Employers often look at certification as an important commitment to quality and a measure of excellence when evaluating prospective Information Security candidates. In this article, we’ll look at five cybersecurity certifications widely considered to be the best available:
1. Certified Information Security Manager (CISM)
This is a top credential for IT professionals who have to manage, develop, and oversee information security systems in applications for enterprises or have to develop best security practices for their organization. The Information Systems Audit and Control Association (ISACA) introduced this certification in 2013.
ISACA’s organizational goals are aimed at IT professionals that need the highest quality standards with respect to security, control, and audit of information systems. The CISM certificate targets IT security professionals responsible for enterprise-level security management. Certified individuals have a proven set of advanced skills in incident management and response, governance, program development and management, and security risk management.
They must also agree to ISACA’s Code of Professional Ethics, possess at least five years of security experience, pass a comprehensive examination, submit a written application, and comply with the organization’s continuing education policy.
2. Certified Ethical Hacker (CEH)
Hackers are innovative and thrive on finding new ways to exploit system vulnerabilities and attack information systems. Many businesses protect their information systems proactively by using IT professionals who are able to beat hackers at their own game. These professionals use the same techniques and skills that hackers do to identify access points for penetration and system vulnerabilities to prevent hackers from gaining unwanted access to information systems and networks.
The CEH is an intermediate-level credential offered by the EC-Council (International Council of E-Commerce Consultants). Holders of this credential have knowledge and skills on hacking practices in areas such as reconnaissance and footprinting, enumeration, scanning networks, Trojans, system hacking, sniffers, worms and viruses, social engineering, denial-of-service attacks, hacking web servers, session hijacking, web applications, wireless networks, cryptography, SQL injection, evading IDS, penetration testing, honeypots, and firewalls.
Candidates must pass an exam to obtain the certification. It is recommended that a comprehensive five-day training course be attended before the exam. Candidates may, however, self-study but must submit documentation with employer verification showing at least two years of work experience in information security.
As hacking technology changes almost daily, holders of this credential must obtain 120 continuing education credits for each three-year cycle.
3. Certified Information Systems Security Professional (CISSP)
This is an advanced-level certification offered by the International Information Systems Security Certification Consortium (ISC)2. This credential is vendor-neutral and is recognized globally for its standards of excellence.
Holders of the CISSP credential are decision-makers possessing technical skills and expert knowledge required to guide, develop, and manage security procedures, policies, and standards within an organization. The CISSP is well recognized by IT organizations and highly sought after by IT professionals.
4. CompTIA Security+
This is a vendor-neutral, well-respected security certification. Holders of this credential are recognized as having broad knowledge, superior technical skills, and expertise in numerous security-related disciplines.
Although Security+ is an entry-level certification, candidates must have at least two years of experience working in network security. IT professionals holding this certification have expertise in cryptography, threat management, security systems, identity management, network access control, security risk identification and mitigation, and security infrastructure. This credential is approved by the U.S. Department of Defense to meet Directive 8140/8570.01-M requirements.
5. SANS GIAC Security Essentials (GSEC)
This entry-level credential was designed for professionals wanting to show that they understand information security concepts and terminology, while also possessing technical expertise and skills required to fill “hands-on” security roles.
Holders of this certification have technical skills and knowledge in various areas, including access controls, identifying and preventing common and wireless attacks, password management, authentication, cryptography fundamentals, DNS, IPv6, ICMP, Linux, public key infrastructure, network protocols, and network mapping.In addition to these cybersecurity credentials, there are numerous others available to meet the requirements of any IT professional wanting to specialize in information security.