When it comes to information security, certifications are a very good way to raise your salary or land a new, higher-paying job. In this article, we’ll look at the top five highest-paying infosec certifications, what kinds of salaries they offer, what you need to in order to qualify and where to take them.

Why Certify?

Receiving a certification in an IT field can be very important for a variety of different reasons. First and foremost, it’s a good measure of current knowledge in a specific skill set or area of expertise that alerts HR and IT recruiters looking to fill certain jobs that you are qualified for them. Every year, different “hot” certifications are in demand, causing salaries to get extremely competitive. Having an in-demand certification can make it much easier to switch from a lower-paying IT job.

Second, it’s a way to rise in the ranks within your current occupation. This is especially true in government-related security certifications: having the required training can many times lead to an automatic increase in pay.

Finally, spending the time, money and energy to pass these often-difficult certification courses shows a current or prospective employer that you are serious about your career.

So which certification should you take? Ultimately, it’s your choice. But according to data from Payscale.com, the following are highly-sought-after and having them will result in commanding a larger salary.

5. Certified Ethical Hacker (CEH) — $89K

For those with less infosec experience or who are interested in learning/using hacking skills for good rather than evil, the Certified Ethical Hacker credential may be right for you. Many companies hire so-called “white-hat” hackers” with the CEH to try to penetrate their networks, reporting any flaws or vulnerabilities and making recommendations for better security.

This intermediate certification requires two years’ experience, but you can also take the test if you bundle it with a qualified training course or boot camp. The four-hour exam is conducted by the International Council of E-Commerce Consultants (EC-Council) and contains 125 multiple-choice questions that cover the latest methodologies used by cybercriminals to hack into organizations. Topics include SQL injection, hacking wireless networks, social engineering, hacking web servers and more.

Because new weapons and methods of attack are being developed almost daily, the CEH must be renewed every three years with 120 continuing education credits. If you are creative, outgoing and inquisitive, a CEH is a lucrative credential that can help you land an exciting and interesting job.

4. Certified Information Systems Security Professional (CISSP) — $107K

The Certified Information Systems Security Professional (CISSP) issued by (ISC)2 is considered a core credential, as it shows an advanced understanding of all security issues for enterprise-level organizations. It is intended to enhance the security skills of decision-makers, so everyone from CISO to network architect can benefit from passing it. CISSP is also good for government employees, as it meets DoD Directive 8570.1.

CISSP requires more experience than other certifications on this list: you must have at least five years working in infosec, or four if you hold a related degree and you must also receive an endorsement from another CISSP. Additionally, you must join the (ISC)2, have a clean criminal record and adhere to their code of ethics. The CISSP test is six  hours long with a mixture of multiple-choice and long-form “advanced innovative response” questions. Once obtained, the CISSP credential must be renewed every three years with continuing education credits.

Clearly, the effort is worth it, as a CISSP’s average pay is in the six-figure range. It’s been said that there are 10,000 jobs added per day that need this credential, and it is expected there will be a shortfall of 3.5 million people by 2021.

3. CRISC — $111K

Certified in Risk and Information Systems Control (CRISC) is a benchmark certification for IT professionals who work in identifying, understanding, managing and mitigating enterprise risk. This include positions such as Chief Information Security Officer, Information Security Manager and Senior IT Auditor. Financial institutions as well as insurance, legal and even food service companies all have need for those with a CRISC, as IT-related risk is a big part of the success and/or failure of any large corporation.

This test is administered by the IASCA and is a four-hour exam. It consists of 150 questions in four areas related to risk: Risk Identification, Risk Assessment, Risk Response and Mitigation, and Risk and Control Monitoring and Reporting.

According to the IASCA, just 20,000 people hold the credential worldwide, adding to its desirability. It’s seen as a global standard of expertise and has been embraced by the American National Standards Institute (ANSI) and others.

To be able to take the test, you must have three years of experience in two areas the test covers. The test is offered twice a year from June — September and October — January. In order to renew the credential every year, you must fulfill enough continuing education credits.

2. Certified Secure Software Lifecycle Professional (CSSLP) — $116K

The Certified Secure Software Lifecycle Professional (CSSLP) offered by International Information Systems Security Certification Consortium (ISC)2 is designed to show a high level of competence in security issues for the entire software development lifecycle (SDLC). As such, it’s an important certification for senior software engineers and security directors in networking and IT as well as software architects and developers.

To qualify for the CSSLP, you must have four years’ experience in security-related issues in one of eight domains of the SDLC, which are also covered in the exam, or three years’ experience and a BA or equivalent in Computer Science, IT or related fields. If you don’t have any professional experience or a degree, you can still take the CSSLP and become an Associate; you then have five years to earn the required experience (part-time and internships also qualify).

The eight domains covered in the exam are: Secure Software Concepts, Secure Software Requirements, Secure Software Design, Secure Software Implementation/Programming, Secure Software Testing, Secure Lifecycle Management, Software Deployment, Operations, and Maintenance and Supply Chain and Software Acquisition.

The exam is four hours long and consists of 175 multiple-choice questions, with a passing grade of 700 required (out of 1000).

1. Certified Information Security Manager (CISM) — $121K

The Certified Information Security Manager (CISM) credential is essential for any top-level security specialist who oversees development and implementation of protocols, particularly in enterprise applications. The test was created in 2003 by IASCA and continues to be one of the top certifications in information security. Still, only 38,000 people have a CISM, making it a relatively rare and desirable addition to your resume.

Some of the job titles that benefit from the CISM include Information Security Manager, Chief Information Officer, Security Architect and Information Security Analyst.

The CISM consists of 150 multiple-choice questions and takes four hours. It is only offered twice a year during 16-week periods. In 2018, these periods are February 1 to May 24 and June 1 to September 23. The certification exam has five areas related to information security: Governance, Risk Management, Program Development and Management and Incident Management.

Prerequisites for the CISM include at least five years working in information security and at least three as a security manager, all within the last ten years. Those wishing to earn the certification must also sign the ISACA Code of Professional Ethics and agree to earn continuing education credits every year in order to keep the credential active.

This is just a brief overview of the credentials, their pay scales, and their requirements. If you would like more information or to take one of our award-winning bootcamps, visit InfoSec Institute.



15 Top-Paying IT Certifications for 2018, Global Knowledge

Top 11 IT certifications that pay the big bucks in 2018, IT World Canada

Cash pay premiums for tech certifications in 2018: Highest paying, fastest growing at 3,188 employers, CIO

Salary for Certification: Certified Information Security Manager, PayScale


CISSP – The World’s Premier Cybersecurity Certification, (ISC)2

How to Become a Certified Information Systems Security Professional (CISSP), Business News Daily

Certified Ethical Hacker, EC-Council

Best Information Security Certifications 2018, Business News Daily

CSFA Exam Information, Cybersecurity Forensic Analyst

CSSLP – Certified Secure Software Lifecycle Professional, IT SecurityTraining Australia

CSSLP – The Industry’s Premier Secure Software Development Certification, (ISC)2