Top Vendor-Neutral Cybersecurity Certifications
The battle to attract, hire, and retain talent is particularly fraught in the cybersecurity sector, as there is an estimated global shortage of 3.4 million cybersecurity workers.1 This shortage is pervasive, as 81% of surveyed organizations believe that their security operations have been impacted by the dearth of available cybersecurity talent on the market.2
With such a high demand for these potentially lucrative ($110k+ average US salary for a cybersecurity job)3 roles, many younger and even experienced professionals may desire to enter cybersecurity. Especially with the US market for cybersecurity jobs projected to grow by 35% over the next decade.4 With many job postings, from entry-level Security Administrators to CISOs, requiring at least one to even more than a dozen cybersecurity certifications, people interested in breaking into and advancing in the trade are highly encouraged and incentivized to gain industry-recognized credentials. Here are a handful of today’s most sought-after cybersecurity certifications that can help prepare you for success in cybersecurity.
Beginner Certifications
CompTIA Security+
This entry-level certification from CompTIA validates the holder’s grasp of basic cybersecurity knowledge and skills. The accreditation verifies competencies:
- Network security
- Application data security
- Security compliance regulations
- Access control and identity management
- Incident response operations and tactics
There are no strict prerequisites for taking the CompTIA Security+ exam. However, it’s encouraged that one has at least a couple of years of security experience and has completed some foundational security courses and trainings.
GIAC Security Essentials Certification (GSEC)
Another entry-level credential, the GSEC from Global Information Assurance Certification, is designed to validate one’s skills in basic information security concepts and practices. The GSEC covers common security responsibilities and tasks, such as:
- Active defense
- Network security
- Cryptography
- Incident response
- Cloud security
- Security policy development
While there are no specific prerequisites for the GSEC exam, it’s advised that test takers gain some basic networking and information security experience and complete some rudimentary cybersecurity 101 courses.
Advanced Certification
Certified Information Systems Security Professional (CISSP)
Offered by (ISC)2, the world’s largest IT security organization, the CISSP certification covers a wide range of skills, including:
- Security and risk management
- Asset security
- Security engineering
- Security operations
- Identity and access management
- Network and communication security
The CISSP is one of the most widely recognized and, thus, highly sought-after certifications in the field. As of July 2022, there are over 156,000 CISSP holders worldwide.5 CISSP is an advanced certification, as candidates must have extensive (5+ years) work experience in multiple cybersecurity domains. Holders of CISSPs should be able to effectively design, implement, and manage a highly functional and proficient end-to-end cybersecurity program.
Role-Specific Certification
Certified Information Systems Auditor (CISA)
From the IT professional association ISACA, the CISA demonstrates the holder’s expertise in properly assessing, controlling, monitoring, and auditing an organization’s IT infrastructure and business systems. CISA topics include:
- Governance
- Risk management
- Information security
- Systems auditing
The CISA is one of the most recognized credentials for cybersecurity auditing, and one needs at least five years of IT auditing experience to sit for the certification.
Certified Information Security Manager (CISM)
Also, from ISACA, the CISM is intended for professionals who want to design, implement, and manage the operations of an organization’s security function. Holders of a CISM have demonstrated proficiencies in:
- Security governance
- Program development
- Incident management
- Risk management
The CISM is ideal for cybersecurity practitioners looking to pivot their careers into the managerial side of cybersecurity. Similar to the CISA, to be eligible for the CISM, one must have at least five years of information security management experience.
Certified Ethical Hacker (CEH)
The International Council of E-Commence Consultants (EC-Council) designed CEH to validate a professional’s aptitude with white hat hacking ethics, protocols, and techniques. Gaining a CEH certification will demonstrate proficiencies in:
- Systems testing
- Attack detection
- Attack vectors
- Attack prevention
These are all in-demand and crucial skills to protect an organization’s IT infrastructure and ecosystem. Requiring only two years of information security experience or passing an EC-Council training, this intermediate certification helps holders think like a malicious hacker, and thus, hopefully, be more proactive with their cybersecurity practices and processes.
The list above is just a small sample of the cybersecurity certifications available in 2023. Several additional certifications are available to validate one’s competency with the security principles of common vendor-specific software and hardware components of modern IT infrastructures. Choosing the proper certification(s) to pursue will depend on one’s career goals, current experience level and skill set, and the domain expertise one wishes to develop.
- (ISC)2, 2022 Cybersecurity Workforce Study, June 2022
- ESG, SOC Modernization and the Role of XDR, October 2022
- ZipRecruiter, How Much Do Cyber Security Jobs Pay per Month?, April 2023
- US Bureau of Labor Statistics, Occupational Outlook Handbook – Information Security Analysts, September 2022
- Wikipedia, Certified information systems security professional, accessed May 2023