Cyber Security Certifications
Certification Paths
Certification Organizations
General Skills Certifications
Basics and New to Security
CompTIA IT Fundamentals - Great intro certification that "helps students or career changers determine if they have a competency for information technology and if it is the right career path for them."
CompTIA A+ - A core cert that covers practical knowledge and theory of IT, perfect for the generalist wanting to start a career in IT.
CompTIA Cloud Essentials - Introductory certification for technical and non-technical staff to gain knowledge and understanding of the foundational business and technical components included in a cloud assessment
Networking
CompTIA Network + - Solid certification to understand troubleshooting, configuring, and managing networks. Covers all the base networking knowledge you need to go in any direction in IT.
Cisco CCNA - An incredibly popular exam that covers networking fundamentals, IP services, security fundamentals, automation and programmability. While the newer version has expanded to include more topics, it still is the golden standard for understanding basic networking.
Infrastructure and System Administration
Windows
GIAC Certified Windows Security Administrator (GCWN) - The GIAC Certified Windows System Administrator (GCWN) certification validates a practitioner's ability to secure Microsoft Windows clients and servers. GCWN certification holders have the knowledge and skills needed to configure and manage the security of Microsoft operating systems and applications, including: PKI, IPSec, Group Policy, AppLocker, DNSSEC, PowerShell, and hardening Windows against malware and persistent adversaries.
Specialized/Soft Skills
IT Service Management - ITIL V4
Project Management
Level 1 - Comptia Project +
Level 2 - PMI PMP
Risk Management - ISC2 CISSP
GIAC Information Security Professional (GISP) - The GIAC Information Security Professional (GISP) certification validates a practitioner's knowledge of the 8 domains of cybersecurity knowledge as determined by (ISC)2 that form a critical part of CISSP® exam.
Security Auditing - ISACA CISA
Security Management - ISACA CISM
Cloud
CompTIA Cloud + - Learn the basics skils to deploy, optimize, and protect mission critical applications and data storage. The next step beyond this should be to focus on certs for the cloud platform of your choice.
ISC2 CCSP - Advanced Cloud Security certification focusing on technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures.
GIAC Cloud Security Essentials (GCLD) - The GCLD certification validates a practitioner's ability to implement preventive, detective, and reactionary techniques to defend valuable cloud-based workloads.
GIAC Cloud Security Automation (GCSA) - The GCSA certification covers cloud services and modern DevSecOps practices that are used to build and deploy systems and applications more securely.
GIAC Certified Web Application Defender (GWEB) - The GIAC Web Application Defender certification allows candidates to demonstrate mastery of the security knowledge and skills needed to deal with common web application errors that lead to most security problems. The successful candidate will have hands-on experience using current tools to detect and prevent input validation flaws, cross-site scripting (XSS), and SQL injection as well as an in-depth understanding of authentication, access control, and session management, their weaknesses, and how they are best defended.
GIAC Public Cloud Security (GPCS) - The GPCS certification validates a practitioner's ability to secure the cloud in both public cloud and multi cloud environments. GPCS-certified professionals are familiar with the nuances of AWS, Azure, and GCP and have the skills needed to defend each of these platforms.
Blue Team Certifications
Defensive Operations
CompTIA Security + - Security+ is the first security certification a candidate should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs.
Professor Messer Videos: Security + - Absolute gold for free videos for this certification. All you need is this and the syllabus.
CompTIA CYSA+ - Learn how to proactively capture, monitor, and respond to network traffic findings, as well as better understand software and application security, automation, threat hunting, and IT regulatory compliance, which affects the daily work of security analysts.
CompTIA CASP - An advanced-level cybersecurity certification for security architects and senior security engineers charged with leading and improving an enterprise’s cybersecurity readiness.
Cisco CyberOps Associate - The Cisco Certified CyberOps Associate certification validates your skills and knowledge in security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures.
Cisco CyberOps Professional - The next level past the associate exam, expanding to include greater detail of the above topics, as well as Incident Response and Digital Forensics.
EC Council Certified Network Defender (CND) - Certified Network Defender v2 has been designed by industry experts to help IT Professionals play an active role in the Protection of digital business assets and Detection and Response to Cyber Threats, while leveraging Threat Intelligence to Predict them before they happen. CND is a network security course designed to help organizations create and deploy the most comprehensive network defense system.
EC Council Certified SOC Analyst - The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.
GIAC Information Security Fundamentals (GISF) -The GIAC Information Security Fundamentals (GISF) certification validates a practitioner's knowledge of security's foundation, computer functions and networking, introductory cryptography, and cybersecurity technologies.
GIAC Certified Enterprise Defender (GCED) - The GIAC Certified Enterprise Defender (GCED) certification builds on the security skills measured by the GIAC Security Essentials certification. It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. GCED certification holders have validated knowledge and abilities in the areas of defensive network infrastructure, packet analysis, penetration testing, incident handling and malware removal.
GIAC Security Essentials (GSEC) - The GIAC Security Essentials (GSEC) certification validates a practitioner's knowledge of information security beyond simple terminology and concepts. GSEC certification holders are demonstrating that they are qualified for hands-on IT systems roles with respect to security tasks.
GIAC Security Operations Certified (GSOC) - The GSOC certification validates a practitioner’s ability to defend an enterprise using essential blue team incident response tools and techniques.
GIAC Continuous Monitoring Certification (GMON) - The GIAC Continuous Monitoring (GMON) certification validates a practitioner's ability to deter intrusions and quickly detect anomalous activity. GMON certification holders have demonstrated knowledge of defensible security architecture, network security monitoring, continuous diagnostics and mitigation, and continuous security monitoring.
Blue Team Level 1 - New to the certification scene, Security Blue Team has created a certification aimed at new or aspiring infosec professionals. This certification course will teach: Analysing and responding to phishing attacks, Performing forensics investigations to collect and analyse digital evidence, Using a SIEM platform to investigate malicious activity, Log and network traffic analysis including malware infections, Conducting threat actor research, and much more!
Blue Team Level 2 - BLT2 is the next step for security training from the Security Blue Team. This certification course will teach how to: Identify, analyze, prioritize, and remediate vulnerabilities to effectively reduce risk, Conduct static and dynamic malware analysis to gather indicators of compromise and document details of the malware’s purpose and utilized techniques, Writing SIEM detection rules and tuning them to ensure they’re as efficient as possible by conducting adversary emulation activities, and Perform threat hunts to detect adversaries that have already breached the perimeter.
Offensive Security Defense Analyst: OSDA - Learn the foundations of cybersecurity defense with Offensive Security’s new Security Operations and Defensive Analysis (SOC-200) course designed for job roles such as Security Operations Center (SOC) Junior Analysts and Threat Hunters.
eLearn Security Web Defense Professional (eWDP) - The eLearnSecurity Web Defense Professional (eWDP) is a senior-level, practical web defense certification that proves a cyber security professional’s defense domain capabilities.
Security Architecture/Engineering
Cisco CCNP: Security - Focusing more on the security engineering side, this certification focuses on the management of cisco security products such as thier Next-Gen Firewall and IDS.
GIAC Defensible Security Architecture (GDSA) - The GDSA certification proves that practitioners can design and implement an effective combination of network-centric and data-centric controls to balance prevention, detection, and response.
GIAC Certified Intrusion Analyst (GCIA) - The GIAC Intrusion Analyst certification validates a practitioner's knowledge of network and host monitoring, traffic analysis, and intrusion detection. GCIA certification holders have the skills needed to configure and monitor intrusion detection systems, and to read, interpret, and analyze network traffic and related log files.
GIAC Certified Detection Analyst (GCDA) - The GCDA certification proves an individual knows how to collect, analyze, and tactically use modern network and endpoint data sources to detect malicious or unauthorized activity.
eLearn Security Network Defense Professional (eNDP) - The eLearn Security Network Defense Professional (eNDP) certification is issued to security engineers that provide proof of their hands-on skills through a comprehensive practical exam.
DFIR: Digital Forensics and Incident Response
EC Council Certified Hacking Forensics Investigator (CHFI) - CHFI provides its attendees with a firm grasp of digital forensics, presenting a detailed and methodological approach to digital forensics and evidence analysis that also pivots around Dark Web, IoT, and Cloud Forensics. The tools and techniques covered in this program will prepare the learner for conducting digital investigations using ground-breaking digital forensics technologies.
EC Council Certifid Incident Handler (CIH) - A comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.
GIAC Certified Incident Handler (GCIH) - The GIAC Incident Handler certification validates a practitioner's ability to detect, respond, and resolve computer security incidents using a wide range of essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.
GIAC Certified Forensic Examiner (GCFE) - The GIAC Certified Forensic Examiner (GCFE) certification validates a practitioner’s knowledge of computer forensic analysis, with an emphasis on core skills required to collect and analyze data from Windows computer systems. GCFE certification holders have the knowledge, skills, and ability to conduct typical incident investigations including e-Discovery, forensic analysis and reporting, evidence acquisition, browser forensics and tracing user and application activities on Windows systems.
GIAC Battlefield Forensics and Acquisition (GBFA) - The GBFA certification demonstrates that an individual is trained and qualified in the proper collection, acquisition, and rapid triage analysis of many forms of data storage.
eLearn Security Certified Incident Responder - The eLearnSecurity Certified Incident Responder (eCIR) exam challenges cyber security professionals to solve complex Incident Handling & Response scenarios in order to become certified.
eLearn Security Certified Digital Forensics Professional (eCDFP) - The eLearnSecurity Certified Digital Forensics Professional (eCDFP) is an advanced digital forensics exam meant for senior-level cyber security professionals. A successful certification allows digital forensics investigators to prove their technical digital forensics expertise.
Reverse Engineering/Malware Analysis
eLearn Security Certified Reverse Engineer (eCRE) - A defensive certification focused on understanding CPU architecture, stack basics, window's APIs, and application disassembly.
eLearn Security Certified Malware Analysis Professional (eCMAP) - This certification is the most practical and professionally-oriented certification you can obtain in malware analysis. Instead of putting you through a series of multiple-choice questions, you are expected to perform a full analysis on a given malware sample, show proof of what the malware does, and finally write a signature that could be used to detect the malware sample on other systems or networks.
GIAC Reverse Engineering Malware (GREM) - The GIAC Reverse Engineering Malware (GREM) certification is designed for technologists who protect the organization from malicious code. GREM-certified technologists possess the knowledge and skills to reverse-engineer malicious software (malware) that targets common platforms, such as Microsoft Windows and web browsers.
Cyber Threat Intelligence
EC Council Certified Threat Intelligence Analyst (CTIA) - CTIA is a method-driven threat intelligence program that uses a 360-degree approach, covering concepts from planning to building a threat intelligence report for pre-emptive threat detection and preventive measures.
GIAC Open Source Intelligence (GOSI) - The GOSI certification confirms that practitioners have a strong foundation in OSINT methodologies and frameworks and are well-versed in data collection, reporting, and analyzing targets.
GIAC Cyber Threat Intelligence (GCTI) - The GCTI certification proves practitioners have mastered strategic, operational, and tactical cyber threat intelligence fundamentals and application.
Threat Hunting
eLearn Security Certified Threat Hunting Professional (eCTHP) - eLearnSecurity’s Certified Threat Hunting Professional is an expert-level certification that proves your threat hunting and threat identification capabilities. Students are tested through real-world scenarios modeled after cutting-edge malware that simulates corporate network vulnerabilities.
GIAC Certified Forensic Analyst (GCFA) - The GCFA certifies that candidates have the knowledge, skills, and ability to conduct formal incident investigations and handle advanced incident handling scenarios, including internal and external data breach intrusions, advanced persistent threats, anti-forensic techniques used by attackers, and complex digital forensic cases.
GIAC Network Forensic Analyst (GNFA) - The GIAC Network Forensic Analyst (GNFA) certification validates a practitioner's ability to perform examinations employing network forensic artifact analysis. GNFA certification holders have demonstrated an understanding of the fundamentals of network forensics, normal and abnormal conditions for common network protocols, processes and tools used to examine device and system logs, and wireless communication and encrypted protocols.
Red Team Certifications
CompTIA Pentest + - A comprehensive certification that covers hands-on vulnerability assessment, scanning, and analysis, as well as the planning, scoping, and managing asset weaknesses, not just exploiting them.
EC Council Certified Ethical Hacker (CEH) - Certified Ethical Hacker CEH v11 will teach you the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals to lawfully hack an organization.
EC Council Certified Penetration Testing Professional (CPENT) - This program teaches you how to perform an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. The heart of the CPENT program is all about helping you master your pen testing skills by putting them to use on our live cyber ranges.
EC Council Licensed Penetration Tester (LPT) - The course is designed to show advanced concepts like advanced windows attacks, attacking IoT systems, and writing exploits with advanced binary exploitation to go beyond flat networks. You will learn to bypass a filtered network, pentest OT systems, access hidden networks with pivoting, double pivot, escalate privilege, and evade defense mechanisms.
GIAC Penetration Tester (GPEN) - The GIAC Penetration Tester certification validates a practitioner's ability to properly conduct a penetration test, using best practice techniques and methodologies. GPEN certification holders have the knowledge and skills to conduct exploits and engage in detailed reconnaissance, as well as utilize a process-oriented approach to penetration testing projects.
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) - The GIAC Exploit Researcher and Advanced Penetration Tester certification validates a practitioner's ability to find and mitigate significant security flaws in systems and networks. GXPN certification holders have the skills to conduct advanced penetration tests and model the behavior of attackers to improve system security, and the knowledge to demonstrate the business risk associated with these behaviors.
Offensive Security Experienced Penetration Tester (OSEP) - Evasion Techniques and Breaching Defenses (PEN-300) is an advanced penetration testing course. It builds on the knowledge and techniques taught in Penetration Testing with Kali Linux, teaching students to perform advanced penetration tests against mature organizations with an established security function.
eLearn Security Junior Pentester (eJPT) - A practical certification on penetration testing and information security essentials. Perfect for those looking to get into offensive security.
eLearn Security Certified Professional Penetration Tester (eCPPT) - A practical certification on penetration testing that takes offensive training to the next level and includes added topics like vulnerability management and exploit development.
eLearn Security Certified Penetration tester Xtreme (eCPTX) - An advanced offensive certification that gives practical experience with Active Directory exploitation and advanced exploit development.
TCM's Practical Network Penetration Testing (PNPT) - The PNPT certification exam is a one-of-a-kind ethical hacking certification exam that assesses a student’s ability to perform an external and internal network penetration test at a professional level. The supporting course takes a no frills approach to penetration testing focusing on practical, hands-on training as well as an in-depth practical exam.
Wireless Security Testing
Offensive Security Wireless Professional: (OSWP) - In PEN-210, students will learn to identify vulnerabilities in 802.11 networks and execute organized attacks. Each student will set up a home lab to practice the techniques learned in this online, self-paced course.
GIAC Assessing and Auditing Wireless Networks (GAWN) - The GAWN certification is designed for technologists who need to assess the security of wireless networks. The certification focuses on the different security mechanisms for wireless networks, the tools and techniques used to evaluate and exploit weaknesses, and techniques used to analyze wireless networks. Students will not only gain experience using tools to assess wireless networks, they will understand how the tools operate and the weaknesses in protocols that they evaluate.
Exploit Development
Offensive Security Exploit Developer: (OSED) - Windows User Mode Exploit Development (EXP-301) is an intermediate-level course which teaches students the fundamentals of modern exploit development. It starts with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises.
Offensive Security macOS Researcher: (OSMR) - EXP-312 is an advanced course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems.
Offensive Security Exploitation Expert: (OSEE) - Modern exploits for Windows-based platforms require modern bypass methods to circumvent Microsoft’s defenses. In Advanced Windows Exploitation (EXP-401), OffSec challenges students to develop creative solutions that work in today’s increasingly difficult exploitation environment.
eLearn Security Certified eXploit Developer (eCXD) - The eLearnSecurity Certified eXploit Developer (eCXD) tests a student’s capabilities on Windows and Linux exploit development and software vulnerability identification in general. Exploit developers can prove their advanced skills through a challenging, scenario-based exam that requires both knowledge and critical thinking.
Web App Testing
Offensive Security Web Assessor: OSWA - WEB-200 teaches students how to discover and exploit common web vulnerabilities, and how to exfiltrate sensitive data from target web applications. Students will obtain a wide variety of skill sets and competencies for web app assessments.
Offensive Security Web Expert: OSWE - Advanced Web Attacks and Exploitation (WEB-300) is an advanced web application security review course. We teach the skills needed to conduct white box web app penetration tests.
GIAC Web Application Penetration Tester (GWAPT) - The GIAC Web Application Penetration Tester (GWAPT) certification validates a practitioner's ability to better secure organizations through penetration testing and a thorough understanding of web application security issues. GWAPT certification holders have demonstrated knowledge of web application exploits and penetration testing methodology.
eLearn Security Web application Penetration Tester (eWPT) - The eLearnSecurity Web Application Penetration Tester certification assesses a cyber security professional’s web application penetration testing skills. The exam is a skills-based test that requires candidates to perform a real-world web app pentesting simulation.
eLearn Security Web application Penetration Tester Xtreme (eWPTX) - The eLearnSecurity Web Application Penetration Tester eXtreme (eWAPTX) is our most advanced web application pentesting certification. The eWPTX exam requires students to perform an expert-level penetration test that is then assessed by INE’s cyber security instructors. Students are expected to provide a complete report of their findings as they would in the corporate sector in order to pass.
Cloud Pen Testing
GIAC Cloud Penetration Tester (GCPN) - The GCPN certification validates a practitioner's ability to conduct cloud-focused penetration testing and assess the security of systems, networks, architecture, and cloud technologies.
Tool Specific Certifications and Training
Last updated