Guide to Cybersecurity Engineering Certifications (Cyber)

Find schools

*sponsored

Entry-level Cybersecurity Certifications

ECSS: E-Council Certified Security Specialist

The International Council of Electronic Commerce Consultants (or the EC-Council, as it is often abbreviated), offers a wide variety of cybersecurity certifications, but the ECSS is the most foundational of them all. An entry-level certification that is often pursued by college students and recent graduates, the ECSS focuses on three areas of competency: network security, information security, and computer forensics.

In order to be eligible, candidates must have either one year of IT experience, or attend a training provided by E-Council. Once deemed eligible, candidates must then pass a two-hour, 50-question exam. The exam costs $249. In order to maintain their credential, ECSS holders must complete 120 continuing education credits (ECEs) within each three-year period.

CEH: Certified Ethical Hacker

The EC-Council’s Certified Ethical Hacker (CEH) designation is one of the most widely recognized cybersecurity certifications in the industry. It’s geared towards cybersecurity professionals who wish to demonstrate their competency in penetration testing and identifying infrastructure vulnerability.

Through a four-hour, 125-question test, the CEH assesses an applicant’s ability to perform penetration testing and identify security risks within an IT infrastructure. Applicants must either have two years of professional work experience in information security, or attend an official training through the EC-Council. Although it is considered an intermediate-level certification for network administrators and penetration testers, the training options make it feasible as a first certification and a solid introduction to the topic of ethical hacking. The exam costs $850 for US residents and $885 for international applicants. CEH holders must complete 120 ECEs every three years in order to maintain their designation.

CompTIA Security+

The Computing Technology Industry Association (commonly referred to as CompTIA) offers the vendor-neutral, globally recognized Security+ certification. This is an excellent first certification to pursue, as it establishes foundational knowledge required across every cybersecurity role, and incorporates best practices into practical situations.

Aligned with Department of Defense standards, Security+ is as relevant for those seeking government jobs as it is those seeking work in the private sector as a security administrator, network administrator, or penetration tester. As an entry-level credential, applicants must only pass a 90-question, 90-minute exam. While there are no precise eligibility requirements that demand work experience, some understanding of network security is necessary. The exam costs $339, with additional training available (but not required). Security+ holders must complete 50 continuing education units (CEUs) every three years in order to maintain their designation.

GSEC: GIAC Security Essentials

Global Information Assurance Certification (GIAC) is globally recognized by government, industry, and military professionals as the leader in cybersecurity certification. Their GSEC credential is an entry-level option best suited for cybersecurity professionals who want to move into more hands-on roles.

There are no eligibility requirements in order to take the GSEC exam, but training is recommended. The five-hour, 180-question GSEC exam is open-book and open-notes, and it tests for knowledge in areas such as: networking mapping and network protocols; identifying and preventing wireless attacks; password management; cryptography fundamentals; and public key infrastructure. The exam costs $1,899 (or $769 if taken as part of a larger training or bootcamp). In order to maintain their credential, GSEC holders are required to complete 36 continuing professional experience (CPE) credits every four years. Furthermore, a maintenance fee of $249 is required every four years.

CASE: Certified Application Security Engineer

The EC-Council’s CASE certification is an intermediate-level designation for .NET and Java developers who want to become application security engineers, analysts, or testers. Those who earn the designation can make a compelling business case for their own employment: 75 percent of all cyber attacks target web applications, and the number of such attacks has grown 69 percent in the last year.

In order to be eligible to take the qualifying exam, applicants need either to have two years of work experience in cybersecurity/software development, or participate in an official training program. The two-hour, 50-question exam costs $550, including the application fee. In order to maintain their credential, CASE holders need to complete 120 ECEs every three years.

Intermediate Cybersecurity Certifications

CISA: Certified Information Systems Auditor

The CISA designation, offered by ISACA, is for cybersecurity professionals who audit, monitor, and control IT systems. This is an intermediate-level certification, and candidates must have at least five years of experience working in information systems auditing, control, assurance, or security.

The CISA measures competency in five domains: standards and practices; organization and management; processes; integrity, confidentiality, and availability; and software development, acquisition, and maintenance. In order to earn the designation, candidates need to pass a four-hour, 200-question exam. The exam costs $575 for ISACA members, and $760 for non-members. CISA holders need to complete at least 20 CEUs annually—and 120 CEUs over each three-year period—in order to maintain their status.

CCSP: Certified Cloud Security Professional

Offered by (ISC)², the CCSP is an intermediate-level certification for enterprise architects, security admins, and cybersecurity engineers who want to specialize in cloud security.

Candidates must have at least five years of experience in IT, three of which must be specifically in cybersecurity. Furthermore, candidates must have at least one year of experience in at least one of six domains in the CCSP’s body of knowledge. Once deemed eligible, candidates must pass a four-hour, 125-question exam that covers the skills and knowledge necessary to design, manage, and secure data, infrastructure, and applications in the cloud.

The exam costs $549, and the certification must be maintained with an annual fee of $100. In order to maintain their credential, CCSP holders need to complete 40 CPEs each year, for a total of 120 CPEs over each three-year renewal period.

HCISPP: Health Care Information Security and Privacy Practitioner

For a more specialized certification, the (ISC)² offers the HCISPP, a mark of professional differentiation in the growing field of healthcare IT. The HCISPP is aimed at cybersecurity professionals who specialize in data sets that include protected health information (PHI), and are charged with defending them in a manner adherent to federal and state regulations.

In order to be eligible, candidates must have at least two years of cumulative, paid work experience in one or more of the six domains laid out in the HCISPP body of knowledge: healthcare industry; regulatory environment; privacy and security in healthcare; information governance and risk management; information risk assessment; and third party risk management. Of those two years of work experience, one must be in the healthcare industry specifically. Those who do not have any applicable work experience may choose the Associate of (ISC)² path, and complete their work experience later.

Once deemed eligible, candidates must pass a three-hour, 125-question exam. The exam costs $599. Those who earn the HCISPP designation must complete 20 CPEs every year, and pay an annual maintenance fee of $65.

CRISC: Certified in Risk and Information Systems Control

Hosted by ISACA, the CRISC designation is for those who wish to demonstrate capability in facing the challenges of IT and enterprise risk management, and make themselves strategic partners to the business. Originally established as a credential for C-suite executives, it’s now branched out to those aspiring to become one as well.

Applicants need at least three years of work experience in the areas of IT risk management and IS control. The four-hour, 150-question test costs $595 for members of ISACA, and $725 for non-members. Custom study paths are available through ISACA and third parties. CRISC holders must complete 20 CPEs every year, and a total of 120 CPEs every three years, in order to maintain their credential. Furthermore, an annual maintenance fee of $85 ($45 for ISACA members) is required.

CompTIA PenTest+

As a follow-up to their entry-level options, CompTIA offers a few intermediate-level certificates, one of which is their PenTest+. This is for cybersecurity professionals who wish to demonstrate their capability at penetration testing. The PenTest+ credential verifies that they have the skills necessary to plan and scope an assessment, understand compliance requirements, perform vulnerability scanning and penetration testing, analyze data, and effectively report results. These capabilities should be present whether the terrain is mobile, cloud, or desktop.

While there is no concrete eligibility requirement, candidates likely need three to four years of hands-on experience in information security to pass the qualifying exam. The 165-minute, 85-question test costs $349. In order to maintain their credential, PenTest+ holders need to complete 60 CEUs every three years.

CSSLP: Certified Secure Software Lifecycle Professional

The (ISC)² offers the vendor-agnostic CSSLP designation for cybersecurity professionals who want to demonstrate their specialization in the software development lifecycle.

In order to be eligible, applicants must have four years of cumulative, paid work experience as a software development professional, with specific focus in at least one of CSSLP exam’s eight domains of study. A four-year degree may substitute for one year of such experience. Those who do not meet the requirements may apply through the Associate of (ISC)² program while they gain further work experience.

The four-hour, 175-question exam costs $599 and covers eight domains: secure software concepts; secure software requirements; secure software design; secure software implementation and programming; secure software testing; secure lifecycle management; software deployment, operations, and maintenance; and supply chain and software acquisition. To maintain their designation, CSSLP holders will need to complete 90 CPEs every three years, as well as pay an annual fee of $35.

Advanced Cybersecurity Certifications

CISSP: Certified Information Systems Security Professional

The CISSP designation, offered by (ISC)², is an elite designation for experienced cybersecurity professionals. It validates knowledge across a wide array of security applications and is not only for cybersecurity architects, but chief information security officers as well. The certification meets Department of Defense standards and is vendor-agnostic.

Eligibility requirements ask for either five years of full-time paid experience in a field related to the CISSP exam’s subject matter, or a four-year degree and one-year of full-time paid experience. Those unable to meet the above requirements may apply to become an associate of (ISC)² while they complete their work experience. Applicants also need some advanced understanding of at least two of the eight areas of the CISSP study materials.

In order to earn the certification, applicants must pass a six-hour, 250-question exam that covers eight domains: security and risk management; asset security; security architecture and engineering; communication and network security; identity and access management; security assessment and testing; security operations; and software development security. The exam costs $599, and while training is not required, it is available through (ISC)². CISSP holders will need to complete 120 CPEs during each three-year renewal period.

CISM: Certified Information Security Manager

Offered by the Information Systems Audit and Control Association (ISACA), the CISM designation is an advanced credential for cybersecurity experts looking to take on more senior leadership roles within the field. The CISM designation not only measures technical competency as it relates to cybersecurity, but it also validates a professional’s understanding of how cybersecurity relates to broader business goals and objectives.

Candidates must have at least five years of work experience in cybersecurity, with at least three of those years being in the role of information security manager. To earn the CISM designation, applicants need to pass a four-hour, 200-question exam. The exam costs $575 for members of ISACA, and $760 for non-members. In order to maintain their credential, CISM holders will need to complete 20 CEUs annually, and 120 CEUs over each three-year period.

CCISO: Certified Chief Information Security Officer

Offered by EC-Council, CCISO is an elite designation for current and aspiring chief information security officers, including those with the goal of working for government and military. With no official training, applicants need five years of experience in each of the five domains of study: governance (policy, legal, and compliance); IS management controls and auditing management; leadership (projects and operations); information security core concepts; and strategic planning and finance.

With official training, applicants only need five years of experience in three of the domains of study. Importantly, the areas of experience can overlap—i.e., five years in a role which encompasses all five domains of study is enough to make an applicant eligible. Once deemed eligible, the two-and-a-half-hour qualifying exam consists of 150 multiple choice questions. The exam costs $600. In addition to completing continuing education, CCISO holders who wish to maintain their designation will have to pay an annual fee of $100.

CASP+: CompTIA Advanced Security Practitioner

CompTIA’s CASP+ is the only certification available that is hands-on, performance-based, and geared towards technical professionals—not just managers. Whereas other advanced certifications focus on identifying what policies and frameworks to implement, CASP+ certifies one’s ability to implement those solutions as well.

Candidates need at least ten years of experience in IT administration, five of which must include hands-on technical security experience. The 165-minute, 90-question test covers the technical knowledge and skill necessary to engineer and implement secure solutions across a complex enterprise systems with a specific focus on: risk management; enterprise security architecture; enterprise security operations; technical integration of enterprise security; and research, development, and collaboration. The exam costs $439. In order to renew their certification, CASP+ holders need to complete 75 CEUs every three years.

Related Articles

20 Data Science Professors to Know

Traditional forms of education are still important, but they can’t keep up with the rapid pace of cybersecurity. As soon as one form of threat is neutralized, innumerable others are developed. That’s why employers and employees are both increasingly turning to the more nimble world of professional certifications.

20 Professors in Engineering Technology to Know

Traditional forms of education are still important, but they can’t keep up with the rapid pace of cybersecurity. As soon as one form of threat is neutralized, innumerable others are developed. That’s why employers and employees are both increasingly turning to the more nimble world of professional certifications.

25 Innovative Computer Science Professors

Traditional forms of education are still important, but they can’t keep up with the rapid pace of cybersecurity. As soon as one form of threat is neutralized, innumerable others are developed. That’s why employers and employees are both increasingly turning to the more nimble world of professional certifications.

25 Professors of Software Engineering to Know

Traditional forms of education are still important, but they can’t keep up with the rapid pace of cybersecurity. As soon as one form of threat is neutralized, innumerable others are developed. That’s why employers and employees are both increasingly turning to the more nimble world of professional certifications.

Online Bachelor’s Degree Programs in Software Engineering

Traditional forms of education are still important, but they can’t keep up with the rapid pace of cybersecurity. As soon as one form of threat is neutralized, innumerable others are developed. That’s why employers and employees are both increasingly turning to the more nimble world of professional certifications.