Data Breaches are growing in number, size and criticality, the cybersecurity talent gapis widening, and the security unemployment rate is at zero. A recent survey of IT decision makers across the U.S., Europe and Asia shows most firms are aware and worried about vacant cyber security posts and feel vulnerable to attack.
All of these signs are indicative that cyber security and InfoSec skills are in remarkably high demand and are a good place to start for anyone looking to begin or advance a successful IT career path.
CompTIA SECURITY+: A basic entry-level certification for the curious security newcomer. It really introduces the candidate to many of the security concepts and touches on many basic Security topics and all cyber security certifications to encourage the young generation to go for Information/IT security.
SSCP – Systems Security Certified Practitioner:
Another first step credential for cyber security careers, the SSCP, offered by (ISC)2, can be the ideal precursor for the much coveted CISSP. SSCP certified professionals will develop entry-level skills in the main tenets of cyber security, including cryptography, accesscontrols, malicious code and activity, monitoring and analysis, networks and communications, and security operations and administration.
SSCP is a competitor to the popular CompTIA Security+ certificate. SSCP holders are qualified for security engineering, monitoring and implementation positions, where they serve in a hands-on security capacity.
CRISCA: great information risk certification that touches on various topics concerning Information Security and is definitely a natural progression for the Information and Business Security practitioner to understand how to deal with risk and apply knowledge acquired in the realm of risk. Mostly geared towards the risk practitioner and is mentioned and ranked here for its close relation to Information/IT security.
GPEN – GIAC Penetration Tester: The GPEN is another certification that is aimed at developing skills for seeking out security vulnerabilities in networks and computer systems. As penetration testing is a sensitive discipline associated with many legal and technical intricacies, GPEN holders will-in addition to the hands-on, practical experience-become acquainted with the legal and non-technical issues that surround penetration testing.
CISM: It was a difficult decision between CISM and CRISC, however, it doesn’t really matter because both are from ISACA. A business oriented certification focusing on management, design, and risk. It is the Information Security professional’s gateway to understanding the broad concepts of information assurance and ultimately securing it, serves security managers, business security architects amongst others.
ECSA – EC-Council Certified Security Analyst : This is EC-Council’s sequel to the CEH and builds upon what you know as an ethical hacker to elevate your skills as a penetration tester. However, note that you are not necessarily required to hold a CEH certificate before taking the exam.
The ECSA is focused on helping security professionals and penetration testers validate the analytical phase of ethical hacking by being able to precisely measure and assess the outcome of hacking tools and technologies. ECSA professionals use improved methods and techniques to identify and mitigate risks to information security and network infrastructures across the enterprise.
CISSP : Composed of 10 knowledge domains in various security topics ranging from physicalsecurity to management. The CISSP is more technically oriented and relates to some of the most complex topics like cryptography, network security, authentication, and authorisation, serves the security analyst.
OSCE: The ultimate IT security geek fantasy, this certification is considered one of the most complex certifications. In order to apply to the OCSE, the candidate has to go through two challenging ordeals and yes it is a cult certification. Suits the malware analyst, the IT security geek and reverse engineer.
LPTA: This is rising star in the realm of security althoughthis certificate has been around for some time now, EC-council has restructured how this certification is attained and this requires in addition to achieving the CEH and ECSA a practical exam, a must for the dedicated penetration tester.
CREST ACE/ICET: are very valuable certifications that are composed of various testing techniques such as long answers, multiple choices and a practical exam that many have said clearly is a tough challenge. ICE infrastructure and ACE application penetration testing are reserved for the novice penetration tester.
GIAC: Security Essentials A must have for all security professionals, given that you can afford it. SANS courses are still the best, but somehow expensive. Yet this certification touches on many topics that range from basic to mid-range complexity, recommended for any security professional never too late to refresh old memories.
CEH: One of the favorite certifications and a highly regarded certification in industry There is much value to be derived from this certification and most certainly and excellent start for the junior practitioner.
Thanks for reading and sharing.