The Best Certifications for Breaking Into Information Security
Beyond university qualifications, certifications are a great addition or even alternative for Information Security professionals at every level. Some of the certifications, which are available by the hundreds, hold as much value as a degree or professional experience in the eyes of employers.
Whether advancing your career is the intention or simply getting your foot in the door sans degree, below outlines the best choice of globally recognised certifications for Information Security professionals.
Certified Information Systems Security Professional (CISSP)
Run by the International Information System Security Certification Consortium (ISC)2, the CISSP certification is highly sought after by both employers and IT professionals, and is an unsurprising requirement for many senior roles in the IT realm. The CISSP certification is considered a senior, wide-scoping certification in comparison with CEH or OSCP, which are discussed further down.
Costing $699, to be eligible for this certification five years of cumulative, paid work experience is required. The certification builds on a strong foundation of knowledge with the curriculum spanning Information Security topics. As an advanced certification, CISSP is best fitted for pros serious about advancing their career into senior management.
The certification's exam is both multiple choice and advanced questioning and takes a total of six hours. Once certified, recertification and a $255 maintenance fee is required every three years.
Certified Ethical Hacker (CEH)
Aimed at those in the penetration testing and ethical hacking arena, the CEH certification is one of the broadest certifications available. Run by the International Council of E-Commerce Consultants (EC-Council), the CEH is suggested for Ethical Hackers and many roles requiring vulnerability assessment and penetration testing.
As an entry to intermediate-level certification, the CEH requires two years of cyber security experience. To complete this certification training is required, which can be done either virtually or in a classroom setting and is then followed by an exam. This exam looks to test baseline knowledge of “security threats, risks, and counter measures”.
Offensive Security Certified Professional (OSCP)
Similar to CEH, this certification is also aimed at the penetration testing field however is considered niche in comparison. This certification is run by Offensive Security and has an intensive and somewhat infamous examination process which lasts twenty-four hours.
Unlike CEH, the OSCP certification solely focusses on penetration testing and hacking, whereas the CEH certification covers a wider range of topics. In this sense, OSCP is far more in-depth. This certification, however, is not as widely acknowledged as CEH.
Once a professional has successfully completed the qualification no recertification is required, whereas recertification is necessary every three years for those with an CEH certification. This difference could be argued either way – whilst recertifying is inconvenient, a major benefit of CEH is this requirement to remain active in the industry. One final comparison, the CEH certification is more affordable than OSCP.
Certified Information Systems Auditor (CISA)
This globally recognised qualification is run by ISACA and is aimed at Information Systems Audit Control, Assurance and Security professionals and is often a prerequisite for management positions in both IT Audit and Information Security Management. Those holding this certification benefit from increased credibility and employability.
The CISA certification requires a minimum of five years professional experience in either Information Systems Auditing, Controls or Security. There are however some exceptions to this five year requirement.
Certificate in Information Security Management Principles (CISMIP)
Aimed at those stepping into managerial positions, CISMIP is a widely recognised certification which boasts UK Government approval. As with many careers, managerial duties are a by-product of career progression and higher salary roles, and many use this certification to confidently progress into such senior positions.
This certification is particularly beneficial for those with a strong business knowledge but are looking to bolster their Information Security knowledge. To gain this certification one must complete a five-day course and pass a multiple choice, two-hour exam which in total costs £2,195. A strong, basic knowledge of Information Security Management fundamentals is required for this certification. An alternative of this certification is the Certified Information Security Manager (CISM) certification.
This vendor-neutral certification is highly respected in the industry. Those holding the certification are seen as more technically skilled and knowledgeable across security-related disciplines when compared with their uncertified colleagues. System, Security and Network Administrators along with Security Engineers and Security Consultants are all roles that best benefit from this certification.
The certification is gained through a single, multiple choice exam which costs $399 and goes for ninety minutes. Prior to the exam, training is available but not required. This certification is a great starting point for IT professionals as it equips professionals to “address security incidents – not just identify them”.
These above certifications are by no means exhaustive or mutually exclusive. In reality, many Information Security professionals will combine these certifications (and beyond) throughout their career. Through this coupling, Information Security professionals add value to their CV and are able to keep their head above water in the everchanging industry.