Have you been thinking about getting a certification?  Whether you’re new to the cybersecurity field, a senior cybersecurity professional, or somewhere in between, there are many reasons to consider becoming certified or obtaining additional certifications.  The challenge, perhaps, is deciding which certification to get.  There are many certifications to consider, from several certifying agencies.  If you’re wondering what certification to get, here’s a short synopsis of some certifications you may want to consider, and the websites where you can get additional information.  This is just a partial list of certifications available from some of the more common certifying agencies, so be sure to look at the websites for additional information on these, or other certifications. 

CompTIA – info copied from:

A+ is the starting point for a career in IT. The performance-based exams certify foundational IT skills across a variety of devices and operating systems.

Network+ certifies the essential skills needed to confidently design, configure, manage and troubleshoot any wired and wireless devices.

Security+ provides a global benchmark for best practices in IT network and operational security, one of the fastest-growing fields in IT.

Cybersecurity Analyst (CSA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CSA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

CompTIA Advanced Security Practitioner (CASP) meets the growing demand for advanced IT security in the enterprise. Recommended for IT professionals with at least 5 years of experience, CASP certifies critical thinking and judgment across a broad spectrum of security disciplines and requires candidates to implement clear solutions in complex environments.

ISACA – info copied from:

The uniquely management-focused Certified Information Security Manager (CISM) certification promotes international security practices and recognizes the individual who manages, designs, and oversees and assesses an enterprise’s information security.

The Certified Information Security Auditor (CISA) designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to assess vulnerabilities, report on compliance and institute controls within the enterprise.

Certified in the Governance of Enterprise IT (CGEIT) recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices. As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization—that you grasp the complex subject holistically, and therefore, enhance value to the enterprise. 

Certified in Risk and Information Systems Control (CRISC) is the only certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.

(ISC)2 – info copied from:

The Systems Security Certified Practitioner (SSCP) certification is the ideal credential for those with proven technical skills and practical security knowledge in hands-on operational IT roles.  The SSCP indicates a practitioner’s technical ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more. 

The Certified Authorization Professional (CAP) certification is an objective measure of the knowledge, skills and abilities required for personnel involved in the process of authorizing and maintaining information systems. Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation.

The Certified Cyber Forensics Professional (CCFP) credential indicates expertise in forensics techniques and procedures, standards of practice, and legal and ethical principles to assure accurate, complete, and reliable digital evidence admissible in a court of law. It also indicates the ability to apply forensics to other information security disciplines, such as e-discovery, malware analysis, or incident response. In other words, the CCFP is an objective measure of excellence valued by courts and employers alike.

The Certified Cloud Security Professional (CCSP) credential denotes professionals with deep-seated knowledge and competency derived from hands-on experience with cyber, information, software and cloud computing infrastructure security. CCSPs help you achieve the highest standard for cloud security expertise and enable your organization to benefit from the power of cloud computing while keeping sensitive data secure. 

The vendor-neutral Certified Information Systems Security Professional (CISSP) certification is the ideal credential for those with proven deep technical and managerial competence, skills, experience, and credibility to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks. 

EC-Council – info copied from:

A Certified Ethical Hacker is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s).

EC-Council’s Computer Hacking Forensic Investigator (CHFI) certifies individuals in the specific security discipline of computer forensics from a vendor-neutral perspective. The CHFI certification will fortify the application knowledge of law enforcement personnel, system administrators, security officers, defense and military personnel, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure.

The Certified Chief Information Security Officer (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view.

Our Chapter offers Security+ and CISSP Exam Prep Review Seminars and we’ve formed study groups for other certifications.  If there’s interest, we may be able to form a new study group to help review certification material to ensure you’re prepared for the exam.  Training for certifications can also be obtained from commercial companies in the local area. 

Reach out to a Board member, our Training Committee, or our Mentoring Committee if you have any questions or would like to talk to someone about pursuing a certification. 

Colleen Murphy
President, Colorado Springs ISSA