’ll also be addressing a key element that many looking at cybersecurity engineering jobs need to consider — Department of Defense Directive 8570 compliance. DoD 8570 isn’t a certification on its own, but rather a set of guidelines and preparations that a person will need to meet before being granted access to a DoD network. Each tier of requirements has its own set of compliant certifications, so if you’re looking at a higher-level position, you’ll need a different certification than someone starting out at an entry-level position. 

Even if you aren’t looking directly at a DoD security job listing, many other positions in IT that perform classified or other high security tasks require cybersecurity certifications, regardless of your actual responsibilities. Because of this, employees must either already have the specified certification or obtain it within a specified time period after being hired. 

As certifications change, and requirements evolve, the Compliance Matrix adapts for what is necessary at each level of employment. As a result, you’ll want to check here for the latest available information. 

Here, then, in particular order, are the top six cybersecurity engineering certifications. 


Certification body: CompTIA
Is this certification DoD 8570-compliant? YES

CompTIA has pretty much written the book on vendor-neutral certifications, with many people first starting out in IT studying for their A+ or Network+ certifications. It’s incredibly convenient then for these test takers to continue on to Security+. Even though there are no prerequisites to take the Security+ exam, CompTIA’s Career Pathway recommends taking the Security+ exam after the A+ and Network+. 

While Microsoft, Cisco and other vendor-specific certifications want you to learn the official way of handling things, CompTIA oftentimes showcases methods that “just work” in the real world.. 

According to CompTIA, “More choose Security+ for DoD 8570 compliance than any other certification.” Security+ is certainly more advanced than the A+ and Network+ but doesn’t have the time or experience requirements that some of the other certifications on this list need. It can therefore be a great first step for someone starting out or helping others to round out their existing set of certifications if the jobs they are looking for explicitly require a Security+. 

CASP+ — Advanced Security Practitioner

Certification body: CompTIA
Is this certification DoD 8570-compliant? YES

CompTIA flat-out says on their website for the Advanced Security Practitioner (CASP+) that this “is the only hands-on performance-based certification for practitioners — not managers — at the advanced skill level of cybersecurity. While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP+ certified professionals figure out how to implement solutions within those policies and frameworks.” 

The CASP+ is a capstone Certification for CompTIA. The path starts with Security+, advances to CySA+ (cybersecurity analyst), then finishes off the cybersecurity pathway with the CASP+. However, it isn’t actually required to have the previous two certifications before you take the CASP+ exam. In fact, the only real requirement is that you have ten years in IT administration, with five of those in hands-on security experience.  

CEH — Certified Ethical Hacker

Certification body: EC-Council
Is this certification DoD 8570-compliant? YES 

“To beat a hacker, you need to think like a hacker.” This has been the mantra for the Certified Ethical Hacker (CEH) certification since its inception. 

In cybersecurity engineering, it’s vital to be able to show that your principles and ideas not only work, but that they are safe and hardened against potential threats. While other certifications such as Security+ and the CISSP work to showcase security for a system by building up in a particular, precise and refined fashion, the CEH takes a big ol’ wrecking ball and tries to crack something in half.

LPT — Licensed Penetration Tester

Certification body: EC-Council
Is this certification DoD 8570-compliant? No

Like the CASP+ is to Security+, the Licensed Penetration Tester (LPT) is a capstone-level certification. This path starts with the CEH, follows up with the Certified Security Analyst (ECSA) and then completes with the LPT. 

The key differences between the CEH and the LPT lie in the objectives and refinement. If the CEH is a wrecking ball to test out one specific project as we discussed above, the LPT can be considered a scalpel across an entire infrastructure — poking and prodding for any microscopic way in. 

CISSP — Certified Information Systems Security Professional 

Certification body: (ISC)2
Is this certification DoD 8570-compliant? YES

The Certified Information Systems Security Professional (CISSP) exam covers an enormous amount of material across multiple domains, and as a result is an excellent certification for consideration across a wide variety of disciplines. 

It is often considered a capstone certification on its own, because it already expects you to be familiar with multiple technical and security fields and builds up from there. Even the Certification Body (the International Information System Security Certification Consortium (ISC)²) is aware of this and says right on the official description page: “…but it’s not for everyone.” 

The CISSP is an exceptionally strong certification, however, and the community that surrounds it is one of the best in the world. If you choose to go for this certification, you will be challenged, but you will not be disappointed in the results. 

After passing your exam, you will be asked to be endorsed by an existing person certified by (ISC)2. This is to verify that the exam taker has the experience required to receive the certification. Therefore, it is strongly recommended that you make contact with others that have passed these exams in the past so that they may get to know you and know for certain that you have the required specifications if they decide to vouch for you.

CISSP-ISSEP — Certified Information Systems Security Professional-Information Systems Security Engineering Professional

Certification body: (ISC)2
Is this certification DoD 8570-compliant? YES

Because the CISSP covers so much material, it can be difficult to focus in on one particular aspect of it. Once you have your CISSP, if you have a particular section that you need to dial in on, (ISC)² has what they call “Concentrations” — additional training and certifications that go above and beyond the standard CISSP. 

The CISSP-ISSEP (and yes, that still is a mouthful) focuses on the Engineering section of information security as opposed to the other two concentrations, Architecture and Management. (ISC)² worked with the NSA to develop this concentration, which shows just how much of a deep dive that this certification can provide to test takers. (ISC)² has designed this concentration to be for professionals who “have the knowledge and skills to incorporate security into projects, applications, business processes and all information systems.”


Engineering requires knowledge, technique and the proper tools, and these certifications showcase what cybersecurity engineering can do from a multitude of angles. If you’re looking for a place to start studying, please consider checking out Infosec’s course list, especially if you’re planning on going for the CEH — EC-Council high recommends that you take a training course before attempting the CEH.

Regardless of the method you use, the rewards that can be received by obtaining the certifications listed above are massive and will continue for a very long time. Good luck!



  1. DoD Approved 8570 Baseline Certifications, DoD Cyber Exchange
  2. CompTIA Career Pathway, CompTIA
  3. CompTIA Security+, CompTIA
  4. CompTIA Advanced Security Practitioner, CompTIA
  5. Certified Ethical Hacker Certification, EC-Council
  6. Licensed Penetration Tester (Master), EC-Council
  7. Become a CISSP – Certified Information Systems Security Professional, (ISC)²
  8. CISSP Concentrations, (ISC)²
Posted: August 26, 2019
Kurt Ellzey
View Profile

Kurt Ellzey has worked in IT for the past 12 years, with a specialization in Information Security. During that time, he has covered a broad swath of IT tasks from system administration to application development and beyond. He has contributed to a book published in 2013 entitled "Security 3.0" which is currently available on Amazon and other retailers.