General security

Vendor-specific versus vendor-neutral certifications

April 30, 2019 by Greg Belding

Introduction – choosing the right certification for you

When deciding to get an information security certification, there are many factors to take into consideration. One of those decisions is whether you should pursue a vendor-specific or a vendor-neutral certification — but which one is right for you?

This article will detail the differences between the two types of certifications by giving you a closer look, examining some examples of the certifications themselves.

Vendor-specific and vendor-neutral certifications

Generally speaking, vendor-specific certifications cover specific information security software platforms, tools and technologies which usually focus on demonstrating expertise in a specific information security tool. On the flipside, vendor-neutral refers to an approach that aims to demonstrate broad compatibility and interchangeability of technologies, tools and products.

You may be thinking — so that’s it? I get the differences, but how can these certifications help me? While this may give you a general overview, to get down to the specifics of how these two approaches can help you in your own career it is best to make a closer examination of vendor-specific and vendor-neutral. We can do this by directly examining examples of both security and network certifications for each category.

Security certifications

Fortinet Network Security Expert (NSE) (vendor-specific)

NSE is Fortinet’s eight-level certification program intended for professionals that want to validate their network security skills. This certification demands a commanding level of understanding of Fortinet’s network security platform and will enable the holder to be viewed as part of the security elite.

This certification is divided into eight levels, each containing an objective. These objectives span the spectrum of security skills from beginner/foundational to mastery. For example, the objective of NSE 1 is to develop an understanding of a foundational level of the current threat landscape, while the objective of NSE 8 is to design, install and configure a comprehensive security solution and troubleshoot it if needed.

Those who would find this certification the most useful are those who are looking to demonstrate mastery of the Fortinet network security platform. In terms of employment, this certification will help jobseekers only if the hiring organization uses Fortinet.

CompTIA Security+ (vendor-neutral)

CompTIA Security+ is a popular vendor-neutral security certification that will help many springboard their career to the next level The latest version of this certification exam, SY0-501, covers the baseline skills needed to perform core security functions and will help open doors for those first beginning their career in security.

In terms of vendor neutrality, Security+ does not focus on any one vendor’s platforms and tools, but rather gives a broad overview of different technologies that span different vendors. This certification will have broad appeal within the information security field and will demonstrate to organizations that your broad skill set validates that you are a security expert.

This certification will be most useful for entry-level professionals and will have the widest appeal among potential employers. You can think of vendor-neutral certifications like this as more like a sprinkler than a squirt gun — you will appeal to the most employers, but your skills will not be as focused as a vendor-specific certification option.

Network certifications

Cisco CCNA (vendor-specific)

Cisco CCNA is a routing and switching network certification that validates the certification holder’s fundamental network skills. Among these skills are LAN switching technologies, WAN technologies, routing technologies (IPv4 and IPv6), infrastructure security, infrastructure services and infrastructure management.

This is an associate-level certification that will help network professionals demonstrate expertise in Cisco routing and switching technologies, tools and products. This certification will be most useful for professionals wishing to work for an organization currently using Cisco network products. From my personal experience, every organization that I have worked for that used Cisco network products has had a professional on staff with at least a Cisco CCNA certification.

CompTIA Network+ (vendor-neutral)

The last certification this article will discuss is the ubiquitous CompTIA Network+ certification. This certification is designed to help bolster the careers of professionals working in the arena of IT network administration. Intended to validate a mid-level network technician skill set, this certification exam will cover network design, hardware setup, installation, configuration, support and troubleshooting. This exam also covers TCP/IP networking technologies and the OSI model. Network+ will demonstrate to organizations that you have a basic understanding of these network technologies and concepts.

This certification will be most useful for professionals at the mid-level point of their career to demonstrate competency with network technologies and concepts that have the broadest appeal. Network+ will prove to be most applicable to organizations that use an array of different network platforms, tools and technologies as opposed to organizations that are fully on board with a single vendor.

Key takeaway

As you can see above, both vendor-specific and vendor-neutral certifications follow a general pattern. Vendor-specific certifications address a specific vendor’s technologies and tools and validate your competency in them, while vendor-neutral certifications will validate your competency in baseline skills in security and network fundamentals.

In terms of real-world use, vendor-specific certifications will be most useful to those seeking to join an organization that specializes in the specific vendor’s tools and solutions. Vendor-neutral certifications will be most useful to those seeking a role within an organization that uses a wide array of different vendors’ tools and solutions. These certifications are best for those who want to apply this certification to the broadest set of organizations. Keeping this simple certification rule of thumb in mind will help you decide which certification to pursue for yourself.

The best way to handle this situation is to do your research on the organization you want to work for. If you can’t find out which certification would be best for the organization of your choice from a reasonable amount of online research, reach out to an information security professional at said organization, strike up a conversation and ask them yourself.


There are many different options available when choosing a certification to boost your information security career. When making this decision, keep in mind that certifications can be either vendor-specific or vendor-neutral and these certifications are best applied to different scenarios. Certifications are still a great way to help your career, but make sure you identify which ones will apply the most to your situation.



  1. About the CompTIA Network+ certification, Indiana University Knowledge Base
  2. CCNA Exam Topics, The Cisco Learning Network
  3. Network Security Expert Program (NSE), Fortinet
  4. Vendor-Neutral Certifications Create a Solid Foundation to Build Upon — Get CompTIA Certified, TechSherpas
Posted: April 30, 2019
Articles Author
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.

Notice: Undefined index: visitor_id12882 in /www/resourcesinfosecinstitute_601/public/wp-content/plugins/infosec-user-info/infosec-user-info.php on line 117