CYBER SECURITY CERTIFICATIONS: A SIMPLE GUIDE
"How do I get started in cybersecurity?"
"What skills do I need?"
"Must I get certifications to break into cybersecurity? Which certifications?"
These are a sample of regular questions asked by newbies seeking guidance into the cybersecurity field. We all asked these questions, and most people coming after us will. So this is a small piece to answer one of those questions (Others are answered on this website too!).
So you want to know the certifications relevant in cybersecurity? There are tonnes of information on this topic laying around the internet. Just searching "Top Ten Cyber certifications" will return several articles which list different (cybersecurity) certifications and drop nuggets about each of them. Since that's sorted, this website will take another route: guide the cyber newbie through a certification path that would span from their Beginner days to when (s)he attains Legendary status (hopefully). This article will, therefore, group the certifications into three categories: Novice, Grounded and Legend.
Please note that this article may not cover all cybersecurity certifications (pretty impossible) and that the path chosen by a cyber professional would determine which certifications (s)he considers.
Let's Login!
NOVICE
Entry into cybersecurity is sometimes made out as a herculean task. Little secret: It isn't. Take the right steps, stay consistent over a few months and you're good to go. A newbie (say a recent college graduate) should consider (some of) the following certifications to fast track his/her entrance into the cyber industry.
CompTIA Network+: The most basic of networking certifications, CompTIA Network+ will provide foundation information. If you can, get the certification.
CompTIA Security+: Another one of the basics. CompTIA Security+ provides foundation information for cybersecurity. Individuals seeking to break into the cyber profession are advised to take this course.
CCNA: A must-have, I'd say. The Cisco Certified Network Associate Routing & Switching (CCNA R&S) certification is one of the most common in the cyber and networking profession. CCNA introduces the professional to the basics of computer networking, network devices configuration and management, and does well to prepare him/her for the career journey. Your call.
CCNA Security: Just like most other Cisco certifications, CCNA has a "Security" certification. According to Cisco,"The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure."
eJPT: Short for "eLearningSecurity Junior Penetration Tester", the eJPT is an entry-level hands-on penetration testing certification that allows professionals to demonstrate actual knowledge of hacking skills.
GROUNDED
You've completed your first 2 years in cybersecurity and are facing middle management. What certifications would be particularly helpful to you?
CompTIA Linux+: Studying for and taking the CompTIA Linux+ certification would see an individual understand and appreciate Linux systems better. And considering that in-depth Linux knowledge is one of the bedrocks of advanced penetration testing, this certification is one to be considered.
CCNP Security: The step-up for security engineers in the cisco track. According to Cisco, the CCNP Security certification program is "aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNs, and IDS/IPS solutions for their networking environments".
CISA: The Certified Information Systems Auditor (CISA) certification is rather popular in the industry. Offered by ISACA, the CISA exam is a gruelling 4 hours of multichoice questions which all look alike. You must prepare well to pass this exam.
CEH: The Certified Ethical Hacker (CEH) certification is another pretty popular cyber exam. A possessor of this certification would be considered able to assess organisations' security posture by identifying vulnerabilities in the network and system infrastructure and determining if unauthorised access is possible.
LPT: The Licensed Penetration Tester is offered by EC-Council (just like the CEH). Considered to be on a higher level to CEH by the EC-Council themselves, this is what they have to say about the LPT: "Unless you are bent on being nothing other than the best in penetration testing, don’t bother registering for this program, as you are probably not cut out for it."
LEGEND
CCIE Security: This certification is for legends, literally. One level short of the highest level Cisco certification (CCAr), the Cisco Certified Internetwork Expert (Security) program recognizes security experts who have the knowledge and skills to architect, engineer, implement, troubleshoot, and support the full suite of Cisco security technologies and solutions using the latest industry best practices to secure systems and environments against modern security risks, threats, vulnerabilities, and requirements. A security engineer with this certification is literally a hot cake.
CHFI: Short for "Computer Hacking Forensic Investigator". According to EC-Council (testing body), the CHFI "validates the candidate’s skills to identify an intruder’s footprints and to properly gather the necessary evidence to prosecute in the court of law".
OSCP: A real premium penetration testing certification. The Offensive Security Certified Professional (OSCP) exam lasts a whopping 24 hours! Offered by Offensive Security themselves, holders of this certification are considered gurus as they must demonstrate a high level of technical competence to pass the exam.
CISM: This certification is also offered by ISACA. The Certified Information Security Manager indicates expertise in information security governance, program development and management, incident management and risk management.
CISSP: Some internet rankings have the CISSP certification as the highest paying cybersecurity certification. Differences may exist, but one thing is certain, the CISSP is one of the most sought after certification for security managers. The Certified Information Systems Security Professional is an independent information security certification granted by the International Information System Security Certification Consortium, also known as (ISC)². I would totally go for this certification.
In conclusion, it's worthy of note that an individual's certification path would largely depend on their area of focus in cybersecurity. For example, the diagram below shows possible certification paths for a security engineer, penetration tester and cyber strategy analyst:
Hopefully, as you progress in the cybersecurity industry, you choose the path that's best for you. Goodluck!