Cyber Security Certifications

Certification Paths

Certification Organizations

General Skills Certifications

Basics and New to Security

  • โ€‹CompTIA IT Fundamentals - Great intro certification that "helps students or career changers determine if they have a competency for information technology and if it is the right career path for them."
  • โ€‹CompTIA A+ - A core cert that covers practical knowledge and theory of IT, perfect for the generalist wanting to start a career in IT.
    • Exam Objectives: Part 1 and Part 2โ€‹
    • Professor Messer Videos: Part 1 and Part 2 - Absolute gold for free videos for this certification. All you need is this and the syllabus.
  • โ€‹CompTIA Cloud Essentials - Introductory certification for technical and non-technical staff to gain knowledge and understanding of the foundational business and technical components included in a cloud assessment

Networking

  • โ€‹CompTIA Network + - Solid certification to understand troubleshooting, configuring, and managing networks. Covers all the base networking knowledge you need to go in any direction in IT.
    • โ€‹Exam Objectivesโ€‹
    • Professor Messer Videos: Part 1 and Part 2 - Absolute gold for free videos for this certification. All you need is this and the syllabus.
  • โ€‹Cisco CCNA - An incredibly popular exam that covers networking fundamentals, IP services, security fundamentals, automation and programmability. While the newer version has expanded to include more topics, it still is the golden standard for understanding basic networking.

Infrastructure and System Administration

Specialized/Soft Skills

Cloud

  • โ€‹CompTIA Cloud + - Learn the basics skils to deploy, optimize, and protect mission critical applications and data storage. The next step beyond this should be to focus on certs for the cloud platform of your choice.
  • โ€‹ISC2 CCSP - Advanced Cloud Security certification focusing on technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures.
  • โ€‹GIAC Cloud Security Essentials (GCLD) - The GCLD certification validates a practitioner's ability to implement preventive, detective, and reactionary techniques to defend valuable cloud-based workloads.
  • โ€‹GIAC Cloud Security Automation (GCSA) - The GCSA certification covers cloud services and modern DevSecOps practices that are used to build and deploy systems and applications more securely.
  • โ€‹GIAC Certified Web Application Defender (GWEB) - The GIAC Web Application Defender certification allows candidates to demonstrate mastery of the security knowledge and skills needed to deal with common web application errors that lead to most security problems. The successful candidate will have hands-on experience using current tools to detect and prevent input validation flaws, cross-site scripting (XSS), and SQL injection as well as an in-depth understanding of authentication, access control, and session management, their weaknesses, and how they are best defended.
  • โ€‹GIAC Public Cloud Security (GPCS) - The GPCS certification validates a practitioner's ability to secure the cloud in both public cloud and multi cloud environments. GPCS-certified professionals are familiar with the nuances of AWS, Azure, and GCP and have the skills needed to defend each of these platforms.

Blue Team Certifications

Defensive Operations

  • โ€‹CompTIA Security + - Security+ is the first security certification a candidate should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs.
    • โ€‹Exam Objectivesโ€‹
    • Professor Messer Videos: Security + - Absolute gold for free videos for this certification. All you need is this and the syllabus.
  • โ€‹CompTIA CYSA+ - Learn how to proactively capture, monitor, and respond to network traffic findings, as well as better understand software and application security, automation, threat hunting, and IT regulatory compliance, which affects the daily work of security analysts.
  • โ€‹CompTIA CASP - An advanced-level cybersecurity certification for security architects and senior security engineers charged with leading and improving an enterpriseโ€™s cybersecurity readiness.
  • โ€‹Cisco CyberOps Associate - The Cisco Certified CyberOps Associate certification validates your skills and knowledge in security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures.
    • โ€‹Cisco CyberOps Professional - The next level past the associate exam, expanding to include greater detail of the above topics, as well as Incident Response and Digital Forensics.
  • โ€‹EC Council Certified Network Defender (CND) - Certified Network Defender v2 has been designed by industry experts to help IT Professionals play an active role in the Protection of digital business assets and Detection and Response to Cyber Threats, while leveraging Threat Intelligence to Predict them before they happen. CND is a network security course designed to help organizations create and deploy the most comprehensive network defense system.
  • โ€‹EC Council Certified SOC Analyst - The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.
  • โ€‹GIAC Information Security Fundamentals (GISF) -The GIAC Information Security Fundamentals (GISF) certification validates a practitioner's knowledge of security's foundation, computer functions and networking, introductory cryptography, and cybersecurity technologies.
    • โ€‹GIAC Certified Enterprise Defender (GCED) - The GIAC Certified Enterprise Defender (GCED) certification builds on the security skills measured by the GIAC Security Essentials certification. It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. GCED certification holders have validated knowledge and abilities in the areas of defensive network infrastructure, packet analysis, penetration testing, incident handling and malware removal.
  • โ€‹GIAC Security Essentials (GSEC) - The GIAC Security Essentials (GSEC) certification validates a practitioner's knowledge of information security beyond simple terminology and concepts. GSEC certification holders are demonstrating that they are qualified for hands-on IT systems roles with respect to security tasks.
  • โ€‹GIAC Security Operations Certified (GSOC) - The GSOC certification validates a practitionerโ€™s ability to defend an enterprise using essential blue team incident response tools and techniques.
  • โ€‹GIAC Continuous Monitoring Certification (GMON) - The GIAC Continuous Monitoring (GMON) certification validates a practitioner's ability to deter intrusions and quickly detect anomalous activity. GMON certification holders have demonstrated knowledge of defensible security architecture, network security monitoring, continuous diagnostics and mitigation, and continuous security monitoring.
  • โ€‹Blue Team Level 1 - New to the certification scene, Security Blue Team has created a certification aimed at new or aspiring infosec professionals. This certification course will teach: Analysing and responding to phishing attacks, Performing forensics investigations to collect and analyse digital evidence, Using a SIEM platform to investigate malicious activity, Log and network traffic analysis including malware infections, Conducting threat actor research, and much more!
  • โ€‹Blue Team Level 2 - BLT2 is the next step for security training from the Security Blue Team. This certification course will teach how to: Identify, analyze, prioritize, and remediate vulnerabilities to effectively reduce risk, Conduct static and dynamic malware analysis to gather indicators of compromise and document details of the malwareโ€™s purpose and utilized techniques, Writing SIEM detection rules and tuning them to ensure theyโ€™re as efficient as possible by conducting adversary emulation activities, and Perform threat hunts to detect adversaries that have already breached the perimeter.
  • โ€‹Offensive Security Defense Analyst: OSDA - Learn the foundations of cybersecurity defense with Offensive Securityโ€™s new Security Operations and Defensive Analysis (SOC-200) course designed for job roles such as Security Operations Center (SOC) Junior Analysts and Threat Hunters.
  • โ€‹eLearn Security Web Defense Professional (eWDP) - The eLearnSecurity Web Defense Professional (eWDP) is a senior-level, practical web defense certification that proves a cyber security professionalโ€™s defense domain capabilities.

Security Architecture/Engineering

  • โ€‹Cisco CCNP: Security - Focusing more on the security engineering side, this certification focuses on the management of cisco security products such as thier Next-Gen Firewall and IDS.
  • โ€‹GIAC Defensible Security Architecture (GDSA) - The GDSA certification proves that practitioners can design and implement an effective combination of network-centric and data-centric controls to balance prevention, detection, and response.
  • โ€‹GIAC Certified Intrusion Analyst (GCIA) - The GIAC Intrusion Analyst certification validates a practitioner's knowledge of network and host monitoring, traffic analysis, and intrusion detection. GCIA certification holders have the skills needed to configure and monitor intrusion detection systems, and to read, interpret, and analyze network traffic and related log files.
  • โ€‹GIAC Certified Detection Analyst (GCDA) - The GCDA certification proves an individual knows how to collect, analyze, and tactically use modern network and endpoint data sources to detect malicious or unauthorized activity.
  • โ€‹eLearn Security Network Defense Professional (eNDP) - The eLearn Security Network Defense Professional (eNDP) certification is issued to security engineers that provide proof of their hands-on skills through a comprehensive practical exam.

DFIR: Digital Forensics and Incident Response

  • โ€‹EC Council Certified Hacking Forensics Investigator (CHFI) - CHFI provides its attendees with a firm grasp of digital forensics, presenting a detailed and methodological approach to digital forensics and evidence analysis that also pivots around Dark Web, IoT, and Cloud Forensics. The tools and techniques covered in this program will prepare the learner for conducting digital investigations using ground-breaking digital forensics technologies.
  • โ€‹EC Council Certifid Incident Handler (CIH) - A comprehensive specialist-level program that imparts knowledge and skills that organizations need to effectively handle post breach consequences by reducing the impact of the incident, from both a financial and a reputational perspective.
  • โ€‹GIAC Certified Incident Handler (GCIH) - The GIAC Incident Handler certification validates a practitioner's ability to detect, respond, and resolve computer security incidents using a wide range of essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.
  • โ€‹GIAC Certified Forensic Examiner (GCFE) - The GIAC Certified Forensic Examiner (GCFE) certification validates a practitionerโ€™s knowledge of computer forensic analysis, with an emphasis on core skills required to collect and analyze data from Windows computer systems. GCFE certification holders have the knowledge, skills, and ability to conduct typical incident investigations including e-Discovery, forensic analysis and reporting, evidence acquisition, browser forensics and tracing user and application activities on Windows systems.
  • โ€‹GIAC Battlefield Forensics and Acquisition (GBFA) - The GBFA certification demonstrates that an individual is trained and qualified in the proper collection, acquisition, and rapid triage analysis of many forms of data storage.
  • โ€‹eLearn Security Certified Incident Responder - The eLearnSecurity Certified Incident Responder (eCIR) exam challenges cyber security professionals to solve complex Incident Handling & Response scenarios in order to become certified.
  • โ€‹eLearn Security Certified Digital Forensics Professional (eCDFP) - The eLearnSecurity Certified Digital Forensics Professional (eCDFP) is an advanced digital forensics exam meant for senior-level cyber security professionals. A successful certification allows digital forensics investigators to prove their technical digital forensics expertise.

Reverse Engineering/Malware Analysis

  • โ€‹eLearn Security Certified Reverse Engineer (eCRE) - A defensive certification focused on understanding CPU architecture, stack basics, window's APIs, and application disassembly.
  • โ€‹eLearn Security Certified Malware Analysis Professional (eCMAP) - This certification is the most practical and professionally-oriented certification you can obtain in malware analysis. Instead of putting you through a series of multiple-choice questions, you are expected to perform a full analysis on a given malware sample, show proof of what the malware does, and finally write a signature that could be used to detect the malware sample on other systems or networks.
  • โ€‹GIAC Reverse Engineering Malware (GREM) - The GIAC Reverse Engineering Malware (GREM) certification is designed for technologists who protect the organization from malicious code. GREM-certified technologists possess the knowledge and skills to reverse-engineer malicious software (malware) that targets common platforms, such as Microsoft Windows and web browsers.

Cyber Threat Intelligence

  • โ€‹EC Council Certified Threat Intelligence Analyst (CTIA) - CTIA is a method-driven threat intelligence program that uses a 360-degree approach, covering concepts from planning to building a threat intelligence report for pre-emptive threat detection and preventive measures.
  • โ€‹GIAC Open Source Intelligence (GOSI) - The GOSI certification confirms that practitioners have a strong foundation in OSINT methodologies and frameworks and are well-versed in data collection, reporting, and analyzing targets.
  • โ€‹GIAC Cyber Threat Intelligence (GCTI) - The GCTI certification proves practitioners have mastered strategic, operational, and tactical cyber threat intelligence fundamentals and application.

Threat Hunting

  • โ€‹eLearn Security Certified Threat Hunting Professional (eCTHP) - eLearnSecurityโ€™s Certified Threat Hunting Professional is an expert-level certification that proves your threat hunting and threat identification capabilities. Students are tested through real-world scenarios modeled after cutting-edge malware that simulates corporate network vulnerabilities.
  • โ€‹GIAC Certified Forensic Analyst (GCFA) - The GCFA certifies that candidates have the knowledge, skills, and ability to conduct formal incident investigations and handle advanced incident handling scenarios, including internal and external data breach intrusions, advanced persistent threats, anti-forensic techniques used by attackers, and complex digital forensic cases.
  • โ€‹GIAC Network Forensic Analyst (GNFA) - The GIAC Network Forensic Analyst (GNFA) certification validates a practitioner's ability to perform examinations employing network forensic artifact analysis. GNFA certification holders have demonstrated an understanding of the fundamentals of network forensics, normal and abnormal conditions for common network protocols, processes and tools used to examine device and system logs, and wireless communication and encrypted protocols.

Red Team Certifications

  • โ€‹CompTIA Pentest + - A comprehensive certification that covers hands-on vulnerability assessment, scanning, and analysis, as well as the planning, scoping, and managing asset weaknesses, not just exploiting them.
  • โ€‹EC Council Certified Ethical Hacker (CEH) - Certified Ethical Hacker CEH v11 will teach you the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals to lawfully hack an organization.
  • โ€‹EC Council Certified Penetration Testing Professional (CPENT) - This program teaches you how to perform an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. The heart of the CPENT program is all about helping you master your pen testing skills by putting them to use on our live cyber ranges.
  • โ€‹EC Council Licensed Penetration Tester (LPT) - The course is designed to show advanced concepts like advanced windows attacks, attacking IoT systems, and writing exploits with advanced binary exploitation to go beyond flat networks. You will learn to bypass a filtered network, pentest OT systems, access hidden networks with pivoting, double pivot, escalate privilege, and evade defense mechanisms.
  • โ€‹GIAC Penetration Tester (GPEN) - The GIAC Penetration Tester certification validates a practitioner's ability to properly conduct a penetration test, using best practice techniques and methodologies. GPEN certification holders have the knowledge and skills to conduct exploits and engage in detailed reconnaissance, as well as utilize a process-oriented approach to penetration testing projects.
  • โ€‹GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)โ€‹ - The GIAC Exploit Researcher and Advanced Penetration Tester certification validates a practitioner's ability to find and mitigate significant security flaws in systems and networks. GXPN certification holders have the skills to conduct advanced penetration tests and model the behavior of attackers to improve system security, and the knowledge to demonstrate the business risk associated with these behaviors.

Wireless Security Testing

  • โ€‹Offensive Security Wireless Professional: (OSWP) - In PEN-210, students will learn to identify vulnerabilities in 802.11 networks and execute organized attacks. Each student will set up a home lab to practice the techniques learned in this online, self-paced course.
  • โ€‹GIAC Assessing and Auditing Wireless Networks (GAWN) - The GAWN certification is designed for technologists who need to assess the security of wireless networks. The certification focuses on the different security mechanisms for wireless networks, the tools and techniques used to evaluate and exploit weaknesses, and techniques used to analyze wireless networks. Students will not only gain experience using tools to assess wireless networks, they will understand how the tools operate and the weaknesses in protocols that they evaluate.

Exploit Development

  • โ€‹Offensive Security Exploit Developer: (OSED) - Windows User Mode Exploit Development (EXP-301) is an intermediate-level course which teaches students the fundamentals of modern exploit development. It starts with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises.
  • โ€‹Offensive Security macOS Researcher: (OSMR) - EXP-312 is an advanced course that teaches the skills necessary to bypass security controls implemented by macOS, and exploit logic vulnerabilities to perform privilege escalation on macOS systems.
  • โ€‹Offensive Security Exploitation Expert: (OSEE) - Modern exploits for Windows-based platforms require modern bypass methods to circumvent Microsoftโ€™s defenses. In Advanced Windows Exploitation (EXP-401), OffSec challenges students to develop creative solutions that work in todayโ€™s increasingly difficult exploitation environment.
  • โ€‹eLearn Security Certified eXploit Developer (eCXD) - The eLearnSecurity Certified eXploit Developer (eCXD) tests a studentโ€™s capabilities on Windows and Linux exploit development and software vulnerability identification in general. Exploit developers can prove their advanced skills through a challenging, scenario-based exam that requires both knowledge and critical thinking.

Web App Testing

Cloud Pen Testing

  • โ€‹GIAC Cloud Penetration Tester (GCPN) - The GCPN certification validates a practitioner's ability to conduct cloud-focused penetration testing and assess the security of systems, networks, architecture, and cloud technologies.

Tool Specific Certifications and Training