There are a lot of choices to make when it come to certifications for cyber security. Use this Noodle guide to make sense of all your options, and to select the certificates that are most likely to help you advance your career in cyber security.

Note that the certification programs discussed here are not degrees or post-graduate certifications. Rather, these are professional development certification programs, which are suitable for professionals at all levels.

Do Cyber Security Certifications Even Matter?

Reputable certifications show hiring managers some key things about the people who hold them. Across every industry, certification holders are committed to self-improvement and career advancement; they are capable of focused work; they have the initiative and self-discipline necessary to pursue and reach their goals; and they are aware of the need to remain on the cutting edge of their fields. Nowhere is this last point more important than in cyber security. Hackers are finding more ways to breach systems and access data than ever before, and the professionals in charge of stopping them must stay on top of new developments.

Cyber security is a booming industry with a major talent gap, and employers are hungry for well-prepared candidates. A certification can be the deciding factor between two candidates; it can also be the credential you need to simply secure an interview.

A recent salary survey by the Global Information Assurance Certification (GIAC) showed that 81% of hiring managers considered certifications in hiring decisions, and 41% of respondents indicated that their organizations include certifications as a factor in determining promotions and salary increases.

Most of the programs below are provided by organizations who are members of the Cybersecurity Credentials Collaborative (C3); C3 has provided an analysis of the value of IT certification. "All established and reputable industries have common codes of ethics which are agreed upon by professional industry associations," they conclude. Cyber security should be no exception. With this in mind, the Cybersecurity Credentials Collaborative (C3) has established a Unified Framework of Professional Ethics for Security Professionals. All programs offered by C3 members adhere to these standards.

CompTIA Security+ Certification

CompTIA is one of the most widely recognized names in IT certification, and their security certificate is no exception. CompTIA claims their Security+ certificate is "the first security certification IT professionals should earn," and that it establishes foundational knowledge suitable for any entry-level cyber security role. If you’re relatively new to the cyber security field, it’s worth looking into this program.

Skills you will learn include threats, attacks, and vulnerabilities; technologies and tools; architecture; identity and access management; risk management; and cryptography and PKI. In order to obtain your CompTIA Security+ certificate, you will need to pass a 90-minute exam.

The cost of the exam alone is $330; you may also choose to purchase bundles that include practice tests, study guides, and the ability to retake the test once. These bundles range in price from $429 to $519. More comprehensive instructor-led training courses are also available for a fee.

Learn more about the CompTIA Security+ Certification.

Global Information Assurance Certification (GIAC)

GIAC offers more than 30 specialized cyber security certifications that correspond to specific job duties. According to their website, "The family of GIAC certifications target job-based skill sets rather than taking a one-size-fits-all approach." This approach may be attractive to those who are already in the cyber security field and want to improve specific skills to advance their careers.

Categories offered include Cyber Defense, Penetration Testing, Incident Response, Forensics, Management, and Developer (for individuals responsible for coding secure software). Each of the 30+ cyber security certifications is associated with its own test. Typically, candidates study for 55 hours prior to taking a given exam; they may also pursue formal training, though no particular training is required.

All candidates are given two practice exams to aid in their preparation, and GIAC provides a list of relevant optional courses through their partnership with the SANS Institute. These courses vary in price (averaging $5,000-$6,000), and can be taken in classroom settings or online. Again, no particular courses are required in order to sit for the GIAC certification exams, but courses are available for those who need them.

Don’t let the high price of SANS courses scare you away from GIAC certifications. You can take any of the exams for $1,899, which includes the two practice tests. From the time you sign up, you will be given four months to prepare — in whatever manner you choose. If you do decide to take advantage of GIAC’s partnership with the SANS Institute, you can receive $800 off of the price of the test. Enroll in a course, and take your exam for just $1,099 with the SANS alumni discount.

Learn more about GIAC certifications here.

International Association of Privacy Professionals (IAPP) Certification

IAPP, the self-proclaimed "world’s largest and most comprehensive global information privacy community", offers three certification programs in cyber security: the CIPP (focused on privacy laws and regulations); the CIPM (focused on day-to-day security operations); and the CIPT (focused on cyber security technology).

IAPP recommends candidates study for a minimum of 30 hours prior to taking any of these tests. Each exam registration includes two tools to self-assess for readiness: an outline of information covered in the exam (to identify topics you are and are not proficient with), and an exam blueprint that tells you how many questions to expect on each of those topics (so you can map out your study strategy accordingly). IAPP also offers a number of other resources, including study guides, newsletters, and conferences dedicated to exam preparation.

Should you choose to take advantage of IAPP’s paid training courses, you have a number of options. Self-led online trainings are listed at $1,195, and include unlimited access to online course material, interactive quizzes, a digital textbook, and exam sample questions. Live online courses, led by an instructor and accessible from anywhere with an internet connection, range from $2,495 to $3,995, and typically include two full days of instructor-led training. In-person trainings are also organized as two-day events, with a number of options ranging from "full conference" passes for $1,595 to individual workshops for $545. All courses offer a small discount for paid IAPP members.

When you’re satisfied with your training and ready to take the test, certification exams are priced at $550 and consist of 90 multiple choice questions. They’re administered at various proctored locations throughout the world. Like the training courses, exams fees are discounted for paid IAPP members.

Learn more about IAPP certification programs here.

ISACA Certification

ISACA offers five distinct cyber security certificates:

  • CISA: Certified Information Systems Auditor

  • CISM: Certified Information Security Manager

  • CGEIT: Certified in the Governance of Enterprise IT

  • CRISC: Certified in Risk and Information Systems Control

  • CSXP: Cyber Security Nexus Practitioner

According to their website, "ISACA certifications are globally accepted and recognized...In fact, many organizations and governmental agencies around the world require or recognize ISACA’s certifications."

Exam fees for 2018 are $760 for non-members and $575 for paid ISACA members. This registration fee includes the exam itself, and enables you to purchase study guides for an additional fee. ISACA also offers a suite of test-prep materials, including online self-led courses ($895 for 28 hours of on-demand video, downloadable materials, and a practice exam), and online instructor-led courses ($1,195 for 12 hours of instruction divided over 4 days; described as "an intensive, cram-style course"). Discounts are available for paid ISACA members.

Learn more about ISACA certifications.

Certified Secure Software Lifecycle Professional

ISC2’s CSSLP program is geared specifically towards developers: "As a CSSLP, you have an internationally-recognized ability to incorporate security practices — authentication, authorization, and auditing — into each phase of the software development lifecycle."

To quality for the CSSLP, you must have at least four years of paid professional experience in Software Development Lifecycle (SDLC).

ISC2 offers a number of training programs to prepare for the CISSP exam. Live, instructor-led online CISSP training runs $4,694, and consists of a comprehensive 12-week program designed to fit into a working professional’s busy lifestyle. The course fee also includes an "all-inclusive study pack" of study guides, flashcards, and over 2,000 practice questions.

If you prefer to study on your own, ISC2 also sells test prep books and flash cards. And for those who prefer traditional, in-person instruction, classroom-based seminars are available at locations throughout the world.

The fee for the CSSLP exam is $599 in the U.S.

Learn more about the CSSLP certification.

Logical Operations Certification

Logical Operations offers a number of cyber security courses and certifications:

Learn more about Logical Operations and their cyber security certifications.

Certified Ethical Hacker Certification

Certified Ethical Hackers are professionals with a strong understanding of cyber security who looks for weaknesses in a system. They help determine and fix vulnerabilities by operating like malicious hackers — but with good intentions and in a lawful manner. "To beat a hacker, you need to think like a hacker."

The Certified Ethical Hacker training program teaches the five phases of ethical hacking: Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks. Course fees start at $1,899 and include an exam voucher.

If you choose to pursue self-study rather than attending the formal training, you must show two years of related work experience and obtain authorization from EC-Council in order to attempt the exam.

The CEH credential exam consists of 125 questions taken over 4 hours, and the exam fee is $950.

After passing the core CEH credential, you may also pursue advanced certifications including the ECSA (EC-Council Certified Security Analyst) and the LPT (Licensed Penetration Tester).

Learn more about EC-Council’s Certified Ethical Hacker Certification.

Conclusion

Security is one thing nearly every organization needs, and the challenges associated with maintaining it are becoming ever more specialized. Companies are realizing the need for highly trained cyber security experts. One of the best ways to showcase your expertise in this field is to earn cyber security certifications.

Noodle
Noodle Editorial Staff

Noodle Education is an online resource for anyone seeking accurate information on the subject of teaching or becoming a teacher. From tests, applications, and licensing to financing your journey, Noodle has you covered. With a special focus on the Washington D.C. area, we will help aspiring teachers of all ages and experience levels find the information they need during every step of the process. Noodle was founded in 2010 by John Katzman, the former CEO and founder of the esteemed Princeton Review. With Noodle, he set out on a mission to solve the information retrieval and distribution problem that is prevalent in the multiple on line and In Real Life systems that aspiring teachers must navigate. Our first stop: graduate schools of teaching. The information reported here is not just collected from Google hits. Our team is comprised of topic experts. We employ veteran authors and reporters on education, former teachers, professional researchers, and people who have spent their careers mastering college and graduate admissions. Our content is the product of countless hours of deep dives by specialists who spend their days on research projects, calling and verification, and untangling red tape so that our customers don’t have to. We can ensure that when you come to us the information you leave with will be solid. We find the holes in the data and fill it by manually going to the sources such teachers, administrators and beaurou employees and retrieve it ourselves. Noodle prides itself on following the most rigorous and ethical standards for our consumers because we believe that finding the right education starts with having the right information.