There are three general types of certification: corporate (internal), product-specific, and profession-wide.
Corporate, or “internal” certifications made by a corporation or organization for internal purposes. For example, a corporation might require a training course for all sales personnel, after which they receive a certificate.
Product-specific certifications are more involved. They typically reference a particular skill or knowledge. This approach prevails in the information technology (IT) industry, where personnel is certified on a version of software or hardware. DegreeQuery wrote about some of the product-specific certifications in our report on-What Certifications will Complement my Cybersecurity Degree?
Profession-wide is the most general type of certification. A fine line exists between the product and the professional certification. Generally, the product certifications can be taken anytime as a means to increase your knowledge of a specific topic. For example, the CompTIA A+ certification teaches networking, hardware and software troubleshooting, security, and operational procedures.
Here are some of the more desirable professional certifications for cybersecurity professionals.
Certified Information Systems Security Professional (CISSP)
The International Information Systems Security Certifications Consortium’s (ISC2) CISSP certification is one of the most accepted computer security certifications. This general computer security knowledge certification exam covers eight Common Body of Knowledge (CBK) domains, including access control, operations security, cryptography, and more. The material focuses on the practical application of cybersecurity knowledge and tools. It also explores actual, on-the-job issues and risks.
Candidates must already have four to five years of professional experience in two or more of the CBK domains. In addition, they must be endorsed by a current CISSP certificate holder.
On average, (ISC)² members report having 35 percent higher salaries than non-members. (ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world.
SysAdmin, Networking, and Security Institute (SANS)
SANS is the most trusted and by far the largest source for information security training in the world. They offer a host of certifications, ranging from very niche security topics — malware analysis, firewalls, host security, security controls, and more– to its respected Global Information Assurance Certification (GIAC) Security Expert (GSE) designation.
GIAC offers over 30 cyber security certifications in seven categories: Cyber Defense, Penetration Testing, Incident Response and Forensics, Management/ Audit/Legal, Developer, Industrial Control Systems, and GSE.
The GSE certification is the most prestigious credential in the IT Security industry. The exam was developed by subject matter experts and top industry practitioners. The GSE’s performance-based, hands-on nature sets it apart from any other certifications in the IT security industry. The GSE will determine if a candidate has truly mastered the wide variety of skills required by top security consultants and individual practitioners.
Each certification stands on its own and represents a certified individual’s mastery of a particular set of knowledge and skills. For example, the Certified Detection Analyst (GCDA) is an industry certification that proves an individual knows how to collect, analyze, and tactically use modern network and endpoint data sources to detect malicious or unauthorized activity.
Certified Ethical Hacker
The Certified Ethical Hacker program is an intensive information security training program for information security professionals. The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals alike to break into an organization.
Participants learn the five phases of ethical hacking and the ways to approach your target and succeed at breaking in every time. The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.
Offensive Security Certified Professional (OSCP)
The OSCP is the companion certification for the Penetration Testing with Kali Linux training course. It attests to be the world’s first completely hands-on offensive information security certification. The certificate challenges the students to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam.
GIAC Cyber Threat Intelligence (GCTI)
This certificate benefits:
- Incident Response Team Members who regularly respond to complex security incidents/intrusions from advanced persistent threat adversaries and know how to detect, investigate, remediate, and recover from compromised systems across an enterprise.
- Threat Hunters who understand threats fully and know how to effectively hunt threats and counter their tradecraft.
- Security Operations Center Personnel and Information Security Practitioners who support hunting operations that identify attackers in their network environments.
- Experienced Digital Forensic Analysts who have an expanded understanding of file system forensics, investigations of technically advanced adversaries, incident response tactics, and advanced intrusion investigations.
81% of hiring managers who participated in a Salary Survey consider certifications a factor in their hiring decisions.
41% of respondents from the same survey said their organizations use certifications as a factor when determining salary increases.