Professional development

7 top security certifications you should have in 2023

Graeme Messina
January 19, 2023 by
Graeme Messina

This list will be a great starting point if you are an IT security professional looking for a certification to raise your game and enhance your skills.  

Given all the specializations within this industry and the number of available credentials, choosing the one that best fits your career needs and aspirations might seem daunting. Below are some of the best options for rewarding career paths, learning new skills and enhancing your ability to strengthen network defenses and digital assets against various threats.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Because this field requires constantly learning new skills, you need to ensure that your next training milestone will be to pass a security certification that can prove your knowledge in a particular area and make you more attractive to potential employers for your next job role.

Here are seven of the most popular certifications you can earn in 2023.

1. CompTIA Security+ (SY0-601)

One of the most sought-after entry-level exams is the CompTIA Security+ certification. A vendor-neutral security certification establishes the basic knowledge required for any cybersecurity role. Security+ is seen by many as a springboard to intermediate-level certs and a broader variety of job roles. 

Security+ features five domains—1. Attacks, threats and vulnerabilities (24%), 2. Architecture and design (21%), 3. Implementation (25%), 4. Operations and incident response (16%), 5. Governance, risk and compliance (14%)—that must be mastered by the candidate and will prove to be valuable for aspiring information security professionals.

  • Prerequisites: A CompTIA Network+ certification and two years of systems administration with a security focus are preferred but not required.
  • Exam: Maximum of 90 multiple-choice and performance-based questions, 90 minutes long. The passing score is 750 on a scale of 100 to 900.
  • Cost for exam: USD 381 registration fee.

Candidates who achieve the Security+ are sure to see a return on their initial investment. Security+ is the most popular cybersecurity certification in the world, with more than 500,000 certification holders — and those holders generally are paid good salaries.  

The CompTIA Security+ meets ISO 17024 standards and the Department of Defense’s Directive 8570.01-M requirements, giving candidates the possibility of landing a job within the government. This excellent entry-level cybersecurity certification is worth looking at for those new to the world of information security.

For more on the Security+ certification, view our Security+ certification hub.

2. EC-Council Certified Ethical Hacker (CEHv11)

The Certified Ethical Hacker certification focuses heavily on hacking techniques and technologies from an offensive perspective. It is structured to test the candidate’s abilities in realistic scenarios. Certificate holders can proactively test the security of a network from the inside or simulate an intruder from the outside. 

EC-Councils’ C|EH is one of the industry's most sought-after ethical hacking certifications, thanks to its hands-on approach. Candidates will learn the latest hacking tools and techniques to lawfully hack an organization and identify security vulnerabilities. 

  • Prerequisites: Candidates must attend official training or have at least two years of information security-related experience.
  • Exam: 125 multiple-choice questions with four hours to complete; to pass, cut scores can range from 60% to 85%.
  • Cost for exam:  Pearson VUE (312-50) voucher is $1199 and ECC EXAM (312-50) voucher is $950.

The CEH is one of the best-known entry-level offensive security certifications. It’s versatile because many security positions rely on a CEH holder's skills. This is due in part to the hands-on nature of this security certification, which gets learners started with some solid basics, including information security threats and attack vectors, attack detection, attack prevention, procedures, methodologies and more. This is a good starting place for security professionals looking for practical knowledge in penetration testing and ethical hacking before moving on to more advanced certifications.

For more on the EC-Council CEH certification, view our CEH certification hub.

3. (ISC)² Certified Information Systems Security Professional (CISSP)

The CISSP is one of the most respected and requested cybersecurity certifications, but it’s not entry-level. Hiring managers often use the CISSP as a benchmark because it requires both passing a tough test and on-the-job experience. Earning a CISSP certification shows that you know how to design, engineer and implement information security systems in the workplace. 

The CISSP is in high demand and is globally recognized. Once you earn the certification, you will find many avenues open for you that can take your cybersecurity career to the next level.

  • Prerequisites: Candidates must have at least five years of cumulative paid work experience in two or more of the eight domains of the CISSP CBK. Those who don’t have the required work experience can satisfy a portion of it with the CISSP experience waiver. Another option for those without the appropriate work experience is to take the exam and earn an associate of (ISC)2 designation. Candidates will have six years to earn the required work experience for the CISSP.
  • Exam: 125 to 175 multiple-choice and advanced innovative items and up to four hours for the English CAT version; the passing score is 700 out of 1000 points. The CISSP linear examination contains 250 multiple-choice and advanced innovative items, with up to six hours to complete. Available in Chinese, German, Korean, Japanese and Spanish.
  • Cost for exam: $749 in all regions except the U.K. (585 pounds) and Europe (665 euros). The exam is administered by (ISC)² Authorized PPC and PVTC Select Pearson VUE Testing Centers.

Acquiring the CISSP is a great way to climb the IT career ladder and increase your earning potential. It is a good option for professionals who want to validate their expertise across a broad spectrum of topics and obtain a certification with a worldwide reputation.

For more on the CISSP certification, view our CISSP certification hub.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

4. ISACA Certified Information Security Manager (CISM)

Not all cybersecurity roles are entirely technical. The CISM teaches valuable information security-aligned managerial skills. This is a domain where assurance and risk management are major parts of the role requirements. It is based on security management principles that are practical and essential to getting the job done.

This higher-level certification opens up many opportunities for career progression. The CISM suits cybersecurity and IT security managers but is also ideal for information risk managers.

  • Prerequisites: At least five years of professional information security management work experience. However, up to two years can be waived if certain education or certification requirements are met.
  • Exam: The test, containing 150 multiple-choice questions, takes four hours to complete. The score margin ranges from 200 to 800, with a score of 450 being the passing mark. The exam covers four job practice areas, known as knowledge areas or domains. The examination is available online with remote proctoring or in person at a testing center.
  • Cost for exam: USD 575 for ISACA members and USD 760 for non-ISACA members.

If you are already in a managerial position, this certification can give you the credibility you need for promotions and pay raises. It is another internationally recognized certification that is highly sought after in companies that value security and the processes required to stay compliant and secure in the IT environment.

For more on the CISM certification, view our CISM certification hub.

5. ISACA Certified Information Systems Auditor (CISA)

The CISA focuses on the skills that allow candidates to audit, control and monitor information technology and business systems. This security certification is a good move for any security professionals who want a certification that is an internationally recognized standard in system auditing and controls. Certification proves the ability to evaluate the adequacy and effectiveness of an organization’s IT internal controls, policies and regulations.

If you are an entry-level to mid-career professional, CISA can showcase your competence in applying a risk-based approach to planning and executing audits.

  • Prerequisites: Candidates must have five years of work experience in the field, performing duties specifically related to information systems auditing, control, assurance or security.
  • Exam: A 150-multiple-choice-question test requires 4 hours to complete. The score margin ranges from 200 to 800, with a score of 450 being the passing mark for the exam.
  • Cost for exam: USD 575 for ISACA members and USD 760 for non-ISACA members.

This valuable certification, also ANSI-accredited, fulfills the DoD 8570’s IAT Level III and CSSP Auditor requirements. With ISACA’s CISA, you can also expect to qualify for well-paid positions.

For more on the CISA certification, view our CISA certification hub.

6. (ISC)² Certified Cloud Security Professional (CCSP)

Cybersecurity challenges change daily in the cloud, so gaining the CCSP is vital.

(ISC)²’s CCSP credential assures employers that the candidate has the advanced technical knowledge and skills to design, manage and secure data, applications and infrastructures in the cloud.

  • Prerequisites: Candidates must have at least five years of full-time experience in IT, of which three years must be in information security and one year in one or more of the six domains of the CCSP CBK.
  • Exam: A 150-multiple-choice-question exam has a four-hour time limit; the passing grade is 700 out of 1000 points. The test is available in English, Chinese, German, Japanese, Korean and Spanish.
  • Cost for exam: The exam costs $599 per attempt and is administered by Pearson VUE.

This certification helps candidates demonstrate proficiency in cloud architecture as well as day-to-day operations, application security considerations and much more. Anyone looking for a role in a cloud-based environment will be well served with a CCSP certification.

For more on the CCSP certification, view our CCSP certification hub.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

7. GIAC Security Essentials (GSEC)

The GSEC is an entry-level credential that is good for candidates who have a limited background in security and networking and want to demonstrate their knowledge.

Anyone who works in an IT role where security is important can benefit from this certification, which verifies skills related to hands-on IT security tasks.

  • Prerequisites: None
  • Exam:  Consists of an open book exam with 106 to 180 questions; candidates have four to five hours to complete. The passing score is 73%. Exams are web-based and require remote proctoring through ProctorU and onsite proctoring through PearsonVUE.
  • Cost for exam: USD 949 for a GSEC certification attempt and two practice tests.

This certification is another good choice if you want to certify your experience and knowledge in information security or if a potential employer is looking at your resume or CV and you want to stand out for your hands-on skills.


Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.