Vendor-specific versus vendor-neutral: Best cybersecurity certifications
When deciding to get an information security certification, there are many factors to take into consideration. One of those decisions is whether you should pursue a vendor-specific or a vendor-neutral certification — but which one is right for you?
This article will detail the differences between the two types of certifications by giving you a closer look, examining some examples of the certifications themselves.
Vendor-specific and vendor-neutral certifications
Generally speaking, vendor-specific certifications cover specific information security software platforms, tools and technologies which usually focus on demonstrating expertise in a specific information security tool. On the flipside, vendor-neutral refers to an approach that aims to demonstrate broad compatibility and interchangeability of technologies, tools and products.
You may be thinking — so that’s it? I get the differences, but how can these certifications help me? While this may give you a general overview, to get down to the specifics.
According to the 2021 ISC Cybersecurity Workforce Study, 72% of cybersecurity professionals are required by their organization to earn certifications, and the demand is almost evenly split between vendor-neutral and vendor-specific certifications.
Popular vendor-neutral certification bodies
CompTIA covers a broad spectrum of topics, including cybersecurity, networking, cloud computing and technical support. They offer core certifications and credentials more focused on issues like cloud, Linux, pentesting and more.
Certifications available include: ITF+, A+, Network+, Security+, CySA+ (Cybersecurity Analyst), PenTest+ (Penetration Tester) and CASP+ (CompTIA Advanced Security Practitioner)
ISACA focuses on governance, control, risk, security and audit/assurance — and they recently released a privacy certification.
Certifications available include: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT) and Certified Data Privacy Solutions Engineer (CDPSE).
This association offers globally recognized core certifications in various important IT topics, including information systems security, cloud security and security built-in the software lifecycle.
Certifications available include: Certified Information Systems Security Professional (CISSP) and the three concentrations (ISSAP for architecture, ISSEP for engineering and ISSMP for management), Systems Security Certified Practitioner(SSCP), Certified Cloud Security Professional (CSSP), Certified Authorization Professional (CAP), Certified Secure Software Lifecycle Professional (CSSLP) and HealthCare Information Security and Privacy Practitioner (HCISPP).
This certification body offers many credentials, many focusing on ethical hacking, penetration testing, incident resolution and recovery and network defense. They also have programs specific to employees and contractors of government agencies (CNDA, Certified Network Defense Architect).
Some popular EC-Council certifications include: Certified Ethical Hacker (CEH), Certified Network Defender (CND), Certified Penetration Testing Professional (CPENT) and EC-Council Certified Incident Handler (CIH).
IAPP offers privacy certs and focuses on professionals who want to develop and advance their careers by helping their organizations successfully protect their data and manage risks like breaches, identity theft and loss of customer trust.
Certifications available include: Certified Information Privacy Professional (CIPP, with focuses available in the U.S., Europe, Canada and Australia), Certified Information Privacy Manager (CIPM) and Certified Information Privacy Technologist (CIPT)
Popular vendor-specific certification bodies
A renowned company in networking for the internet, Cisco offers certifications that can be truly helpful for any professionals given the sheer number of companies that use their networking products. With Cisco’s market share of 49.9% of the global ethernet switch market in the third quarter of 2020, there are many possibilities that a professional might find that technology on its path when applying for jobs. Cisco offers a wide variety of certification programs, from entry-level to expert to specialist certifications.
Some popular Cisco certifications include: Cisco Certified Network Associate (CCNA), Cisco Certified CyberOps Associate, as well as a number of professional and expert level certifications with different tracks.
Microsoft certifications are often listed in between the requirements of job opportunities. This is a reflection of the fact that many enterprises adopt Microsoft solutions for their IT infrastructures. The IT giant provides technical and non-technical options. It has recently completed an overhaul of its certification program that resulted in the retirement of some of its most famous options: Microsoft Certified Solutions Associate (MCSA), Microsoft Certified Solutions Developer (MCSD) and Microsoft Certified Solutions Expert (MCSE). The company has switched towards role-based certifications that are now available together with fundamental and expert-level certification options.
Popular entry-level certifications include: Microsoft Certified: Azure Fundamentals, Microsoft 365 Certified: Fundamentals and Microsoft Certified: Power Platform Fundamentals
A renowned and widely-used provider of enterprise open-source solutions, delivering Linux, cloud, container and Kubernetes technologies, Red Hat offers its own certifications and several skill paths that professionals (administrators, architects, engineers, developers and operators) can use to validate their knowledge.
Certifications available include: Red Hat Certified System Administrator (RHCSA), Red Hat Certified Engineer (RHCE), Red Hat Certified Enterprise Microservices Developers (RHCEMD) and Red Hat Certified Architect (RHCA).
This company is an expert in business modernization and offers better customer service, cloud storage, digital workspaces, apps and data security. It offers its own line of professional certifications for different skills levels: from associate to professional and expert.
Popular certifications include: VMware Certified Technical Associate (VCTA), VMware Certified Professional (VCP), VMwareCertifed Advanced Profession (VCAP) and VMware Certified Design Expert (VCDX)
Vendor-specific vs. vendor-neutral examples
Cybersecurity certification comparison
Fortinet Network Security Expert (NSE) (vendor-specific)
NSE is Fortinet’s eight-level certification program intended for professionals that want to validate their network security skills. This certification demands a commanding level of understanding of Fortinet’s network security platform and will enable the holder to be viewed as part of the security elite.
This certification is divided into eight levels, each containing an objective. These objectives span the spectrum of security skills from beginner/foundational to mastery. For example, the objective of NSE 1 is to develop an understanding of a foundational level of the current threat landscape, while the objective of NSE 8 is to design, install and configure a comprehensive security solution and troubleshoot it if needed. Those who would find this certification the most useful are those who are looking to demonstrate mastery of the Fortinet network security platform. In terms of employment, this certification will help jobseekers only if the hiring organization uses Fortinet.
CompTIA Security+ (vendor-neutral)
CompTIA Security+ is a popular vendor-neutral security certification that will help many springboard their career to the next level. The latest version of this certification exam, SY0-601, covers the baseline skills needed to perform core security functions and will help open doors for those first beginning their career in security.
In terms of vendor neutrality, Security+ does not focus on any one vendor’s platforms and tools, but rather gives a broad overview of different technologies that span different vendors. This certification will have broad appeal within the information security field and will demonstrate to organizations that your broad skill set validates that you are a security expert. This certification will be most useful for entry-level professionals and will have the widest appeal among potential employers. You can think of vendor-neutral certifications like this as more like a sprinkler than a squirt gun — you will appeal to the most employers, but your skills will not be as focused as a vendor-specific certification option.
For more on the Security+ certification, view our Security+ certification hub.
Cisco CCNA (vendor-specific)
Cisco CCNA is a routing and switching network certification that validates the certification holder’s fundamental network skills. Among these skills are LAN switching technologies, WAN technologies, routing technologies (IPv4 and IPv6), infrastructure security, infrastructure services and infrastructure management.
This is an associate-level certification that will help network professionals demonstrate expertise in Cisco routing and switching technologies, tools and products. This certification will be most useful for professionals wishing to work for an organization currently using Cisco network products. From my personal experience, every organization that I have worked for that used Cisco network products has had a professional on staff with at least a Cisco CCNA certification.
CompTIA Network+ (vendor-neutral)
The last certification this article will discuss is the ubiquitous CompTIA Network+ certification. This certification is designed to help bolster the careers of professionals working in the arena of IT network administration. Intended to validate a mid-level network technician skill set, this certification exam will cover network design, hardware setup, installation, configuration, support and troubleshooting. This exam also covers TCP/IP networking technologies and the OSI model. Network+ will demonstrate to organizations that you have a basic understanding of these network technologies and concepts.
This certification will be most useful for professionals at the mid-level point of their career to demonstrate competency with network technologies and concepts that have the broadest appeal. Network+ will prove to be most applicable to organizations that use an array of different network platforms, tools and technologies as opposed to organizations that are fully on board with a single vendor.
As you can see above, both vendor-specific and vendor-neutral certifications follow a general pattern. Vendor-specific certifications address a specific vendor’s technologies and tools and validate your competency in them, while vendor-neutral certifications will validate your competency in baseline skills in security and network fundamentals.
In terms of real-world use, vendor-specific certifications will be most useful to those seeking to join an organization that specializes in the specific vendor’s tools and solutions. Vendor-neutral certifications will be most useful to those seeking a role within an organization that uses a wide array of different vendors’ tools and solutions. These certifications are best for those who want to apply this certification to the broadest set of organizations. Keeping this simple certification rule of thumb in mind will help you decide which certification to pursue yourself.
The best way to handle this situation is to do your research on the organization you want to work for. If you can’t find out which certification would be best for the organization of your choice from a reasonable amount of online research, reach out to an information security professional at the said organization, strike up a conversation and ask them yourself.
- CompTIA Certifications, CompTIA, Inc.
- ISACA Certifications, ISACA
- (ISC)² Certifications, (ISC)², Inc.
- EC-Council Certifications, EC-Council Inc.
- IAPP Certifications, IAPP
- CMMC Certification, OUSD A&S
- Cisco Certifications, Cisco, Inc.
- Microsoft Certifications, Microsoft
- Red Hat Certifications, Red Hat, Inc.
- VMWare Certifications, VMware, Inc.
- Guide to vendor-specific IT security certifications, SearchSecurity / TechTarget
- Vendor-neutral certification guide for infosec professionals, SearchSecurity / TechTarget
- About the CompTIA Network+ certification, Indiana University Knowledge Base
- CCNA Exam Topics, The Cisco Learning Network
- Network Security Expert Program (NSE), Fortinet
- Vendor-Neutral Certifications Create a Solid Foundation to Build Upon — Get CompTIA Certified, TechSherpas