Professional development

Best cybersecurity certifications: more considerations between vendor-neutral vs. vendor-specific

July 14, 2021 by Daniel Brecht

One of the first decisions you will need to make is whether to pursue a vendor-neutral or vendor-specific certification; then, you can concentrate on areas in which you have strength and expertise and are in demand in today’s job market.

Vendor-neutral certifications are not specific to any technology and give cybersecurity professionals that knowledge foundation to give them a competitive edge when applying for positions in any organization. A professional looking for a certification able to verify their broad knowledge in managing the overall security posture of an organization can look at the Certified Information Systems Security Professional (CISSP) as one of the best options. This certification is recognized worldwide and valued by most employers.

Vendor-specific credentials are the best options for professionals already working on specific technologies or that want to specialize in the management of a particular system. A Cisco Certified Internetwork Expert (CCIE) covering the installing, configuring and maintaining of the vendors’ product in data centers can give an advantage to professionals looking to change jobs or advance in their current position.

The 2020 ISC Cybersecurity Workforce Study shows the types of certifications employers require:

  • Vendor-specific cybersecurity certifications (e.g., Cisco, Microsoft etc.) – 49%
  • Vendor-neutral cybersecurity certifications (e.g., CISSP, CISM etc.) – 47%

These, instead, are the most commonly held among the 3,790 respondents based worldwide.

  • CISSP – 43%
  •  CCNA Security – 23%
  • CISSP with concentration – 20%
  • CCNP Security – 15%
  • CCSP – 15%
  • CCNA Cyber Ops – 12%
  • Certified Web Security Professional – 12%
  • CISA – 12%
  • CASP – 11%
  • CISM – 10%
  • CompTIA Security+ – 9%



CompTIA covers a broad spectrum of topics, including cybersecurity, networking, cloud computing and technical support. They offer core certifications and credentials more focused on issues like cloud, Linux, pentesting and more.

  • CompTIA A+: this performance-based exam certifies foundational IT skills across a variety of devices and operating systems.
  • CompTIA Network+: certifies the essential skills needed to design, configure, manage and troubleshoot any wired and wireless devices.
  • CompTIA Security+: is an entry-level option for any professionals looking to validate the baseline skills necessary to perform core security functions in any organization.
  • CySA+: it has a hands-on focus and concentrates on the application of behavioral analytics to improve security. Data analysis, threat detection tools and techniques, as well as the identification of vulnerability and risks, are covered by this certification.


ISACA focuses on governance, control, risk, security and audit/assurance.

  • CISA: focuses on IT audit, security and control of an organization’s IT infrastructure for entry or mid-level professionals.
  • CISM: focuses on information security governance, program development and management, incident and risk management for mid-level professionals looking to step forward.
  • CRISC: focuses on the professional’s ability to recognize and manage risks to an enterprise’s systems and maintain controls.
  • CGEIT: this is said to be the only IT governance certification for the individual. It is an excellent option for professionals tasked to design and implement IT governance systems according to the organization’s business goals.
  • CDPSE: a necessary certification as it deals with the all-important topic of privacy in all aspects of an organization’s IT infrastructure, from the built-in privacy of applications to that of the network. This credential validates the technical skills and knowledge required to design, implement and assess privacy solutions.


This association offers globally recognized core certifications in various important IT topics, including information systems security, cloud security and security built-in the software lifecycle.

  • CISSP: one of the most sought-after certifications worldwide. It shows you have the knowledge and experience to design, develop and manage the overall security posture of an organization. It also offers three specializations:
    • ISSAP: recognizes expertise in developing, designing and analyzing security solutions.
    • ISSEP: recognizes the ability to apply systems engineering principles to develop secure systems.
    • ISSMP: recognizes management and leadership skills as well as expertise in governing information security programs.
  • HCISSP: focuses on the ability to ensure security and privacy controls for healthcare and patient information.
  • SSCP: validates hands-on abilities and practical experience in using information security policies and procedures to administer an IT infrastructure and protect confidentiality, integrity and data availability.
  • CCSP: focuses on a hot topic in cybersecurity: the protection of the cloud. This certification recognizes the hands-on abilities of a professional working on data security and applications in the cloud.


This certification body offers many credentials, many focusing on ethical hacking, penetration testing, incident resolution and recovery and network defense. They also have programs specific to employees and contractors of government agencies (CNDA, Certified Network Defense Architect).

  • CEH: this certification is mapped to NICE 2.0 and focuses on hot topics like Cloud and IoT. It covers the latest ethical hacking tools, methods and techniques in its efficient test.
  • CND: another efficient certification with more than 50% of the course being lab-intensive. It focuses on secure networking practices and hardening computing systems.
  • CPENT: this certification program teaches you how to perform a practical penetration test in an enterprise network environment and IoT and OT systems. It covers writing exploits and scripts, builds tools and conducts binary exploitations.
  • ECIH: certification on the all-important handling of the consequences of a breach, reducing the impact on the financial health and reputation of a company or organization.


IAPP offers privacy certs and focuses on professionals who want to develop and advance their careers by helping their organizations successfully protect their data and manage risks like breaches, identity theft and loss of customer trust.

  • CIPP: focuses on privacy laws and regulations and their practical application.
  • CIPM: a privacy certification for professionals who manage day-to-day operations.
  • CIPT: focuses on professionals’ knowledge of privacy requirements to ensure the organization meets its privacy goals and mitigates risks.


Cybersecurity Maturity Model Certification (CMMC) is a program initiated by the United States Department of Defense to measure their contractors’ readiness in cybersecurity. This is very specific to contractors and subcontractors of the Department of Defense. The framework encompasses processes and inputs from cybersecurity standards such as NIST, FAR and DFARS. 



A renowned company in networking for the internet, Cisco offers certifications that can be truly helpful for any professionals given the sheer number of companies that use their networking products. With Cisco’s market share of 49.9% of the global ethernet switch market in the third quarter of 2020, there are many possibilities that a professional might find that technology on its path when applying for jobs. Cisco offers a wide variety of certification programs, from entry-level to expert to specialist certifications.

  • CCNA: this exam tests a candidate’s knowledge and skills related to the following domains: network fundamentals, network access, IP connectivity, IP services, security fundamentals and automation and programmability.
  • CCNP Security: this exam validates knowledge on core security technologies, including network security, securing the cloud, content security, endpoint protection and detection.
  • CCDE: this credential is expert-level, recognizes network designers’ expertise, and emphasizes network design principles in routing and tunneling.
  • CCNP Enterprise: this credential proves skills with enterprise networking solutions. Candidates need to pass two exams: a core enterprise technologies test and a concentration-of-choice test covering topics like implementing or designing Cisco Enterprise Wireless Networks and Cisco SD-WAN solutions.


Microsoft certifications are often listed in between the requirements of job opportunities. This is a reflection of the fact that many enterprises adopt Microsoft solutions for their IT infrastructures. The IT giant provides technical and non-technical options. It has recently completed an overhaul of its certification program that resulted in the retirement of some of its most famous options: Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Solutions Developer (MCSD) and Microsoft Certified Solutions Expert (MCSE). The company has switched towards role-based certifications that are now available together with fundamental and expert-level certification options.

  • Microsoft 365 Certified: Fundamentals proves a basic understanding of cloud concepts and all about Microsoft 365 from its services to its security, compliance and privacy and pricing and support.
  • Microsoft Certified: Security, Compliance and Identity Fundamentals. This certification focuses on security, compliance and identity (SCI) across cloud-based and related Microsoft services. Its audience is vast and diverse, including students, business stakeholders and new or existing IT professionals.
  • Microsoft 365 Certified: Enterprise Administrator Expert is for professionals asked to evaluate, plan, migrate, deploy and manage Microsoft 365 services.
  • Microsoft Office Specialist: Expert (Office 365 and Office 2019) is used to earn a Microsoft Office Specialist: Expert certification. Candidates need to earn a Microsoft Office Specialist Associate certification by passing three of the following Associate exams:
    • MO-100: Microsoft Word (Word and Word 2019)
    • MO-200: Microsoft Excel (Excel and Excel 2019)
    • MO-300: Microsoft PowerPoint (PowerPoint and PowerPoint 2019)
    • MO-400: Microsoft Outlook (Outlook and Outlook 2019)
    • pass any two of the following three Expert exams:
      • MO-101: Microsoft Word Expert (Word and Word 2019)
      • MO-201: Microsoft Excel Expert (Excel and Excel 2019)
      • MO-500: Microsoft Access Expert (Access and Access 2019)

Red Hat

A renowned and widely-used provider of enterprise open-source solutions, delivering Linux, cloud, container and Kubernetes technologies, Red Hat offers its own certifications and several skill paths that professionals (administrators, architects, engineers, developers and operators) can use to validate their knowledge.

  • RHCSA: the Red Hat Certified System Administrator is for professionals to perform the core system-administration skills required in Red Hat Enterprise Linux environments. This is a popular option for experienced Linux system administrators who either want to validate their skills or need to satisfy requirements like the DOD 8570 directive. It is also earned by professionals preparing for the RHCE option.
  • RHCE: the Red Hat Certified Engineer is for professionals who are ready to automate tasks and integrate Red Hat’s emerging technologies.
  • RHCEMD: the Red Hat Certified Enterprise Microservices Developers certification is for professionals who develop JEE applications in a microservice-style environment and use Microprofile APIs to develop microservices enterprise Java applications.
  • RHCA: the Red Hat Certified Architect is available as two different certifications. Red Hat Certified Architect in Infrastructure and Red Hat Certified Architect in Enterprise Applications. To obtain it, already certified individuals (RHCEs or RHCEMD) need to earn other five certifications between those approved by Red Hat for each track.


This company is an expert in business modernization and offers better customer service, cloud storage, digital workspaces, apps and data security. It offers its own line of professional certifications for different skills levels: from associate to professional and expert.

  • VMware Certified Technical Associate (VCTA): it validates the basic skills of prospective or current operators who work with virtualized environments, with multi-cloud operations, networking, security and device management.
  • VMware Certified Professional – Data Center Virtualization 2021 (VCP-DCV 2021): validates candidate skills to work with vSphere cloud computing virtualization platform.
  • VMware Certified Design Expert – Network Virtualization 2021: for design architects highly skilled in VMware enterprise deployments. This expert-level certification proves advanced vSphere and NSX 6.x and designing a valid VMware NSX-platform-based data center networking infrastructure.
  • VMware Certified Professional – Security 2021: validates knowledge of VMware’s security solutions and the ability to administer the security features and functions of NSX-T Data Center, Workspace ONE and VMware Carbon Black Cloud.

Finding the best cybersecurity certifications

There are a large variety of certifications available. Finding the right credential can help you on the right path and advance your career.

Vendor-neutral and vendor-specific certifications each have their advantages, and professionals should choose between the two categories by analyzing their career objectives and aspirations.



CompTIA Certifications, CompTIA, Inc.

ISACA Certifications, ISACA

(ISC)² Certifications, (ISC)², Inc.

EC-Council Certifications, EC-Council Inc.

IAPP Certifications, IAPP

CMMC Certification, OUSD A&S

Cisco Certifications, Cisco, Inc.

Microsoft Certifications, Microsoft

Red Hat Certifications, Red Hat, Inc.

VMWare Certifications, VMware, Inc.

Guide to vendor-specific IT security certifications, SearchSecurity / TechTarget

Vendor-neutral certification guide for infosec professionals, SearchSecurity / TechTarget 

Posted: July 14, 2021
Articles Author
Daniel Brecht
View Profile

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.

Leave a Reply

Your email address will not be published. Required fields are marked *